Originally published by RT.com.
Warning that companies that claim to protect national security are the “greatest danger” to it, Edward Snowden has urged the dismantling of this ‘Insecurity Industry’ by banning trade in intrusive software and penalizing enablers.
In a searing post on his blog, ‘Continuing Ed’, the NSA whistleblower pointed to the Pegasus scandal as a “turning point” that exposed the “fatal consequences” of private-sector companies like the NSO Group that are part of this “out-of-control” industry – whose “sole purpose is the production of vulnerability.”
“The phone in your hand exists in a state of perpetual insecurity, open to infection by anyone willing to put money in the hand of this new Insecurity Industry,” Snowden noted, adding that its clients range from countries to “sex-criminal Hollywood producers who can dig a few million out of their couch cushions.”
The entirety of this industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines (security updates) and then selling them to countries that occupy the red-hot intersection of a Venn Diagram between ‘desperately craves the tools of oppression’ and ‘sorely lacks the sophistication to produce them domestically.’
As news of the Pegasus scandal broke last week, it emerged that over 50,000 phones were infected by Israeli surveillance firm NSO Group’s flagship malware. Many of the numbers on the leaked list reportedly belong to political opponents of these client countries.
The former US intelligence contractor described the mobile ecosystem as a “dystopian hellscape of end-user monitoring and outright end-user manipulation.” Similarly, he stated that the world is “in the midst of the greatest crisis of computer security in computer history.”
If you want to see Microsoft have a heart attack, talk about defining legal liability for bad code in a commercial product. To give Facebook nightmares, talk about making it legally liable for leaks of their unnecessarily collected personal records. https://t.co/9ahiR1MOz4
— Edward Snowden (@Snowden) July 26, 2021
This is partly because, he noted, software developers and device manufacturers like “Apple, Google, Microsoft (and) miserly chipmakers who want to sell…not fix things” are still writing code in “unsafe” programming languages because it is easier and more cost-effective than modernizing.
In recent years, both Google and Microsoft engineers have said that roughly 70% of all serious security bugs in the Chrome codebase and Microsoft products respectively are related to memory safety problems – that Snowden puts down to the lack of incentive to switch to a safer programming language.
“The vast majority of vulnerabilities that are later discovered and exploited by the Insecurity Industry are introduced, for technical reasons related to how a computer keeps track of what it’s supposed to be doing, at the exact time the code is written,” he noted.
As examples of “incentivizing change,” Snowden suggests that “defining legal liability for bad code in a commercial product” would give Microsoft a “heart attack.” As well, he noted, make Facebook legally liable for any leaks of its users’ “unnecessarily collected” personal records and “Mark Zuckerberg would start smashing the delete key.”
Similar liability clauses needed to be applied to “amoral” global capital firms that bankroll companies like the NSO Group. Without these funds, Snowden noted, neither the scale nor the global consequences of ‘Insecurity industry’ activities would be possible.
However, the “first digital step” must be to “ban the commercial trade in intrusion software.” By “eliminating the profit motive” there would be a reduction in the risk of proliferation by private companies while preserving avenues for genuine research.
“If we don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets: It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect,” Snowden noted, warning of a future where “people (are) too busy playing with their phones to even notice that someone else controls them.”
RT creates news with an edge for viewers who want to Question More. RT covers stories overlooked by the mainstream media, provides alternative perspectives on current affairs, and acquaints international audiences with a Russian viewpoint on major global events. With its first international news channel launched in 2005, RT is now a global, round-the-clock news network of eight TV channels, broadcasting news, current affairs, and documentaries, with digital platforms in six languages and sister news agency RUPTLY. Round-the-clock news channels in English, Arabic, Spanish, and documentary channel RT Doc, in English and Russian, broadcast from Moscow, while RT America airs from Washington, RT UK from London, and RT France from Paris. Today, RT is available in more than 100 countries spanning five continents.