Governments Call For Spyware Regulations In UN Security Council Meeting (techcrunch.com) 10
An anonymous reader quotes a report from TechCrunch: On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software -- also known as government or mercenary spyware -- has been discussed at the Security Council. The goal of the meeting, according to the U.S. Mission to the UN, was to "address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security." The United States and 15 other countries called for the meeting. While the meeting was mostly informal and didn't end with any concrete proposals, most of the countries involved, including France, South Korea, and the United Kingdom, agreed that governments should take action to control the proliferation and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.
John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by "a secretive global ecosystem of developers, brokers, middlemen, and boutique firms," which "is threatening international peace and security as well as human rights." Scott-Railton called Europe "an epicenter of spyware abuses" and a fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in the last few years.
Representatives of Poland and Greece, countries that had their own spyware scandals involving software made by NSO Group and Intellexa, respectively, also intervened. Poland's representative pointed at local legislative efforts to put "more control, including by the judiciary, on the relevant operational activities of the security and intelligence services," while also recognizing that spyware can be used in a legal way. "We are not saying that the use of spyware is never justified or even required," said Poland's representative. And the Greek representative pointed to the country's 2022 bill to ban the sale of spyware.
John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by "a secretive global ecosystem of developers, brokers, middlemen, and boutique firms," which "is threatening international peace and security as well as human rights." Scott-Railton called Europe "an epicenter of spyware abuses" and a fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in the last few years.
Representatives of Poland and Greece, countries that had their own spyware scandals involving software made by NSO Group and Intellexa, respectively, also intervened. Poland's representative pointed at local legislative efforts to put "more control, including by the judiciary, on the relevant operational activities of the security and intelligence services," while also recognizing that spyware can be used in a legal way. "We are not saying that the use of spyware is never justified or even required," said Poland's representative. And the Greek representative pointed to the country's 2022 bill to ban the sale of spyware.
Ban the sale? (Score:2)
In an ideal world that might work, but I imagine companies will cut costs on security because they are receiving less threats overall. Then they aren't ready for real, illegal attacks.
Re: (Score:2)
In an ideal world that might work, but I imagine companies will cut costs on security because they are receiving less threats overall. Then they aren't ready for real, illegal attacks.
Companies will cut costs because FUD can only convince so many, and the rest know they’re going to get hacked eventually. They care more about cutting costs for the sake of executive bonuses.
Not like their head is gonna roll when the inevitable happens anyway. That’s what the InfoSec blamegoat is for.
Re: (Score:2)
Exactly this sounds more like - whaaah our spokes spend a lot of time and money finding exploits only for them to get burned because some grey-market guys also find them and sell them regular cops. Those regular cops and prosecutors then go burning our capabilities guying after some low rent drug runner.
So the UN wants to end espionage too? (Score:4, Interesting)
Good luck with that.
As long as nations want an edge for whatever reason, they'll allow this activity; whether it's commercial or a gov't agency. It's like Spy vs. Spy in the old Mad Magazine. [duckduckgo.com] This is also complicated by the fact that software vendors allow spying on the users of their systems, whether it's Windows or Android or Apple for commercial, "targeted" purposes. Facebook, Google et al. are listening to your conversations and promising it's only for legitimate purposes. That benign acceptance worked well until users found out that Facebook was scanning Messenger chats and photos. [latimes.com] Or, that they were listening to your conversations [newatlas.com] So is Facebook spyware? I'd say it is.
Ultimately these "legitimate you opted in for this crap because it's buried in our ToS you won't read" Surveillance creates points of vulnerability with the data, and until that changes getting rid of "spyware" will be a pipe dream.
They are only concerned about others spyware (Score:2)
Re: (Score:2)
Their concern is the spyware they don't control or get information from. They are happy to continue with their own spyware, monitoring, data mining, tracking, etc. just not when that info goes to someone other than them.
Exactly. It's the "commercial" in the phrase "the dangers of commercial spyware" that they don't like.
Re: (Score:2)
You mean like Windows? (Score:3)
Windows is the most aggressive spyware ever, and the license says that Microsoft can exfiltrate as much of your data as they want any time they want and show it to anyone they want for basically any purpose they deem relevant.
I'll take governments seriously on this issue when they ditch Windows, not until.