So wait, if they were found to have violated the CFAA, that’s a serious crime. Does someone actually go to jail for this, or does doing it as a corporation just mean a slap on the wrist?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Wins Early Victory Against Spyware Maker NSO Group in Court
- Thread starter MacRumors
- Start date
- Sort by reaction score
Not a lawyer, but this being a civil trial, Apple's allegation of a CFAA violation (among other things) will be considered in determining liability (not guilt) as well as any damages owed by the defendant. In order for anyone to face jail time, or any other criminal penalties, they would have to be prosecuted by the DOJ (in the case of the CFAA), or the state of CA (in the case of California’s Unfair Competition Law).
I wonder then why the DOJ is not choosing to pursue charges of their own. I have a pretty strong suspicion why that is, though.
I mean the US isn't doing anything about the numerous war crimes, doubt they will do anything about this.
I can think of a few reasons why, and most aren't great.
The iPhone is still vulnerable, so spying tools that exploit vulnerabilities are going to be developed. Namely, government agencies will develop these tools themselves when they cannot purchase from a company.
So, not knowing about spying makes everyone happier?
This is one of those foolish takes on this case I've ever read.
Just yikes - level, omg embarrassing logic on display here.
And just remember kids, guns don't kill people, people kill people! Guns for all, and Pegasus hacks also!!
Ps - what the hell 😯
Exactly, I wonder how many murders were committed by governments, individuals, terrorists, using this ‘spyware.’ Which is too innocuous a term for the devastation and death it can bring. And—the people purchasing this have no good intentions.
Personally, I think the people who designed and launched this should be tried for crimes against humanity in not only the World Court, but in a court which could actually enforce punishment. And I don’t mean a small fine or even a large lawsuit. After all, won’t the bad actors who head this firm just declare bankruptcy before they have to pay out anything significant? There are still DEAD and murdered (and mutilated, r*ped, and who know what else) that NSO abetted.
So, what would you say if someone were to manufacture and sell a dirty nuclear device of mass destruction to actors both ‘good’ and ‘bad?’ Would you consider the makers of the weapon of mass destruction at all accountable for creating this, weapon/tool/‘appliance?’
The makers and sellers of dangerous items know who they are selling to—just as it takes only a slightly reasonable person to see that 90% of the use cases for weapons will result in many deaths. I do think that some tools should be kept out of the hands of dangerous people and states. Isn’t that why we try to keep more countries from gaining nuclear weapons technology? Yes, technology itself can be dangerous. More so when sold indiscriminately to murderous people.
You talk about personal responsibility — where is the personal responsibility of the builders and sellers of weapons intended to bring harm?
NSO know full well who they are selling their digital weapon to — particularly like when selling to a Saudi Prince, who also happens to be a husband, and who used the tool to spy on and help murder his wife before she could escape him…and get away with it? She literally fled to London, and that wasn’t far enough from Persia. Just as Jamal Kashoggi was murdered when he went to apply for his MARRIAGE license in Turkey. Thousands of miles from the King on the golden toilet of house Saud.
Since these are very wealthy people who are citizens of a foreign state…we know the answer to this. Whatever happens, they will not be truly held to painful account for their damning actions and sociopathy.
More than one reason! A) they don’t really care, B) these are Israelis, so the US Govt wouldn’t want to offend an ‘ally’ (when it suits them) in the delicate ME region, C) obviously, our own three-letter agencies, police departments, military, and probably many others known and important to our gov’t have used this deadly tool to illegally collect inforrmation which should be protected by law.
I am not sure they have any proof it was used against US citizens. War crimes aren’t DOJ department otherwise. Not off the top of my head anyway. If it was, they have grounds to bring charges. Not much they can do about foreign war crimes.
There is a slight difference: nuclear weapons are illegal and there is no positive use case for non state actors.
I compare this to the LPL because this is literally the same thing as a lock pick; albeit for digital tools. All they are doing is selling a lock pick.
Categories - Apple Security Research
Browse the full list of eligible payouts through the Apple Security Bounty program before you submit a report.
I'd suggest 6-7 figures for serious vulnerabilities is a "reasonable bounty".
It's not not serious, but if they want to get the reports for the literal highest tier of vulnerability then they need to match what the other side is paying. That's all I'm saying.Categories - Apple Security Research
Browse the full list of eligible payouts through the Apple Security Bounty program before you submit a report.security.apple.com
I'd suggest 6-7 figures for serious vulnerabilities is a "reasonable bounty".
The only way Apple is going to win here is if they have evidence/proof that the NSO Group themselves were personally involved in using their own spyware tool to spy on people because as it stands, all the NSO Group does is make spyware tools and sells them onto 3rd parties. This is no different to gun makers. When someone is killed by a gun, the gun manufacturer is never taken to court and sued for causing the persons death. Gun manufacturers provide a 'tool', they are not responsible for how that 'tool' is used. Same goes for NSO Group, they make a spyware 'tool', they cannot be held responsible for how others use it.
If people think NSO Group is at fault here then please explain to me how? They make a tool and sell it to 3rd parties and they are being sued for how it is being used. Gun Manufacturers make a tool and sell it to 3rd parties but they never get sued for how it is used. Please explain the difference because I cannot see there is any difference but yet Apple is suing NSO Group for breaches of CFAA. So why aren't gun manufacturers sued for crimes of murder or manslaughter?, they make a tool that people use to kill others and they get away with it. NSO Group makes a tool that people use to spy on others and they are being sued. Something is not right here.
If people think NSO Group is at fault here then please explain to me how? They make a tool and sell it to 3rd parties and they are being sued for how it is being used. Gun Manufacturers make a tool and sell it to 3rd parties but they never get sued for how it is used. Please explain the difference because I cannot see there is any difference but yet Apple is suing NSO Group for breaches of CFAA. So why aren't gun manufacturers sued for crimes of murder or manslaughter?, they make a tool that people use to kill others and they get away with it. NSO Group makes a tool that people use to spy on others and they are being sued. Something is not right here.
What would you say if alliance attacked sovereign country using false accusations of weapons of mass destruction?
If anyone thinks NSO are providing something useful and good, consider this thought.
Imagine that Apple came up with something that would block NSO's tools 100%. Should Apple implement that meaning the legitimate use is blocked? Or not implement and leave both legitimate and illegitimate use possible?
However unlikely a total block might be, it would be more realistic than hoping for a way of only blocking illegitimate use. Given that even defining that is impossible.
Imagine that Apple came up with something that would block NSO's tools 100%. Should Apple implement that meaning the legitimate use is blocked? Or not implement and leave both legitimate and illegitimate use possible?
However unlikely a total block might be, it would be more realistic than hoping for a way of only blocking illegitimate use. Given that even defining that is impossible.
A and C are valid, B is silly. The US goes after European, Japanese, S Korean, Taiwanese, Australian, and, yes, Israeli, etc companies all the time for bad practices
The reason the DOJ wont go after NSO has nothing to do with Israel, it’s because they use and are heavily invested in NSO’s tools. Same reason why Palantir, an American company, doesnt face much scrutiny
I sleep better at night not thinking about such things.
Like Agent K said in the original Men In Black movie...
Geaux Apple!🤩🎉🎉🎉🎊🥳🥳
At least from what I've looked up, the US doesn't use Pegasus and is actually victim to it. Not to say any US agencies conduct invasive/violating practices, but in this regard I do not believe they are invested in NSO.
So point B isn't silly. Especially considering how NSO is more or less a state-sponsored company.
You're right, I was going off of this: https://www.whitehouse.gov/briefing...pyware-that-poses-risks-to-national-security/