#WhatsApp snooping: Mobile phone OS is far from secure

India is witnessing a massive cyberattack against civilians. The civilians whose lives have been attacked include prominent rights advocates, politicians and journalists. #surveillance #privacy #dataprotection #whatsapp

It is, in short, a cyberattack upon individuals who incarnate democracy and the rule of law.

Three points are salient: we are given to believe that this cyberattack comes from our own executive government;

the tools used are part of an international trade in cyberweapons that governments including ours permit, encourage and fund;

and, most importantly, under Indian law all of this is perfectly legal.

As citizens, we are responsible for understanding and acting on these realities. If we fail to safeguard our future by legislating now, we will be responsible for losing our democracy.

Mobile phone operating software is far from satisfactorily secure. The hardware we carry around and are proud of is dangerously capable of being used to spy on us.

It contains microphones, cameras and sensors more various and densely packed, gram for gram, than the most sophisticated spy satellites in orbit.

So if our software is compromised, our smartphones turn into the most dangerous digital weapons possible.

Now the same weapons that nations might use to spy on one another’s military, diplomatic and political officials are turned against civil society, judicial and legal advocacy organisations #whatsappsnooping #india

These defenders, journalists, lawyers, their independent digital defence capabilities are effectively nil: they depend on what the phone manufacturers, platform companies and app programmers do.

They buy and use the products, and if those products are defective their individual lives and those of their families are at risk. Because they are the working fabric of democracy and the rule of law, our free society can be decapitated by whoever controls the software.

That has happened in India right now because a private cyberarms manufacturer in Israel, called #NSO, sells a weapon to governments that compromises smartphones.

Taking advantage of a fault in the #WhatsApp app distributed by #Facebook, NSO made it possible for buyers of its weapon to take over any phone completely—just by sending a single message or call to any chosen recipient, no matter what the recipient did with that message.

This is a fatal technical product defect that Facebook imposed on its users. In India, we have become overnight massively dependent on #WhatsApp. That endangered society as a whole—not just all prominent individuals. It

It is right for Facebook to do both some explaining about precisely what went wrong and some significant apologising. But instead it has sued NSO, trying to shift all responsibility to the weapons manufacturer and away from itself.

It will fix the problem that was exploited, and declare itself outraged and innocent. The law will not interfere with that charade of immunity. #whatsapp

This particular weapons manufacturer, #NSO may shut down. But the international trade in cyberweapons will not be interrupted or inconvenienced.

The people of the world want technology that increases their safety and protects their #privacy.

Platform companies want to collect all the information about everybody, by offering them “free” basic services like email and social sharing in return for comprehensively collecting all their behaviour using the spy-satellite capabilities of their smartphones.

Governments want to have access to anyone’s mind and behaviour in real time, and to use big data tools to scrutinise and predict any segment of society, large or small, they choose.

Cyberweapons mfrs can create software tht will allow govts to have what it wants,keep ppl frm even knowing tht what they want has been destroyed. platform cos just have to keep making money by collecting everything, not preventing govts from using cyberweapons to destroy freedom.

In self-defence, democracies have to use the rule of law to break up this system. But our law contains no protections whatever against what is happening.

Although this is malware and may a case exists against Govt of India,
The government is not legally prevented from using cyberweapons against civilians in this manner.

The law governing surveillance as laid down in the Indian Telegraph Act, Information Technology Act, Rules framed, Code of Criminal Procedure, service licences granted by the Department of Telecoms, all make it legally possible for the government to carry out surveillance.

There are no means of determining the extent and rigour with which these laws are observed in practice, since all of India’s communications surveillance is conducted within an extremely closed environment with no transparency or independent oversight.

The concerned enabling Acts and Rules always stipulate the observance of strict confidentiality in the surveillance process, thereby significantly limiting the amount of information on surveillance practices that is available to the general public.

Government authorities routinely assure citizens that surveillance is conducted only in accordance with law, yet this claim is questionable. That is why it does not matter what political party is in power.

On the contrary, instead of using Rule of Law to prevent the use of such cyberweapons, government of India continues to pressure @Facebook to undermine the strong end-to-end encryption in @WhatsApp

Because encryption interferes with their broader ambitions of Govt of India to listen to everything, everywhere, all the time .

They still hve to target individual smartphones to gain complete access to all the calls, messages. But if govts could attack all WhatsApp messages and all other communications simultaneously by breaking encryption, big data despotism could attack people’s freedom wholesale.

That way North Korean totalitarianism could be scaled up to work in China. Or India.

We are the democracy most vulnerable to this form of govt war on freedom, and we are legally undefended. We need legislation immediately recognising the constitutional situation, providing for defence of our freedom at each step in cycle of cyberwarfare being waged against it.

The constitutional principle is that the govt is responsible for protecting us against spying on the people, wholesale or retail, by outsiders, and must subject its own domestic digital surveillance to the Rule of Law.

The first part means that we need laws against the cyberweapons trade and product liability law.

Such laws should ensure that platform companies pay for their negligence in pursuing their own business when they allow cyberattacks on their customers because of design and construction defects in their products.

The second part means that we need legislation requiring the govt to justify its use of public money to purchase cyberweapons that will be used against citizens.

Such legislations should subject all such uses to judicial oversight to verify the legitimate national security interests involved.

We also need to harden our societal defence against such attacks. We must legislate to regulate behaviour collection by the platform companies and telcos.

We need laws protecting individuals against market practices that over-collect behaviour data and over-empower a few cos that concentrate such data on their platforms. This cannot be fixed by a simplified notice and consent or data protection; we need people protection laws.

Only such legal steps at all levels of the system that is failing us will ensure that the current controversy results in effective defence of freedom. No one should underestimate the seriousness of the threat to democracy or what is at stake.