Browse > Home / Legal matters

Google: Visits to Paris Likely to Increase

April 22, 2022

In the unlikely publication for me, Adweek published an interesting story: “French Sites Ordered to Stop Using Google Analytics Is Just the Beginning.” That title seems ominous. The election excitement is building, but the actions of Commission  Nationale de l’informatique et des Libertés is likely to grind forward regardless of who wins what. The Adweek write up states:

…the French data watchdog—Commission Nationale de l’informatique et des libertés (CNIL)—ordered three French websites to stop using audience analytics site Google Analytics, deeming the site to be illegal under the General Data Protection Regulation.

The article adds:

This means that companies based in Europe using Google Analytics—which reads cookies that are dropped on peoples’ browsers when they visit a site to gauge whether they are a new or returning user—were shipping people’s personal information to the U.S.

Are Google Analytics a problem for CNIL? Probably not for the agency, but the CNIL seems poised to become a bit of a sticky wicket for Googzilla. After years of casual hand slapping, an era of RBF (really big fines) may be beginning. Google executives might find that CNIL can make a call to a fancy Parisian hotel and suggest that the Googlers be given rooms with a less salubrious location, tired decorations, and questionable plumbing. Mais oui! C’est domage.

On a positive note, Google is taking action itself. Privacy, security, fraud — well, sort of. “Google Sues Scammer for Puppy Fraud” reports:

The complaint … accuses Nche Noel of Cameroon of using a network of fake websites, Google Voice phone numbers, and Gmail accounts to pretend to sell purebred basset hound puppies to people online.

And the conduit for these alleged untoward actions? Google. Now how did Google’s smart software overlook fake websites, issue Google Voice numbers, and permit Gmail accounts used for the alleged bad puppy things? Nope. AARP connected with Googzilla. Yeah, smart software? Nope.

Stephen E Arnold, April 22, 2022

Written by Stephen E. Arnold · Filed Under Google, Legal matters, News, Privacy | Comments Off on Google: Visits to Paris Likely to Increase 

The Value of the NSO Group? Probably More Than Zero

April 19, 2022

The Financial Times published “NSO Group Deemed Valueless to Private Equity Backers.” The orange newspaper stated that a consulting firm studied the intelware outfit and provided information with this startling number. There’s a legal dust up underway, and my hunch is that legal eagles will flock to this situation: Alleged misuse of the Pegasus system, financial investments, and the people involved in assorted agreements. The story points out that NSO Group is “not a party” to this particular lawsuit. The folks funding the legal eagles are a consulting outfit called Berkeley Research Group. An outfit called Novalpina Capital convinced some to put money into the cyber gold mine. Then the PR spotlight illuminated NSO Group and a torrent flowed downhill knocking down some once impregnable structures. Plus the FT’s article references to an outfit called Integrity Partners who, according to the Financial Times, are willing to buy NSO Group for several hundred million dollars. Is this a good deal? In my opinion, something is better than zilch.

An unnamed NSO Group spokesperson indicated that the NSO Group’s system was of interest to many customers. If this is true, wasn’t the most recent license deal inked in mid 2021 for the platform? My thought is that the company’s proprietary technology would be of interest to other intelware firms interested in obtaining the licensee base and the platform which might benefit from newer, more sophisticated geo-spatial functionality which I will describe in my OSINT lecture at the US National Cyber Crime Conference on April 26, 2022. Sorry, the info is not for a free blog, gentle reader.

In my opinion, the referenced write up presents a fairly chaotic snapshot of the players, the valuation, and the legal trajectory for this matter. We need to bear in mind that NSO Group is hitting up the US Supreme Court and dealing with its Tim Apple issues.

One thing is crystal clear to me: The NSO Group’s misstep is now sending out concentric pulses which are extremely disruptive to entities rarely in the public spotlight. This is unfortunate and underscores why the Silicon Valley Tel Aviv style is not appreciated in some upscale social circles.

Stephen E Arnold, April 19, 2022

Written by Stephen E. Arnold · Filed Under Financial, intelware, Legal matters, News | Comments Off on The Value of the NSO Group? Probably More Than Zero 

Does Apple Have a High School Management Precept: We Are Entitled Because We Are Smarter Than You

April 19, 2022

The story “Ex-Apple Employee Takes Face ID Privacy Complaint to Europe” contains information about an Apple employee’s complaint to the “privacy watchdogs outside the US.” I have no insight into the accuracy or pervasiveness of Apple’s alleged abuses of privacy. The write up states:

Gjøvik [the former Apple employee blowing the privacy horn] urges the regulators to “investigate the matters I raised and open a larger investigation into these topics within Apple’s corporate offices globally”, further alleging: “Apple claims that human rights do not differ based on geographic location, yet Apple also admits that French and German governments would never allow it to do what it is doing in Cupertino, California and elsewhere.”

What I find interesting is that employees who go to work for a company with trade secrets is uncomfortable with practices designed to maintain secrecy. When I went to work for a nuclear engineering company, I understood what the products of the firm could do. Did I protest the risks some of those products might pose? Nope. I took the money and talked about computers and youth soccer.

Employees who sign secrecy agreements (the Snowden approach) and then ignore them baffle me. I think I understand discomfort with some procedures within a commercial enterprise. A new employee often does not know how to listen or read between the lines of the official documents. My view is that an employee who finds an organization a bad fit should quit. The litigation benefits attorneys. I am not confident that the rulings will significantly alter how some companies operate. The ethos of an organization can persist even as the staff turns over and the managerial wizards go through the revolving doors.

As the complaint winds along, the legal eagles will benefit. Disenchanted employees? Perhaps not too much. The article makes clear that when high school science club management precepts are operational, some of the managers’ actions manifest hubris and a sense of entitlement. These are admirable qualities for a clever 16 year old. For a company which is altering the social fabric of societies, those high school concepts draw attention to what may be a serious flaw. Should companies operate without meaningful consequences for their systems and methods? Sure. Why not?

Stephen E Arnold, April 19, 2022

Written by Stephen E. Arnold · Filed Under Legal matters, Management, News, Privacy | Comments Off on Does Apple Have a High School Management Precept: We Are Entitled Because We Are Smarter Than You 

TikTok: A Murky, Poorly Lit Space

April 15, 2022

TikTok, according to its champions, is in the words of Ernie (Endurance) Hemingway:

You do not understand. This is a clean and pleasant café. It is well lighted. (Quote from “A Clean, Well-Lighted Place”)

No, I understand. If the information in “TikTok under US Government Investigation on Child Sexual Abuse Material” is on the money, the Department of Justice and the US Department of Homeland Security, TikTok may not be a “clean and pleasant café.”

The paywalled story says that TikTok is a digital watering hole for bad actors who have an unusually keen interest in young people. The write up points out that TikTok is sort of trying to deal with its content stream. However, there is the matter of a connection with China and that country’s interest in metadata. Then there is the money which just keeps flowing and growing. (Facebook and Google are now breathing TikTok’s diesel exhaust. Those sleek EV-loving companies are forced to stop and recharge as the TikTok tractor trailer barrels down the information highway.

For those Sillycon Valley types who see TikTok as benign, check out some of TikTok’s offers to young people. Give wlw a whirl. Oh, and the three letters work like a champ on YouTube. Alternatively ask some young people. Yeah, that’s a super idea, isn’t it. Now about unclean, poorly illuminated digital spaces.

Stephen E Arnold, April 15, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, Government, Legal matters, News, Video | Comments Off on TikTok: A Murky, Poorly Lit Space 

NSO Group to US Supreme Court: Help!

April 14, 2022

The “real news” outfit the Associated Press ran an article called “NSO Turns to US Supreme Court for Immunity in WhatsApp Suit.” The main idea is that Zuckbook’s lawsuit has to go away. The legal dust up dates from 2019. Zuckbook alleges that NSO Group zapped more than 1,000 users of WhatsApp, a popular instant messaging service. WhatsApp delivers alleged end to end encrypted messaging (EE2E). Intercepting content WhatsApp users think is secure can deliver some high value intelligence if available to certain professionals. NSO Group’s idea is that it is a “foreign government agent.” As such, NSO Group cannot be hassled for its specialized software and services. Why is the issue at the US Supreme Court? The answer is that in previous legal proceedings, federal court rulings said, “Sorry. Zuckbook’s case goes forward.”

I am no attorney, but the sovereign immunity angle sounds good: Intelware, used by some US allies, and good at what it does. The reasoning of the courts is that the NSO Group is not going to get the sovereign “get out of jail free” card in this Monopoly game. Why? According to the information in the write up, NSO Group is software, not an “agent.”

Three observations:

  1. NSO Group is hoping the third time is a charm in US courts it seems.
  2. The company just cannot stay out of the newsfeeds. Maybe its management team should start a PR firm.
  3. The Supreme Court can be picky about what it takes on and when it does accept a case, the outcome can be surprising, very surprising.

Net net: The intelware sector is likely to find itself under more intense scrutiny as the endless barrage of NSO Group publicity flows.

Stephen E Arnold, April 14, 2022

Written by Stephen E. Arnold · Filed Under intelware, Legal matters, News | Comments Off on NSO Group to US Supreme Court: Help! 

NSO Group Update: Surprise! We Knew Zippo

April 13, 2022

I find it interesting that Reuters in the midst of a war, a Covid thing, and economic craziness has the desire to recycle themes about the NSO Group. “Exclusive: Senior EU Officials Were Targeted with Israeli Spyware” reports that the intelware vendor is still snagged in brambles. The news story reports that Reuters’ reporters reviewed some documents which apparently reveal more interesting applications of Pegasus and possibly other specialized services provided by the Israeli company. The alleged spying popped up as a note from the very big, very privacy talking outfit Apple. I think it would be unnerving to receive a notice like “you may be targeted” instead of “Confirm your Apple payment information.”

The trusted news source (yes, that would be Thomson Reuters) included a statement from NSO Group that suggested the firm’s specialized software was not able to perform alleged spying on EU officials. The story points out that examination of mobile devices did not reveal a smoking gun or smoking bits as it were.

Several observations:

  • Real journalists from Thomson Reuters are watching NSO Group and information about the firm. I interpret this attention to mean, “More stories about NSO Group will be coming down the information highway.”
  • NSO Group continues to point out that the company is mostly in the dark when these allegations become real news.
  • Legal eagles will flock and frolic in Brussels and then take off, head east, and drop bundles of assorted legal documents on the individuals still working at NSO Group.
  • NSO Group will get a lot of booth traffic at the ISS Telestrategies Conference in Prague in a few weeks.

Net net: The amping up of public information about NSO Group in particular and intelware in general is not helpful to a number of agencies and companies. (I spoke with a US vendor of intelware as part of the research for my Spring lectures. A spokesperson for the company said on a Zoom call, “Please, do not mention our firm to those in your law enforcmeent audiences.” The reason: The company wants to sell to marketing firms, not government agencies. Too much risk.)

Stephen E Arnold, April 13, 2022

Written by Stephen E. Arnold · Filed Under intelware, Legal matters, News | Comments Off on NSO Group Update: Surprise! We Knew Zippo 

Is Tim Apple Worried: How Can Regulators Ignore What Apple Wants?

April 13, 2022

I know Apple and Tim are important. Fresh from a right to repair campaign and the cute move to make upgrades to the new and improved Mac Mini Studio, Tim Apple faces a poor report card. Tim Apple has failed Apple’s employee-acolyte examination. “Apple’s Tim Cook Warns of Unintended Consequences in App Store Antitrust Legislation” reports:

Apple CEO Tim Cook blasted regulatory proposals by Congress and in the European Union on Tuesday, arguing that legislation aimed at cracking open the company’s app store will hurt user security and privacy.

Are we talking Apple stalker gizmos? (This is my synonym for the Apple AirTag. Please, see “Apple AirTags Allegedly Being Used by Stalkers: Viral Twitter Thread.”

Nope. The idea that elected officials want to permit sideloading.

Let me translate: If an iPhone user wants to load an application without going through Apple’s online store, bad things will happen. Remember the good, old days of buying software in a box and installing it. That’s sideloading in my book.

Are we talking Apple compliance with rules in China and Russia (pre-Ukraine, of course)?

The write up continues:

Former top national security officials have sided with Apple, saying that requiring iPhones to accept apps that may lack sufficient security protections could ultimately endanger the country.

Are we talking Apple’s often decidedly un-snappy response to legitimate government requests? Nope. We are talking national security and the unnamed terrible things waiting to roar down the on ramp of the information highway to deliver (my goodness!) unintended consequences.

Several observations:

  1. Tense much, Mr. Apple?
  2. Are we talking about AirTags?
  3. Concerned about losing a revenue stream?
  4. Worried about regulation after decades of riding horses hard in the digital Wild West?

I would prefer more action related to the personnel issues which are smoking on the burning brush at the spaceship.

Stephen E Arnold, April 13, 2022

Written by Stephen E. Arnold · Filed Under Government, Legal matters, News | Comments Off on Is Tim Apple Worried: How Can Regulators Ignore What Apple Wants? 

NSO Group Knock On: More Attention Directed at Voyager Labs?

April 12, 2022

Not many people know about Voyager Labs, its different businesses, or its work for some government entities. From my point of view, that’s how intelware and policeware vendors should conduct themselves. Since the NSO Group’s missteps have fired up everyone from big newspaper journalists to college professors, the once low profile world of specialized software and services has come to center stage. Unfortunately most of the firms providing these once secret specialized functions are, unlike Tallulah Bankhead, ill prepared for the rigors of questions about chain smoking and a sporty life style. Israeli companies in the specialized software and services business are definitely not equipped for criticism, exposure, questioning by non military types. A degree in journalism or law is interesting, but it is the camaraderie of a military unit which is important. To be fair, this “certain blindness” can be fatal. Will NSO Group be able to survive? I don’t know. What I do know is that anyone in the intelware or policeware game has to be darned careful. The steely gaze, the hardened demeanor, and the “we know more than you do” does not play well with an intrepid reporter investigating the cozy world of secretive conferences, briefings at government hoe downs, or probing into private companies which amass user data from third-party sources for reselling to government agencies hither and yon.

Change happened.

I read “On the Internet, No One Knows You’re a Cop.” The author of the article is Albert Fox-Cahn, the founder and director of STOP. Guess what the acronym means? Give up. The answer is: The Surveillance Technology Oversight Project.

Where does this outfit hang its baseball cap with a faded New York Yankees’ emblem? Give up. The New York University Urban Justice Center. Mr. Fox-Cahn is legal type, and he has some helpers; for example, fledgling legal eagles. (A baby legal eagle is technically eaglets or is it eaglettes. I profess ignorance.) This is not a Lone Ranger operation, and I have a hunch that others at NYU can be enjoined to pitch in for the STOP endeavor. If there is one thing college types have it is an almost endless supply of students who want “experience.” Then there is the thrill of the hunt. Eagles, as you know, have been known to snatch a retired humanoid’s poodle for sustenance. Do legal eagles enjoy the thrill of the kill, or are they following some protein’s chemical make up?

The write up states:

Increasingly, internet surveillance is operating under our consent, as police harness new software platforms to deploy networks of fake accounts, tricking the public into giving up what few privacy protections the law affords. The police can see far beyond what we know is public on these platforms, peaking behind the curtains at what we mean to show and say only to those closest to us. But none of us know these requests come from police, none of us truly consent to this new, invasive form of state surveillance, but this “consent” is enough for the law, enough for the courts, and enough to have our private conversations used against us in a court of law.

Yeah, but use of public data is legal. Never mind, I hear an inner voice speaking for the STOP professionals.

The article then trots through the issues sitting on top of a stack of reports about actions that trouble STOP; to wit, use of fake social media accounts. The idea is to gin up a fake name and operate as a sock puppet. I want to point out that this method is often helpful in certain types of investigations. I won’t list the types.

The write up then describes Voyager Labs’ specialized software and services this way:

Voyager Labs claims to perceive people’s motives and identify those “most engaged in their hearts” about their ideologies. As part of their marketing materials, they touted retrospective analysis they claimed could have predicted criminal activity before it took place based on social media monitoring.

Voyager Labs’ information was disclosed after the Los Angeles government responded to a Brennan Center Freedom of Information Act request. If you are not familiar with these documents, you can locate at this link which I verified on April 9, 2022. Note that there are 10,000 pages of LA info, so plan on spending some time to locate the information of interest. If you want more information about Voyager Labs, navigate to the company’s Web site.

Net net: Which is the next intelware or policeware company to be analyzed by real news outfits and college professors? I don’t know, but the revelations do not make me happy. The knock on from the NSO Group’s missteps are not diminishing. It appears that there will be more revelations. From my point of view, these analyses provide bad actors with a road map of potholes. The bad actors become more informed, and government entities find their law enforcement and investigative efforts are dulled.

Stephen E Arnold, April 12, 2022

Written by Stephen E. Arnold · Filed Under Government, intelware, law enforcement, Legal matters, News, Policeware | Comments Off on NSO Group Knock On: More Attention Directed at Voyager Labs? 

Why Be Like ClearView AI? Google Fabs Data the Way TSMC Makes Chips

April 8, 2022

Machine learning requires data. Lots of data. Datasets can set AI trainers back millions of dollars, and even that does not guarantee a collection free of problems like bias and privacy issues. Researchers at MIT have developed another way, at least when it comes to image identification. The World Economic Forum reports, “These AI Tools Are Teaching Themselves to Improve How they Classify Images.” Of course, one must start somewhere, so a generative model is first trained on some actual data. From there, it generates synthetic data that, we’re told, is almost indistinguishable from the real thing. Writer Adam Zewe cites the paper‘s lead author Ali Jahanian as he emphasizes:

“But generative models are even more useful because they learn how to transform the underlying data on which they are trained, he says. If the model is trained on images of cars, it can ‘imagine’ how a car would look in different situations — situations it did not see during training — and then output images that show the car in unique poses, colors, or sizes. Having multiple views of the same image is important for a technique called contrastive learning, where a machine-learning model is shown many unlabeled images to learn which pairs are similar or different. The researchers connected a pretrained generative model to a contrastive learning model in a way that allowed the two models to work together automatically. The contrastive learner could tell the generative model to produce different views of an object, and then learn to identify that object from multiple angles, Jahanian explains. ‘This was like connecting two building blocks. Because the generative model can give us different views of the same thing, it can help the contrastive method to learn better representations,’ he says.”

Ah, algorithmic teamwork. Another advantage of this method is the nearly infinite samples the model can generate, since more samples (usually) make for a better trained AI. Jahanian also notes once a generative model has created a repository of synthetic data, that resource can be posted online for others to use. The team also hopes to use their technique to generate corner cases, which often cannot be learned from real data sets and are especially troublesome when it comes to potentially dangerous uses like self-driving cars. If this hope is realized, it could be a huge boon.

This all sounds great, but what if—just a minor if—the model is off base? And, once this tech moves out of the laboratory, how would we know? The researchers acknowledge a couple other limitations. For one, their generative models occasionally reveal source data, which negates the privacy advantage. Furthermore, any biases in the limited datasets used for the initial training will be amplified unless the model is “properly audited.” It seems like transparency, which somehow remains elusive in commercial AI applications, would be crucial. Perhaps the researchers have an idea how to solve that riddle.

Funding for the project was supplied, in part, by the MIT-IBM Watson AI Lab, the United States Air Force Research Laboratory, and the United States Air Force Artificial Intelligence Accelerator.

Cynthia Murrell, April 8, 2022

Written by Stephen E. Arnold · Filed Under AI, Business process, Financial, Legal matters, News | Comments Off on Why Be Like ClearView AI? Google Fabs Data the Way TSMC Makes Chips 

Google: Pesky Memories of the Past

April 7, 2022

We suppose some people will never understand or accept Googley ways of working. Namely European regulators. Similarly, Google may never accept the EU has any authority over its business practices. TechCrunch reports, “Google Sued in Europe for $2.4BN in Damages Over Shopping Antitrust Case.” Writer Natasha Lomas reveals:

“Google is being sued in Europe on competition grounds by price comparison service PriceRunner which is seeking at least €2.1 billion (~2.4 billion) in damages. The lawsuit accuses Google of continuing to breach a 2017 European Commission antitrust enforcement order against Google Shopping. As well as fining Google what was — at the time — a record-breaking antitrust penalty (€2.42 billion), the EU’s competition division ordered the search giant to cease illegal behaviors, after finding it Google giving prominent placement to its own shopping comparison service while simultaneously demoting rivals in organic search results.”

But cease those behaviors it did not, though it made a gesture or two in that direction. Meanwhile, according to Sky News, Google tried to sidestep the ruling with fake comparison sites packed with ads for their clients’ products running alongside the Google Shopping box. Very creative. The platform also continues to run product search ads alongside general search results. Apparently, PriceRunner decided five years of flouting the enforcement order was enough. The write-up continues:

“PriceRunner’s lawsuit alleges Google has continued to violate competition law in relation to product search, as well as seeking compensation for historical infringements that have allowed Google to reap revenue at rivals’ expense. To back up its allegations, the search comparison company points to a study conducted by accountancy company, Grant Thornton, which it says found prices for offers shown in Google’s own comparison shopping service can be 16-37% higher for popular categories like clothes and shoes, and between 12-14% higher for other types of products vs rival price comparison services.”

Many of our readers will not be surprised to learn Google search continues to dominate in Europe. It maintains a greater than 90% market share in most of the European Economic Area and in the U.K. Nevertheless, PriceRunner is prepared to fight for many years, if necessary, with help from litigation funder Nivalion. We shall see whether the suit gets anywhere, but either way we suspect Google will continue with business as usual.

Cynthia Murrell, April 7, 2022

Written by Stephen E. Arnold · Filed Under Google, Legal matters, News | 1 Comment 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta