U.S. Rolls Out Strict Rules for Commercial Spyware Use, Amidst Rash of Hacks:
The new regulation allows the government to ban a particular vendor's spyware from being used by agencies, if the company's product is found to have contributed to human rights violations, has been used to target U.S. citizens, or has been wielded against activists or journalists. In essence, the government is using its presence as a major consumer of defense and security products as a cudgel to encourage surveillance firms to behave or face blacklisting.
The announcement comes amidst revelations that more U.S. officials have been targeted by spyware than previously believed. On the same day that the executive order was announced, a senior US administration staffer told reporters that as many as 50 American officials are suspected or confirmed to have been targeted by commercial spyware in recent years. Previous reporting on this subject has focused on a handful of diplomats in foreign countries who had allegedly been targeted for surveillance. The new tally shows that, in reality, the imprint of foreign campaigns aimed at U.S. officials may be much broader.
"Commercial spyware – sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices' users – has proliferated in recent years with few controls and high risk of abuse," the White House's announcement reads. "The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. Government personnel and their families."
(Score: 2) by MIRV888 on Wednesday March 29 2023, @05:56AM (6 children)
I am of the opinion that most of our systems, commercial, governmental, and military have been penetrated. I have no evidence to support this opinion. It just seems to me that allowing our enemies to manufacture a huge amount of our semiconductors and electronic based products implicitly means that ic level hacks have been included.
Just my opinion.
(Score: 1) by lush7 on Wednesday March 29 2023, @06:44AM (2 children)
It's the other way around...
(Score: 2) by mhajicek on Wednesday March 29 2023, @07:35AM (1 child)
Why not both?
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 0) by Anonymous Coward on Wednesday March 29 2023, @08:18AM
(Score: 0, Insightful) by Anonymous Coward on Wednesday March 29 2023, @07:31AM (2 children)
Sounds like a good reason to stop turning every independent country into enemies, eh? A sane society wouldn't need to dominate the globe to satisfy their petty vanity and exceptionalist lust for power.
(Score: 3, Touché) by PiMuNu on Wednesday March 29 2023, @10:59AM (1 child)
> stop turning every independent country into enemies
Only the ones that send innocent people to re-education camps and invade their neighbours for "defence" then?
(Score: 0) by Anonymous Coward on Wednesday March 29 2023, @05:57PM
Maybe we should stop doing *those same exact things* before deciding to make them our enemies for those reasons? Making a moral argument doesn't have much weight when the hypocrisy is so blatant.
Oh, sorry, I forgot you whities don't recognize non-white people as humans, now it all makes sense how you can have zero respect for sovereignty until a white country suffers, and zero respect for human rights until yellow people violate them.
(Score: 2, Interesting) by Anonymous Coward on Wednesday March 29 2023, @06:54AM
The correct way to fix this is to make a company 10x liable for any data they hold that is not demonstrably necessary for them to hold. You need to prove your ID to a company to get a job, fine, they need a responsible officer to sight those documents and confirm on the record they sighted them. They don't need to scan and add them to the employee record. Same with customers. They might hold a delivery address, but there is no need for that database to hold any more than an initial and last name as well. Give them a company specific ID and password and never store any other identifying details. Why the hell would JRandomCo need to hold your date of birth, mother's maiden name and the name of your first pet?
and always post anon. :)
(Score: 3, Insightful) by ShovelOperator1 on Wednesday March 29 2023, @10:27AM
So now it's time to do a great renaming. The spyware is not a spyware, it's a "telemetry". It's not for spying but for "making the product better" and for "the good of the consumer". Then wouldn't it work even better?
Consumers want and love spyware. I have seen numerous times that commercial software sends its complete memory dump to the developer company on crash. Complete - including processed documents and sometimes even significant parts of keys used for opening encrypted documents. Many, if not all mobile programs literally report everything user does, and multimedia players do it without any covering. It is all OK according to law and has zero negative reaction from users.
So maybe it will not be so dumb idea just to rename the software type?
(Score: 2, Interesting) by Runaway1956 on Wednesday March 29 2023, @11:32AM
Our Uncle Sam isn't really going to stop using tools that might have been used in human rights violations. What they are going to do, is use smoke and mirrors to help convince you that Uncle doesn't use such tools. Say that North Korea uses Brand Z hacking tools to violate human rights. Uncle will just hold a secret court in which Uncle confiscates Brand Z's intellectual property, change a couple lines of code, insert their own copyright (or some false flag copyright) then deploy Brand Z's tools to the intel community.
Complete and utter nonsense. Maybe Brand Z won't profit from Uncle's use of their tools, but the tools are still being used.