Pegasus Spyware Should Be Banned, EU Data Agency Warns (bloomberg.com) 26
NSO Group's controversial Pegasus spyware should be banned in the European Union, the bloc's in-house privacy watchdog warned on Tuesday. From a report: "The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms," the European Data Protection Supervisor said in a statement on Tuesday. The warning comes amid increasing scrutiny of abuses of surveillance technologies meant to help intelligence and law enforcement agencies fight serious crime and terrorism. While the EU regulator doesn't make decisions for member countries, its influence at the top echelons of the bloc's institutions may encourage other authorities to crack down on surveillance software.
Reverse engineer it (Score:3)
Re: (Score:2)
This, shouldn't be rocket science to do it through a shell company. At the very least, you'd expect them to try to bait attackers into going after honeypot devices - set up a new regime-critical news outlet/activist organization with contact numbers tied to honeypot device SIMs, for example.
Re: (Score:1)
But they might have to violate a EULA!
Re: Reverse engineer it (Score:2)
Honestly if I knew someone in law enforcement with access to that kind of software, I would pay them to get me a copy and in a disconnected lab environment, I would reverse engineer or decompile it, and submit bug bounties to split with said LEO.
Re: Reverse engineer it (Score:2)
They only sell to government agencies.
Re: (Score:2)
Why bother with a country, when they could use partner up with an "Improvement District". The Walt Disney Co. is *already* its own government, with full force of law, in its Florida properties. The largest individual shareholder of Disney used to be a certain someone with the last name "Jobs." His widow has diversified her holdings; but the googles suggest she still owns about 5% of the mouse, possibly enough to demand a board seat.
If it were Steve, and he were on the same user privacy kick that Tim Cook
Re: (Score:2)
and to anyone who finds a torrent seed, (sarcasm, only partly)
A ban will have about as much effect as banning the distribution of that old DVD region-breaking key.
It will never be not used (Score:2)
A ban will just force it underground.
Re: (Score:1)
the law can not prevent... (Score:2)
You're only half right (Score:2)
The issue at hand is that the willful production and sale of exploits for the purpose of infecting devices that they and their customers do not provably own is not illegal within their operating jurisdiction.
The law cannot prevent any creation of hacking/malware technologies, but it can indeed prevent such creations from being born by the hands of a registered taxpaying company. In the US, for example, businesses are not permitted to acquire income from purposefully illegal means, and doing so voids the pro
Re: (Score:2)
Dangerous value signalling (Score:2)
National security agencies will of course be exempted, or exempt themselves regardless, which were the ones abusing it in the first place. So how does this help?
Killing development of these kinds of tools in the EU will just reduce EU know how without providing any privacy benefit.
Re: (Score:2)
1) It's "virtual signaling"
2) It would restrict it's sale in the EU. I'm not claiming it would be eliminated but it would be curtailed.
Killing development of these kinds of tools in the EU will just reduce EU know how without providing any privacy benefit.
You obviously don't realize that the difference between the red team and the blue team is who they are working for.
Ridiculous! (Score:3)
Obviously, they just need to require that Pegasus Spyware have a popup that informs the user of the information it's going to report and ask if they agree to sending it. I think people will be much more receptive to spyware that cares about the privacy of it's targets. ;)
You might as well ban stupidity in politics. (Score:2)
A much better solution would be to mandate minimum levels of trust in software, so as to make spyware much harder to write, and to improve network security, so as to make both the deployment and utilization of spyware that much harder. It won't eliminate spyware, but we can use economics to push the cost of that spyware above the cost of getting the same information via lawful methods.
Stuff like this is not going away... (Score:2)
Spyware like this is not going to go the way of the dodo, ever. And in the security world, if an attack happens, it will only happen again, as strong, if not stronger. Right now, we might know who has it, but realistically, there is spyware just as powerful, if not more likely owned by another group, well-heeled organization, or nation-state.
We need to focus on bugs, not going after the spyware, because NSO might be the bad thing one day, but there might be some bad organization who creates something just
Most Effective Option? (Score:3)
The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms
If this is "the most effective option", the we are doomed. It will not stop anybody from breaking the law, any state, or bad actor that wishes to break this law without hesitation, it will be for the good of the nation.
A more effective law would be punish manufactures for not fixing security bugs in a timely manner.
Yeah, right. (Score:2)
As is a government policy ever stopped anyone? Besides, there's absolutely zero chance that the countries that already own it would despose of it.
Regulate the actions not the tools. (Score:2)