Some people were caught by being pushed to click on a trapped link
It was the week when we learned that a missed call on WhatsApp could create spyware on your phone and when San Francisco decided to ban facial recognition technology.
On Tech Tent, we explore our attitude towards technology that can catch criminals – but also be used to track each of our movements.
When the owner of WhatsApp, Facebook, discovered a flaw in the application, which allowed an intruder to crash spyware on a phone with a single missed call, the question of who was behind it was unusually open.
The company informed reporters that the attack had "all the features of a private company" that works with governments to provide spyware that seize cell phones.
It was widely believed that the company in question was the Israeli group NSO, which had previously been accused of selling spyware called Pegasus to agencies that use them to monitor human rights activists.
The University of Toronto's Citizen Lab, which monitors digital attacks against civil society, has been following the NSO group for several years.
His senior researcher, John Scott-Railton, told Tech Tent that Facebook's decision to be so direct about the manager's responsibility suggested that she was "pretty tired of the company's behavior." spyware private ".
According to him, the Citizen Lab had already seen the NSO's Pegasus spyware used to track dozens of journalists, lawyers and all kinds of activists in Mexico, via the traditional method of persuading them to click on a link.
But last Sunday, they spotted the new method exploiting the WhatsApp loophole, which was aimed, unsuccessfully, at a London-based human rights lawyer working with some of the Mexican activists.
He says that spyware is quite insidious: "Once on a phone, this phone is like a spy in the victim's pockets, the microphone can be activated, encrypted chats can be deleted, private photos, etc. on. "
NSO Group insists that its products have been used by law enforcement in the fight against terrorism and against criminal behavior in the broad sense.
The Israeli firm said in a statement: "NSO technology is licensed to authorized government agencies for the sole purpose of fighting crime and terrorism.
"The company does not operate the system and, after a rigorous licensing and auditing process, intelligence and law enforcement determine how to use technology to support their public safety missions."
Since the beginning of this year, the company has been majority-owned by Novalpina, a London-based private equity group whose chairman, Stephen Peel, now sits on the board of NSO.
We asked him for an interview. He was not available, but his PR team reported an open letter written in April – before the WhatsApp hack appeared – to a number of NGOs, including Citizen Lab.
For a long time, he defended the previous behavior of Israeli society and promised that, under the control of Novalpina, respect for human rights will be at the center of his concerns: "We expect each company in our portfolio to act with integrity and social responsibility. "
Amazon is another company under the spotlight about surveillance technology. At its annual general meeting next week, its shareholders will debate a motion asking the company to stop selling its facial recognition system to the US government.
Facial recognition systems of the police proved to be inefficient in the analysis of non-white faces
The vote comes just after San Francisco has become the first city to ban the use of facial recognition to its public bodies, in a climate of growing concern over intrusive surveillance in public places.
Mary Beth Gallagher, representative of Catholic institutions investing in Amazon, said the quality of the technology and how it could be used raised concerns: the impact it could have on society.
Like NSO, Amazon insists that its technology is used in a very positive way, especially to help find victims of child trafficking.
Ian Massingham, technology evangelist at Amazon Web Services, said his client should not monitor the misuse of facial recognition by his clients: "The appropriate organizations to deal with these issues are the policy makers and the government."
Surveillance technology, whether it's facial recognition or spyware, is a very lucrative industry, surrounded by secrecy. But the companies that support it can now themselves expect much closer monitoring.