Clearview AI (previously) is a grifty facial recognition company that sells untested, secretive tools to police departments, claiming that they can identify people from security camera footage by matching the pictures those scraped from big social media sites. Read the rest

[Addendum 2/20/2020: Following a legal complaint, the Guardian removed its article of 14 June 2019 and apologised to Mrs Peel. We are happy to clarify that Yana Peel is not, and was not, personally involved in the operation or decisions of the regulated Novalpina Capital investment fund, which is managed by her husband Stephen Peel, and others. Mrs Peel was not involved in any decision-making relating to the fund’s acquisition of NSO. Mrs Peel only has a small, indirect and passive interest in the fund. She does not own, whether directly or indirectly, any Novalpina Capital entity or any stake in NSO Group.] The NSO Group is one of the world's most notorious cyber-arms dealers, selling hacking tools to some of the world's most oppressive regimes that are used to identify targets for arrest, torture and even murder. The Israeli company went through a series of buyouts and buybacks, ending up in the hands of the European private equity fund Novalpina. Novalpina has pledged to rehabilitate the NSO Group's reputation by reforming its practices and limiting the sale of its spying tools to legitimate actors (whomever they may be). But research from the world-leading Citizen Lab (previously) revealed that NSO was behind a string of attacks on Whatsapp users last may, which was used to target human rights campaigners, journalists, and political dissidents. Facebook has filed a lawsuit against the NSO Group, accusing the company of being behind Whatsapp attacks in 20 countries (Whatsapp is a division of Facebook); Facebook claims that the attacks swept up at least 100 members of civil society groups. The suit seeks an injunction against future NSO Group attacks on Whatsapp and unspecified monetary damages. NSO is also being sued in Israel for allegedly helping to entrap the Saudi journalist Jamal Khashoggi, who was kidnapped, murdered and dismembered at the direction of the Saudi Crown Prince Mohammed Bin Salman. Facebook's suit presents a mixed bag of legal theories: they accuse NSO Group of violating California contract and property law, but also of violating the tremendously flawed Computer Fraud and Abuse Act, a 1986 federal anti-hacking law that Facebook drastically expanded when it sued a competitor called Power Ventures in 2008 (the CFAA was also the law used to hound Aaron Swartz to death). Read the rest

“Interoperability” is the act of making a new product or service work with an existing product or service: modern civilization depends on the standards and practices that allow you to put any dish into a dishwasher or any USB charger into any car’s cigarette lighter. Read the rest

The Ninth Circuit Court of Appeals has affirmed that the Computer Fraud and Abuse Act (a 1986 anti-hacking law passed after a moral panic over the movie Wargames) does not ban accessing public information from websites, even if you do so against the wishes of the website's operator. Read the rest

As long we've had electronic mass media, audiences and creators have benefited from periods of technological upheaval that force old gatekeepers to compete with brash newcomers with new ideas about what constitutes acceptable culture and art. Those newcomers eventually became gatekeepers themselves, who then faced their own crop of revolutionaries. But today, the cycle is broken: as media, telecoms, and tech have all grown concentrated, the markets have become winner-take-all clashes among titans who seek to dominate our culture, our discourse and our communications. Read the rest

Today, Apple is one of the largest, most profitable companies on Earth, but in the early 2000s, the company was fighting for its life. Microsoft's Windows operating system was ascendant, and Microsoft leveraged its dominance to ensure that every Windows user relied on its Microsoft Office suite (Word, Excel, Powerpoint, etc). Apple users—a small minority of computer users—who wanted to exchange documents with the much larger world of Windows users were dependent on Microsoft's Office for the Macintosh operating system (which worked inconsistently with Windows Office documents, with unexpected behaviors like corrupting documents so they were no longer readable, or partially/incorrectly displaying parts of exchanged documents). Alternatively, Apple users could ask Windows users to export their Office documents to an "interoperable" file format like Rich Text Format (for text), or Comma-Separated Values (for spreadsheets). These, too, were inconsistent and error-prone, interpreted in different ways by different programs on both Mac and Windows systems. Read the rest

Your car is basically a smartphone with wheels, and it gathers up to 25gb/hour worth of data on you and your driving habits -- everything from where you're going to how much you weigh. Cars gather your financial data, data on the number of kids in the back seat, and, once they're connected to your phone, data on who you call and text. Read the rest

Sinclair Target's long, deeply researched history of the format wars over RSS are an excellent read and a first-rate example of what Charlie Stross has called "the beginning of history": for the first time, the seemingly unimportant workaday details of peoples' lives are indelibly recorded and available for people researching history (for example, Ada Palmer points out that we know very little about the everyday meals of normal historical people, but the daily repasts of normal 21 centurians are lavishly documented). Read the rest

My latest Locus Magazine column is "Disruption for Thee, But Not for Me," and it analyzes how Big Tech has been able to "disrupt" incumbent industries, but has repurposed obscure technology regulations to prevent anyone from meting out the same treatment to their new digital monopolies. Read the rest

At this week's B-Sides Manchester security conference, James Williams gave a talk called "Next-gen AV vs my shitty code," in which he systematically revealed the dramatic shortcomings of anti-virus products that people pay good money for and trust to keep them safe -- making a strong case that these companies were selling defective goods. Read the rest

After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. Read the rest

Spoiler alert: to steal from prisoners and their families. Read the rest

If you're a dominant near-monopolist like Facebook, your first preference is to have no regulation at all -- but your close second choice is to have lots of regulation that you can afford, but that potential competitors can't, sparing you the tedious exercise of buying and killing any company that might grow up to compete with you some day. Read the rest

On Monday, the Supreme Court will review the 9th Circuit's decision in Apple Inc. v. Pepper, in which the plaintiffs argue that Apple has established a monopoly over apps for Ios (this part is actually incontrovertible, as Apple has used both technology and law to prevent rival app stores from operating), and that Iphone and Ipad owners have a right to ask the government to break up this monopoly (that's the controversial part). Read the rest

Jonathan Zittrain (previously) writes, "There’s reason to worry about security for the ever-growing Internet of Things, and it’ll be tempting to encourage vendors to solely control their devices that much more, limiting interoperability or user tinkering. There are alternatives - models for maintaining firmware patches for orphaned devices, and a 'Faraday mode' so that iffy devices can still at least partially function even if they’re not able to remain safely online. Procrastination around security has played a key role in its success. But 'later' shouldn’t mean 'never' for the IoT." Read the rest

The UK consumer review magazine Which? (equivalent to America's Consumer Reports) has published a special investigation into the ways that Internet of Things smart devices are spying on Britons at farcical levels, with the recommendation that people avoid smart devices where possible, to feed false data to smart devices you do own, and to turn off data-collection settings in devices' confusing, deeply hidden control panels. Read the rest

When researchers write, we don't just describe new findings -- we place them in context by citing the work of others. Citations trace the lineage of ideas, connecting disparate lines of scholarship into a cohesive body of knowledge, and forming the basis of how we know what we know.