Cybersecurity

Government-Sponsored Hacking of Activists Should Give Authorities Pause, Not Inspiration

How an oppressive Middle Eastern country led to everybody's iPhones getting a security update.

|

iPhone
Mauro Grigollo/Westend61 GmbH/Newscom

The iPhone security breach that prompted the latest Apple software update is not about encryption, but it's still very important for Western government officials who want to meddle with tech security standards in service of their own national security agendas to pay attention.

Apple just released a new security update for iPhone and iPad users because of what recently happened to Ahmed Mansoor, a human rights advocate and promoter of a free press and democracy in the United Arab Emirates. Mansoor was sent a link in a text from an unknown source that said it would show him information about torture within UAE's prisons. This was lie, which he fortunately did not fall for. The link would have actually installed spyware within his phone that would have allowed hackers to snoop on Mansoor and even remotely activate the phone's camera.

Mansoor has been targeted before, and fortunately for him (and all Apple users), he knew who to turn to in order to investigate the malware. Citizen Lab figured out the nature and purpose of the malware, which has been traced back to a secretive Israeli-based firm. This makes things a bit, well, as the Associated Press diplomatically describes it, awkward:

The apparent discovery of Israeli-made spyware being used to target a dissident in the United Arab Emirates raises awkward questions for both countries. The use of Israeli technology to police its own citizens is an uncomfortable strategy for an Arab country with no formal diplomatic ties to the Jewish state. And Israeli complicity in a cyberattack on an Arab dissident would seem to run counter to the country's self-description as a bastion of democracy in the Middle East.

The Associated Press sent a journalist to the Israeli company's headquarters only to find they had recently moved. They have not been able to get authorities from either Israel or UAE to respond. They best they were able to get from the company, NSO Group, was a bland statement that its mission was to provide "authorized governments with technology that helps them combat terror and crime."

That's the kind of statement that should send off warning sirens and alarm bells in the minds of government officials here in the United States and Europe. That's the same kind of motivation lawmakers and investigators claim in calls for tech companies provide them ways to bypass encryption or security of their devices or programs.

At the same time that Mansoor was trying to fend off government-sponsored hacking targeting him because of his human rights advocacy, leaders within France and Germany are calling on the European Union to adopt a law that requires app makers to provide government officials the tools to bypass encryption for the purpose of … helping them combat terror and crime.

Fortunately European human rights and data protection experts are loudly pointing out what a terrible plan this is. There are politicians who still believe that somehow tech companies can create some sort of magical key that only the "right" people can use. This is clearly an absurd contention, but even if it were true, the United Arab Emirates, which has a terrible record of imprisoning its critics, apparently counts as the "right" people.