India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems NSO Group's Pegasus spyware-for-governments keeps returning to the headlines thanks to revelations such as its use against Spain's prime minister and senior British officials. But there's one nation where outrage about Pegasus has been constant for nearly a year and shows little sign of abating: India. A quick recap: Pegasus …
I can't say much because reasons but if someone is interested, they should try and find various versions of it and see how it has gradually become denatured as far as protection **from** the government is concerned.
I'm not even sure if such a versioned history is available though.
It's all well and good to talk about legislation to protect privacy, but why is no one looking at the root cause, weakening of the underlying OSes to enable this type of backdoors. After all, the pegasus suite has been available for quite some time, why is no one doing anything to fill all the holes in the systems.
The known holes have been patched in IOS and Android, but NSO makes money by selling this exploit kit to some very wealthy people (governments, only governments and dictators, definitely believe them). With that kind of incentive, the company really doesn't want to lose access to that income stream and pays well for more zero days. We will never get a mobile OS and mobile apps* that never have bugs, so there will always be a way for someone sufficiently motivated to launch an attack.
That said, there are things that the OS providers haven't done that would help. Some vulnerabilities exploited by NSO have been patched in Android, but because it's Android, there are a lot of phones out there that never got the patches and remain vulnerable. Google could have prevented this. The OEMs could have prevented this. On that matter, I think recrimination is entirely justified. IOS has had a better record as Apple went back to OS versions to patch devices that couldn't update (and because they maintain software support for longer).
*Some of the ways that NSO's malware has been known to infect devices have used vulnerabilities in third-party apps, most often WhatsApp. That target was so often used that Facebook has sued NSO directly, the first and likely only time I support Facebook. In some cases, the vulnerability didn't even let them out of WhatsApp's sandbox. That's a problem the OS writer can't do anything about.
-> There is a critical need for judicial oversight of all interception Orders like there is in the United Kingdom
My humble advice to India: Please do not make it like the situation in the UK. We have secret courts rubberstamping all manner of activity by the nameless goons. They are a bigger threat to society than our supposed enemies.
>> There is a critical need for judicial oversight of all interception Orders like there is in the United Kingdom
> My humble advice to India: Please do not make it like the situation in the UK. We have secret courts rubberstamping all manner of activity by the nameless goons. They are a bigger threat to society than our supposed enemies.
Or Spain for that matter.
Last week a few MPs had the privilege to listen to whatever explanations gave the CNI --the Spanish MI5-- chief gave to them. However, all that had been said is considered a state secret so explaining anything to anyone else carries hefty prison sentences. Not that that prevents much, as well before the meeting took part it had already leaked that for 17 Catalan political and civil leaders the Pegasus use was approved by a secret Spanish court, for which also no proof nor reasoning can be given to the general public.
Not only all that hasn't sparked a public outcry, but one of the spied MPs who went to that CNI briefing is being charged for treason for the aforementioned leak.
BTW, the very selection of which MPs could attend to these secret affairs briefings had been locked for years because they needed a 3/5 majority of the MP votes. While all parties have the right to designate a representative to attend, opposition parties (which account for more than 2/5 of the parliament) voted against any and all representatives of Catalan and Basque parties, effectively locking the secret affairs commission altogether until a fortnight ago, when the ruling party changed the needed 3/5 majority to a simple one. So the CNI had even more carte blanche to do its business...
tl;dr Secret judicial oversight is no oversight at all, and Spain doing its usual business as if Generalissimo Franco were still not dead...
"India's outdated and insufficient legal framework for protecting trade secrets."
OTOH there's something admirably forward-thinking about a supreme court which can set up its own Technical Committee to investigate its national government for illegitimate targeting of individuals. I can see why the US gvmnt might not like that. Not the UK gvmnt
(1) 8192 bit keys (or bigger)
(2) Different random tokens and random keys for every message
(3) Multiple encryption passes (AES, chacha.....whatever you choose)
(4) Processing time on a pathetic Intel 4-core Celeron is negligible
(5) ...and use your regular email anyway
(6) ...and since the random keys are destroyed after every message...PC Plod can't even ask for the keys!
Yup........secure peer-to-peer messaging over gmail! Who'd have thunk it?
......only tools needed are gcc and gmp (and some help from gdb!)
Snoops are welcome to apply here for more details.....but unfortunately D/H means that you won't be able to crack the peer-to-peer messaging anyway!!!
Isn't "do-it-yourself" wonderful in the world of open source?????
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
