Author: Nicholas Weaver / Source: Lawfare
It is with deliberate contempt that I describe vendors of “lawful” interception malcode such as Hacking Team, FinFisher, and NSO group as ascribing to the “Wehrner von Braun School of Rocketry”. They state that selling exclusively to governments frees them from responsibility as to how the tools are misused, on the assumption that all state use abides by the laws of the jurisdiction. But tool misuse by state actors has implications beyond any particular jurisdiction. That’s in part because of negative “fate-sharing”, where the legitimate investigations of certain states and entities can be compromised by actual or even potential misuse of the tools by licensed third parties.
Google’s recently announced takedown of the “Lipizzan” Android malware illustrates this principle in action. The company detected a new piece of spyware that initially operated as fake applications in the Google Play store. Having detected this spyware, Google proceeded to use its tools to automatically remove it…
Click here to read more