What are the key takeaways from the emerging battle between Facebook and NSO group?
Nicholas Weaver is a senior staff researcher focusing on computer security at the International Computer Science Institute in Berkeley, California, and a lecturer in the Computer Science department at the University of California at Berkeley. All opinions are his own.
Subscribe to this Lawfare contributor via RSS.
Child exploitation images are a horrific problem. Even the most clinical descriptions (such as the 23 sites described in the Freedom Hosting NIT warrant application) turn the stomach and chill the soul. Many individuals and companies, such as Facebook, go to extraordinary efforts to fight this menace.
On June 18, Facebook announced its forthcoming cryptocurrency, Libra. The company says it intends to integrate it into Facebook’s Messenger and WhatsApp products. Although Facebook says it has created an “independent” subsidiary, Calibra, and purports that the currency itself will be controlled by an independent Libra Foundation, the coin is really a Facebook project.
I am not a fan of Julian Assange. In fact, I’ve even managed to get the WikiLeaks official Twitter account to block me. But now that the U.S.
In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.
On May 15, President Trump once again declared a national emergency to invoke legal authority to make sweeping changes to U.S. policy, this time to secure the telecommunications supply chain. I’ve already made my views clear on Huawei’s suitability for U.S. markets and the need for a blanket ban on Chinese-sourced telecommunications equipment in U.S. infrastructure.
Telecommunications networks are special—they are designed to enable wiretapping. Mandates such as the Communications Assistance for Law Enforcement Act (CALEA) in the U.S. and similar requirements elsewhere effectively require that the network operator use equipment that contains surveillance hooks to answer government requests.