
Governments Turn to Commercial Spyware to Intimidate Dissidents - hvo
http://www.nytimes.com/2016/05/30/technology/governments-turn-to-commercial-spyware-to-intimidate-dissidents.html?ref=technology&_r=0
======
JustUhThought
Do other HN readers find themselves on the receiving end of ridicule by their
fam & friends for taking this privacy stuff seriously? I'm constantly being
told I'm unreasonably worried, borderline tin-hat wearing paranoid, for being
concerned by the surveillance capabilities built into our modern consumer
electronics which are available to governments and business alike.

But if someone my parents know have their identity stolen by stealing credit
card bills and applications from their mailbox and then find themselves on the
hook for $30,000 in fraudulent charges, well then it's all my parents talk
about for the next 2 days.

That I understand the technology and they do not, seems to keep them from
taking the issue seriously.

~~~
pascalmemories
Yup. I actively work in security consultancy. _Everyone_ outside of tech
thinks and treats me like some sort of tinfoil hat salesperson. I get sent all
sorts of crazy conspiracy theory links because "that's the stuff you're really
into." on a daily basis.

Even when people read about Snowden, they just don't get it. This past
weekend, he came up and the response was, yeah, but Snowden was saying the
spying is only on terrorists, they don't collect any information on people who
are not terrorists because that would be way more information than they want.
Trying to explain that is the opposite of what Snowden was saying was
pointless and futile because it just made me sound like the crazy one.

The NSA must be rolling around laughing as they listen in to peoples naive
conversations about Snowden.

edit: oops, removed link added on the wrong posting. Sorry. And a typo. Sorry
again.

~~~
anexprogrammer
I get the same from most, including a couple _in_ tech who really should know
better.

I've heard all the variations on "if you have nothing to hide..." through
"well we have to catch the terrorists".

Every time a story comes up that some killing or terrorist act happened and
one of the perpetrators made a post on twitter, or was already known to
security services, the opinion _always_ seems to be along the lines of "well I
guess we need to monitor more". Never once have I heard a variation on "if
they're known to security already why wasn't something done to arrest or
prevent".

Meanwhile there is some belief in chemtrails amongst a few of the younger
people I know going on FB group posts I see them share.

I've given up trying to explain either security things or humidity, dew points
and the basics of flying.

I don't have the energy to fight a battle that feels like Canute vs the Ocean.
I wish I knew something that would make people care.

~~~
TeMPOraL
> _Meanwhile there is some belief in chemtrails amongst a few of the younger
> people I know going on FB group posts I see them share._

Reminds me of a thing I learned here on HN recently. The US was in fact
intentionally spraying germs on unsuspecting civilians in San Francisco, among
other places, as a part of research related to biological warfare. Turns out
there's some grain of truth even in the chemtrails crackpottery.

~~~
giuscri
Could you name some reference for the fact please?

~~~
TeMPOraL
[https://en.wikipedia.org/wiki/Operation_Sea-
Spray](https://en.wikipedia.org/wiki/Operation_Sea-Spray)

[http://www.wsj.com/articles/SB1003703226697496080](http://www.wsj.com/articles/SB1003703226697496080)

[http://blogs.discovermagazine.com/bodyhorrors/2015/06/28/san...](http://blogs.discovermagazine.com/bodyhorrors/2015/06/28/san-
fran-serratia/#.V01Ivl6lilM)

There was a story with some discussion here on HN that I can't sadly track
down via Algolia now. It told about a person that tracked down information
about those tests, motivated by death of some relative who was undergoing
surgery at the time, and got infected with a germ that shouldn't even be
there.

------
Dwolb
My friend worked for / with the government on city surveilance for a short
stint after his time with the army. He described an example of his work as
follows:

An activism group was meeting in a city center and was to walk to another part
of the city for a demonstration.

My friend's team had video surveilance feeds all over the city to track the
activism group as they walked from their meeting place to the demonstration.

As the group began to walk, my friend's team was able to delay the group with
Don't Walk signals. The delay was long enough for a police barricade to
permanently get in the activism group's way and stop the demonstration for the
day.

I may have some of the details wrong or his recount may not have fully been
100% honest, but it feels as this situation is very achievable with current
technology.

The most worrying piece of this story is the activists are not being
confronted with a human who can talk to them. They're being thwarted by a
faceless group without the chance ever discuss their reasons for
demonstrating. The government in this situation was able to get what they
wanted in the near term, but at the expense of frustration of their citizens
in the long term.

~~~
dTal
In that particular story, I'd say the level of centralised power evidenced by
the ability to manipulate individual traffic signals is as frightening as the
quantity of information fed into it. That's not just surveillance, that's top-
down control of the functioning of a city.

~~~
tdkl
From technological standpoint it's not that big of a deal. But from civil
rights it's horrible, if it was a reported demonstration and the demonstrators
were calm.

------
geomark
The Middle East gets the headlines on this topic. But it's happening other
places, too.
[https://news.ycombinator.com/item?id=11801325](https://news.ycombinator.com/item?id=11801325)

~~~
ilaksh
But _of course_ nothing like that ever happens in the United States or any of
our close allies. Because this country is the exception to everything bad that
has happened in _other_ countries and nothing that bad could ever be done by
our government. We don't have dissidents in the US. We just have freedom and
truth all the way through that we sometimes need to carefully spread to other
countries.

------
jcoffland
"In many cases these tools are able to circumvent security measures like
encryption."

To me this quote from the article, with out any qualification is just fear
mongering. People need to know that _strong_ crypto, when implemented
correctly does work.

I recently tried to get a number of my friends to install Signal on their
phones. I was quite surprised that most of them, even the technically minded
ones, refused to install it. Their reasons ranged from not trusting the
software to worrying that using it would draw government attention. And this
in California.

Encrypted SMS, email and phone calls should have been standard tech from the
beginning. Everyone should use crypto in their day-to-day lives, not because
they have something to hide, but so that free speech and privacy are
protected.

~~~
djrogers
What good is strong crypto if your endpoint is compromised? If I can take
screenshots and keystroke logs of you in Signal, all the crypto in the world
won't help. That's the kind of spyware this article is talking about - full
endpoint compromise.

~~~
jcoffland
Of course, but just because my car could get stolen in my garage does not mean
I'm not going to lock it when I go downtown. Strong crypto can protect your
data while it's in transit and people should use it, try to break it and make
it better.

------
zby
I guess this is not a surprise to anyone here. The techniques are well known
and cheap. Now the question is - what can we do? We probably cannot get
privacy back when there are internet connected sensors everywhere. The data is
there and governments will find a way to get it.

On the other hand it seems that for some time the world power have been
becoming more and more fragile and limited: [http://moisesnaim.com/books/the-
end-of-power/](http://moisesnaim.com/books/the-end-of-power/). Has the tide
turned now? Or maybe we are heading back to some kind of village life - where
everyone knows about everyone so there are no such imbalances as we have
today?

~~~
walrus01
What can we do? Get activist types to stop using Windows. That removes about
99% of the attack surface. I'd like to see the UAE successfully remote root a
desktop running debian-testing amd64 and an xorg/xfce desktop. Yes, there's
myriad security problems with Firefox and other things.... But every single
state-paid RAT tool ivr seen is targeted at Windows.

education is important too. If you can successfully trick people into running
a binary you gave them with sudo (or the equivalent) all bets are off.

------
ccvannorman
But if we outlaw spyware, only outlaws will utilize spyware!

~~~
arca_vorago
Edit: op explained his intentions in comment below.

~~~
ccvannorman
Apparently my point was too obtuse. What I am trying to say is that most
surveillance is done legally, or just outside the lines enough to be forgiven
by the blue line (in whatever country). My presumption is that the populous
(us) _should be voting for spying like this to simply be illegal_, which is a
topic that hardly ever comes up.

Let me try again: Spying from government to its citizens should be flatly
illegal, and until we demand as much, we are failing our own democratic system
and sliding per notch into turnkey totalitarianism.*

*not intended as hyperbole -- we are a long way from it, but the notches are undeniable

~~~
arca_vorago
Hey, I really appreciate the elaboration, and I think I am in agreement with
you on this point. I have to admit perhaps it was a bit over the top because I
thought you were sarcastically using the pro rights gun statement and somehow
trying to apply it to this topic.

------
kosherkowboy
Compounding this injustice is the fact that the executors of this surveillance
are private contractors, not a wing of the government. What's worse, these
cyber mercenaries, such as Hacking Team, are contracted out by the individual
ruling families of the Emirates. The abundance of technology is making the
blending of sovereign and personal power extraordinarily dangerous. The voice
of the demos is totally absent from all of this. Which is why modern
autocracies are more dangerous than they ever have been.

Bereft of popular sovereignty, nations stand poised to allow powerful
individuals to agglomerate a huge arsenal for the holding and maintaining of
power. We in America need to do a better job of exercising whatever power we
have in order to forestall the creeping technologically based grip on our
freedoms.

------
whyagaindavid
do people developing such spyware ever read hn? May be time to bring a ethics
promise to software development!

~~~
MasterScrat
Don't most schools have a code of moral conduct to sign before graduation?

~~~
krapp
Wouldn't many programmers object to being coerced into signing a "code of
moral conduct" to begin with?

~~~
chillingeffect
Without a broader background, programmers don't all understand the
implications of their actions...

Doctors are generally quite proud to be take part in the Hippocratic oath
which connects their actions to something much larger thsn themselves

