> "Like, yeah, blame the UAE mostly for this but let's also have a discussion about why this was sold to anyone who would pay with no oversight at all. Western countries need to do better."
The UK itself is one of the largest weapon exporters in the world, exporting to many countries in the Middle East with dubious human rights track records. The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell (if they could, nobody would be buying):
A private Israeli company is exporting weapons to the same countries the UK does, and when those weapons get used inappropriately, you're then "surprised this isn't a major diplomatic incident between the UK and Israel".
By the same account, are you suggesting that there should be a major diplomatic incident between every country in the world and the UK/USA every time they catch terrorists somewhere around the world using either UK/USA built-or-designed firearms?
There wouldn't be any diplomatic relationships left then:
The difference is NSO control the Pegasus servers. They know who is using their tools and who is being targeted. This isn’t the same as untraced weapons.
I'm not challenging your assertion, I'm genuinely looking for backing evidence here. Do you have evidence that NSO knows who is being targeted by the tools they sell?
Could you please point out where exactly in this 69 minute podcast do they talk about NSO knowing who exactly is being targeted at any given moment, and what proof is there to back these claims? Could you perhaps quote the transcript?
This is a 69 minutes podcast episode, I'm not in a position to listen to all of it and try and pick out the relevant details. A lot of links are provided, but again - which of those are relevant here? Skimmed through some of them, and they don't even touch on this specific issue at-all?
As I've mentioned before, I'm not challenging your assertions - I'm looking for credible proof that NSO can tell, at any given moment, which specific people are being targeted by the clients/governments to which NSO is licensing its' software.
According to WhatsApp’s filing, NSO gained “unauthorised access” to its servers by reverse-engineering the messaging app and then evading the company’s security features that prevent manipulation of the company’s call features. One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO.
NSO has said in legal filings that it has no insight into how government clients use its hacking tools, and therefore does not know who governments are targeting.
But one expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp on the case, said NSO’s control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted.
“Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say,” Scott-Railton said.
In a statement to the Guardian, NSO stood by its earlier remarks. “Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients,” the company said. “Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate.”
Adding to this, it's relatively trivial to have encrypted traffic transit your servers without the ability to actually view the traffic. This is basic stuff so I suspect you're not going to find the evidence from people who are citing podcasts...
Correct, and when traffic transits your servers you know where that traffic is coming from (i.e. the target). I found your last comment rude considering the podcast I citied is an interview with citizen lab researchers; the people who research Pegasus malware. The podcast website also contains sources that I also linked to above. It’s “basic stuff” to look into what someone posted before making a comment like yours.
How do you identify a target individual purely from source traffic metadata...? Sure, you can identify them if you've totally rooted a target's phone and uploads all the data such that NSO group can read it - my point is that NSO group could offer transit encryption so long as they haven't backdoored whatever client is being used.
The reason I bring that up is that it's precisely the service you might offer if you wanted more plausible deniability. I still don't consider this hugely complex stuff.
> The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell
You say that, but UK export law imposes a bunch of conditions, including that you're not knowingly facilitating resale to embargoed countries. And the legality of exports to Saudi Arabia has been litigated - it's legal, but only just.
> "You say that, but UK export law imposes a bunch of conditions, including that you're not knowingly facilitating resale to embargoed countries. And the legality of exports to Saudi Arabia has been litigated - it's legal, but only just."
Both the UK and Israel have export law, complete with conditions and legal frameworks for enforcement. It surely reduces the possibility of weapons ending up in the wrong hands, but it doesn't eliminate it completely. Regardless, it still doesn't imply that the manufacturers themselves or the jurisdictions they are incorporated in should somehow bear blanket responsibility for misuse.
Cyber-weapons and spying are particularly complex from this perspective, because it can be difficult to draw the lines on what constitutes as "misuse". Especially when the operator of the weapon is part of a government (a law-enforcement agency, for example), and when the victim is a citizen of a foreign jurisdiction.
With this out of the way, we're only really left with the "legal, but immoral" argument. I'm not going to argue against that (mainly because this is where things get very subjective and nuanced) - but I will say that the bar for holding an entire government accountable by invocation of "major diplomatic incidents" should be higher than that.
>The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell (if they could, nobody would be buying):
Oh, yes they would.
And they do.
Quite fucking happily, too.
The UK itself is one of the largest weapon exporters in the world, exporting to many countries in the Middle East with dubious human rights track records. The UK government can't possibly know what happens with every single pistol, bullet, missile or drone they sell (if they could, nobody would be buying):
[1] https://commonslibrary.parliament.uk/research-briefings/cbp-... [2] https://en.wikipedia.org/wiki/UK_arms_export
A private Israeli company is exporting weapons to the same countries the UK does, and when those weapons get used inappropriately, you're then "surprised this isn't a major diplomatic incident between the UK and Israel".
By the same account, are you suggesting that there should be a major diplomatic incident between every country in the world and the UK/USA every time they catch terrorists somewhere around the world using either UK/USA built-or-designed firearms?
There wouldn't be any diplomatic relationships left then:
[3] https://en.wikipedia.org/wiki/List_of_most-produced_firearms