

Software Meant to Fight Crime Is Used to Spy on Dissidents - eevilspock
http://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html

======
csense
It's a little naive the way the article repeats that the software is "only for
use in criminal investigations."

1\. Outside of first-world democracies, one of the main purposes of criminal
investigations is to find political dissidents so they can be threatened,
jailed, tortured, or "disappeared."

2\. Another country's definition of "crimes," "criminal" or "investigation"
may be very different from yours. In the USA we have due process, presumption
of innocence, double jeopardy, rules of evidence, speedy trial, reasonable
search and seizure, prohibitions on ex post facto laws, Miranda rights...in
other countries, maybe there's a court and a trial, but with a 95%+ conviction
rate and no questions are considered relating to the reliability of the
prosecution's investigation process, arguments, witnesses or evidence. Or,
when you're accused, you're simply tortured until you confess, and the torture
is effective enough that most people confess (or extreme enough that people
who don't confess usually die). And the types of laws that they have may mean
that dissidents are actually criminals -- for example, if it's illegal to
criticize the regime in any way, then all dissidents are criminals by
definition.

3\. Most evil regimes have a secret police (it's practically part of the
definition of "evil regime"). The thing that distinguishes the secret police
from the regular police is that the former are, well, secret. An oppressive
government wouldn't come out and say to a First-World seller of such
surveillance software, "We're going to use this for criminal investigations
and secret police actions." Instead they'd say, "We're going to use this for
criminal investigations," and once they had it, expand its use to the secret
police without telling anyone.

4\. Even if it's not sold directly to the worst regimes, it may wind up in
their hands anyway, through bribery, espionage, a sequence of individually
legitimate, indirect trades through neutral nations, or plain old software
piracy. The fact that software is not a physical item and can be moved through
networks or tiny, unobtrusive, common devices like SD cards or USB drives,
perfectly disguised through encryption, and duplicated at virtually zero cost
makes it much easier and less risky to steal and/or move across borders than
would be the case for physical items like guns, artillery, aircraft, etc.

5\. Independent invention is also possible. There are plenty of countries with
the money and technical know-how to develop something like this (ahem Russia
ahem China), who aren't shy about cracking down on their own political
dissidents and presumably wouldn't mind selling the software to like-minded
regimes for money or political favors.

6\. With postmortems on infected PC's, or sufficiently detailed reports of
dissidents' activity leading to arrest, the outside world might figure out
what happened, as appears to be the case in this article. But by then there's
not much we can do, short of the usual ways the international community tries
to improve human rights -- multilateral negotiations, diplomatic pressure,
economic sanctions, UN peacekeepers, limited military strikes, full-scale
invasion and regime change. None of which seem to be particularly reliable or
effective.

The reason this type of software hasn't been much noticed until recently is
that despotic countries are often relatively backwards in many ways, so (I'm
guessing) most tyrants haven't had to worry much about Internet-organized
dissidents until enough of their population got Internet access for it to
become an effective tool for activists, which (I'm guessing) only happened
fairly recently in most such countries.

~~~
antidoh
"In the USA we have due process, presumption of innocence, double jeopardy,
rules of evidence, speedy trial, reasonable search and seizure, prohibitions
on ex post facto laws, Miranda rights..."

I suppose those things are fundamentally still here, as long as you aren't
overly interesting to the govt, but I feel like we have a Cheshire
Constitution that is slowly fading away, leaving only its memory and myth
behind.

\- Due process: Bradley Manning, Kim Dotcom/MegaUpload.

\- Presumption of innocence: Guantanamo (I know, "combatants"), US citizens
held for similar reasons.

\- Speedy trial: see Due process.

\- Reasonable Search/Seizure: the govt sticks GPS transmitters on cars without
warrants. The government declares by law that any email or other electronic
information that is on a server longer than six months is "abandoned" and
therefore legal to hoover up at their leisure and without a warrant. Which
means that all your gmail are belong to them.

\- Ex post facto laws: telecom immunity.
[https://duckduckgo.com/?q=telecom+spying+ex+post+facto&t...](https://duckduckgo.com/?q=telecom+spying+ex+post+facto&t=canonical)

We become less exceptional with each day.

~~~
csense
At least there's a public controversy about those things. Some specific
comments about how the Constitution may not be as dead as you think:

> Bradley Manning, Kim Dotcom/MegaUpload.

I'm pretty sure that the latter is still winding its way through the court
system. Not sure about the former. But Manning was also a member of the
military, so it makes sense that he should be held to a higher standard than
random civilians, with respect to leaking of classified information.

> Presumption of innocence

US citizens held for similar reasons? Citation needed.

> Reasonable search and seizure

Warrantless GPS transmitters were unanimously ruled illegal by the Supreme
Court [1]. As for your point about email, I'd believe it -- but again, I'm not
familiar with it, citation needed.

> Telecom immunity

Yes, this is a really crappy, sleazy thing our government did. But I'd guess
ex post facto only applies to criminalizing behavior after the fact, not
decriminalizing it.

[1]
[http://www.usatoday.com/news/washington/judicial/story/2012-...](http://www.usatoday.com/news/washington/judicial/story/2012-01-23/supreme-
court-GPS/52754354/1)

~~~
antidoh
> Presumption of innocence

> US citizens held for similar reasons? Citation needed.

Sorry, I can't find it. I was thinking specifically of someone from the
Chicago area with a Hispanic name arrested on suspicion, but I can't find it.
My recollection is that he's suspended in the system, but I can't find a
citation.

While you make excellent points, I still feel like we've lost a lot. Maybe
it's a personal thing.

------
kephra
I'm missing the point that the FinFisher, FinSpy, "Hallo Steffi" toolbox is a
German product. The software is written in Germany, and Gamma International is
just an UK sales proxy. The usage of this toolbox by state agencies within
Germany is illegal, but Germany exports this illegal toolbox to friendly
regimes, and uses it to spy on hostile regimes.

Thats similar to: We don't own our own bomb, we just borrow bombs from US, and
export centrifuges to Korea and Iran.

It should be also noted that FinSpy got a valid Apple certificate, while Apple
on the other hand side is known to block software like Drones+. Its therefore
just an other example that locking down a platform by certificates is not to
protect users, but to protect a monopoly. And a reminder to stop UEFI.
<http://news.ycombinator.com/item?id=4337218>

~~~
AJuandelaO
FinSpy agent in the UK -

<http://finspy-agent.software.informer.com/>

------
mmanfrin
I think conceptually this is obvious -- all means of fighting crime can be
used to fight people who wish to change the law. To change the law, you must
push for activity outside the scope of the current law to be accepted.
Activity outside the scope of the law is, by another unflattering name, crime.

------
zwdr
Well, who wouldve thought about? Absolutely astonishing news!

------
batista
> _What they found was the widespread use of sophisticated, off-the-shelf
> computer espionage software by governments with questionable records on
> human rights._

And even more widespread use by governments with good records on human rights
(especially since lots of the "NGOs" that check human rights violations are
based there or are sponsored by those very governments. Plus those governments
do most of their violations outside their borders).

------
p3drosola
Please, it's just a damn keylogger. Everyone stop overreacting.

~~~
EliRivers
Seems like it does a lot more than just log keys. Here's a list of features
from wikileaks.org/spyfiles/files/0/289_GAMMA-201110-FinSpy.pdf

· Covert Communication with Headquarters

· Full Skype Monitoring (Calls, Chats, File Transfers, Video, Contact List)

· Recording of common communication like Email, Chats and Voice-over-IP

· Live Surveillance through Webcam and Microphone

· Country Tracing of Target

· Silent extracting of Files from Hard-Disk

· Process-based Key-logger for faster analysis

· Live Remote Forensics on Target System

