So wait, if they were found to have violated the CFAA, that’s a serious crime. Does someone actually go to jail for this, or does doing it as a corporation just mean a slap on the wrist?
Not a lawyer, but this being a civil trial, Apple's allegation of a CFAA violation (among other things) will be considered in determining liability (not guilt) as well as any damages owed by the defendant. In order for anyone to face jail time, or any other criminal penalties, they would have to be prosecuted by the DOJ (in the case of the CFAA), or the state of CA (in the case of California’s Unfair Competition Law).So wait, if they were found to have violated the CFAA, that’s a serious crime. Does someone actually go to jail for this, or does doing it as a corporation just mean a slap on the wrist?
Not a lawyer, but this being a civil trial, Apple's allegation of a CFAA violation (among other things) will be considered in determining liability (not guilt) as well as any damages owed by the defendant. In order for anyone to face jail time, or any other criminal penalties, they would have to be prosecuted by the DOJ (in the case of the CFAA), or the state of CA (in the case of California’s Unfair Competition Law).
I mean the US isn't doing anything about the numerous war crimes, doubt they will do anything about this.I wonder then why the DOJ is not choosing to pursue charges of their own. I have a pretty strong suspicion why that is, though.
I can think of a few reasons why, and most aren't great.I wonder then why the DOJ is not choosing to pursue charges of their own. I have a pretty strong suspicion why that is, though.
The iPhone is still vulnerable, so spying tools that exploit vulnerabilities are going to be developed. Namely, government agencies will develop these tools themselves when they cannot purchase from a company.The court can also award damages, which could be extensive.
Yeah, the spying, and against whom it's directed to date, is evil.
This feels like the craziness of suing gun manufacturers for murder.
Go after the user, not the tool. There are legal applications for the software. Further, if governments are buying it, then they feel, for better or worse, that it would be legal for law enforcement.
Going after the manufacturer seems a legal stretch. I’d be surprised to see how the courts view this because you know it’s going to be appealed either way.
Exactly, I wonder how many murders were committed by governments, individuals, terrorists, using this ‘spyware.’ Which is too innocuous a term for the devastation and death it can bring. And—the people purchasing this have no good intentions.There’s a great podcast I just listened to about NSO and Pegasus and the murder of Jamal Khashoggi. It’s called “Shoot the Messenger: Espionage, Murder & Pegasus Spyware”
So, what would you say if someone were to manufacture and sell a dirty nuclear device of mass destruction to actors both ‘good’ and ‘bad?’ Would you consider the makers of the weapon of mass destruction at all accountable for creating this, weapon/tool/‘appliance?’This just further pushes the misguided notion of removing personal accountability. People need to stop blaming everything and everyone else and start looking in the mirror to address their problems.
True. But then again, should we shut down all hacking tools and conferences because not everyone works for the good guys? A knife can be used for surgery or as a murder weapon.
Except that what they sell is not illegal. It’s all dependent on how it’s used.
I know in the modern world, many people disagree, but I believe very strongly in the need of furthering, personal accountability. As a society, we must stop blaming everything on everyone else.
I see this software as remarkably similar to the Lock Picking Lawyer. What LPL teaches can very well be used for nefarious activities, yet no one is suggesting we sue him and shut down his YouTube channel.
Since these are very wealthy people who are citizens of a foreign state…we know the answer to this. Whatever happens, they will not be truly held to painful account for their damning actions and sociopathy.So wait, if they were found to have violated the CFAA, that’s a serious crime. Does someone actually go to jail for this, or does doing it as a corporation just mean a slap on the wrist?
More than one reason! A) they don’t really care, B) these are Israelis, so the US Govt wouldn’t want to offend an ‘ally’ (when it suits them) in the delicate ME region, C) obviously, our own three-letter agencies, police departments, military, and probably many others known and important to our gov’t have used this deadly tool to illegally collect inforrmation which should be protected by law.I wonder then why the DOJ is not choosing to pursue charges of their own. I have a pretty strong suspicion why that is, though.
I mean the US isn't doing anything about the numerous war crimes, doubt they will do anything about this.
So, what would you say if someone were to manufacture and sell a dirty nuclear device of mass destruction to actors both ‘good’ and ‘bad?’ Would you consider the makers of the weapon of mass destruction at all accountable for creating this, weapon/tool/‘appliance?’
The makers and sellers of dangerous items know who they are selling to—just as it takes only a slightly reasonable person to see that 90% of the use cases for weapons will result in many deaths. I do think that some tools should be kept out of the hands of dangerous people and states. Isn’t that why we try to keep more countries from gaining nuclear weapons technology? Yes, technology itself can be dangerous. More so when sold indiscriminately to murderous people.
You talk about personal responsibility — where is the personal responsibility of the builders and sellers of weapons intended to bring harm?
NSO know full well who they are selling their digital weapon to — particularly like when selling to a Saudi Prince, who also happens to be a husband, and who used the tool to spy on and help murder his wife before she could escape him…and get away with it? She literally fled to London, and that wasn’t far enough from Persia. Just as Jamal Kashoggi was murdered when he went to apply for his MARRIAGE license in Turkey. Thousands of miles from the King on the golden toilet of house Saud.
NSO group wouldn't be in business if these giant corporations actually paid reasonable bounties to white hat hackers for serious vulnerabilites.
It's not not serious, but if they want to get the reports for the literal highest tier of vulnerability then they need to match what the other side is paying. That's all I'm saying.![]()
Categories - Apple Security Research
Browse the full list of eligible payouts through the Apple Security Bounty program before you submit a report.security.apple.com
I'd suggest 6-7 figures for serious vulnerabilities is a "reasonable bounty".
What would you say if alliance attacked sovereign country using false accusations of weapons of mass destruction?Exactly, I wonder how many murders were committed by governments, individuals, terrorists, using this ‘spyware.’ Which is too innocuous a term for the devastation and death it can bring. And—the people purchasing this have no good intentions.
Personally, I think the people who designed and launched this should be tried for crimes against humanity in not only the World Court, but in a court which could actually enforce punishment. And I don’t mean a small fine or even a large lawsuit. After all, won’t the bad actors who head this firm just declare bankruptcy before they have to pay out anything significant? There are still DEAD and murdered (and mutilated, r*ped, and who know what else) that NSO abetted.
A and C are valid, B is silly. The US goes after European, Japanese, S Korean, Taiwanese, Australian, and, yes, Israeli, etc companies all the time for bad practicesMore than one reason! A) they don’t really care, B) these are Israelis, so the US Govt wouldn’t want to offend an ‘ally’ (when it suits them) in the delicate ME region, C) obviously, our own three-letter agencies, police departments, military, and probably many others known and important to our gov’t have used this deadly tool to illegally collect inforrmation which should be protected by law.
I sleep better at night not thinking about such things.So, not knowing about spying makes everyone happier? Sheesh.
At least from what I've looked up, the US doesn't use Pegasus and is actually victim to it. Not to say any US agencies conduct invasive/violating practices, but in this regard I do not believe they are invested in NSO.A and C are valid, B is silly. The US goes after European, Japanese, S Korean, Taiwanese, Australian, and, yes, Israeli, etc companies all the time for bad practices
The reason the DOJ wont go after NSO has nothing to do with Israel, it’s because they use and are heavily invested in NSO’s tools. Same reason why Palantir, an American company, doesnt face much scrutiny
Guardian:At least from what I've looked up, the US doesn't use Pegasus and is actually victim to it. Not to say any US agencies conduct invasive/violating practices, but in this regard I do not believe they are invested in NSO.
So point B isn't silly. Especially considering how NSO is more or less a state-sponsored company.
You're right, I was going off of this: https://www.whitehouse.gov/briefing...pyware-that-poses-risks-to-national-security/