Hey y’all, hope everyone had a restful and contemplative Thanksgiving reprieve.

Jumping back into the fold today, I want to discuss a relatively little-discussed development from last month that could have major ripple effects on police and government surveillance tactics. NSO Group, an Israeli software manufacturer I’ve been covering for the better part of five years and best known for creating the advanced spyware used to monitor countless dissidents and journalists worldwide, is now under new U.S. ownership. To put that in starker terms: A company whose “Pegasus” tool was allegedly linked to the dismemberment of a Saudi journalist is now taking direction from a Hollywood producer and a former Trump bankruptcy lawyer.

The move gives NSO (whose co-developer was reportedly linked to Israeli intelligence) a chance to lobby President Trump directly to remove its name from a Commerce Department trade blacklist that has hobbled its business. In return, a politically favored NSO could provide law enforcement agencies and a new cohort of ICE-aligned so-called “bounty hunters” with access to arguably the world’s most powerful commercial spyware tool. Maybe more importantly, it would allow law enforcement the freedom to operate with even greater autonomy from other, more publicly accountable government agencies.

“The last thing America needs is a spyware epidemic,” Citizen Lab researcher and long-time NSO investigator John Scott-Railton wrote earlier this month. “Bringing NSO Group out of the cold right now would also fatally defang US efforts to curb spyware proliferation.”

But first, a quick refresher on why this company is such notably figure in mercenary digital espionage.

Pegasus: a surveillance super weapon

NSO was founded in 2010 by engineers Niv Karmi, Shalev Hulio, and Omri Lavie. Their signature product, named after an all-seeing, winged horse from Greek mythology, transformed the cat-and-mouse game of online privacy almost overnight. While tools to intercept cell phone communications have existed for decades, the introduction of accessible, everyday end-to-end encryption, as seen in WhatsApp and iMessage, fundamentally readjusted that dynamic. For the first time, a large portion of the world’s population could reliably send sensitive information with some confidence that a snooper couldn’t intercept and read it before it reached its intended recipient.

For the typical person trying to conceal their identity, that might simply mean more peace of mind when sending a late-night nude or messaging their dealer. But for others, like persecuted politicians, dissidents, migrants, and high-profile activists, that added anonymity could mean the difference between freedom and a life confined to shackles. Repressive governments and their proxies targeting those individuals needed a solution: Pegasus was the answer.

In short, Pegasus works by taking over a target’s phone and granting full remote access. Once infected, attackers deploying the spyware can view a target’s texts, listen in on calls, and scroll through their photos. It can even remotely activate a device’s microphone and camera without the owner knowing, essentially turning the device into a surveillance bug. Crucially, because Pegasus compromises the device itself, it can access content both before encryption is applied and after it is decrypted on the phone.

Most people never know they have been compromised. While earlier versions of the malware infected devices by sending targets a socially engineered text message containing a malicious link, the company eventually developed what security researchers call “zero-click” attacks. As the name suggests, these shadowy attacks can infect a target’s device without the user ever having to click a link or download a corrupted file. This elusiveness makes Pegasus virtually impossible for the average person to defend against. It also makes it an ideal tool for spies to gather intelligence covertly over long periods of time.

It is difficult to determine the full extent of Pegasus’s reach, but some estimates place the number of phone numbers targeted at over 50,000. Citizen Lab, the leading digital forensics team tracking NSO Group, reports it has been used in at least 45 countries. Law enforcement and intelligence agencies have argued Pegasus is necessary to target criminals and terrorists, but numerous investigations by human rights organizations suggest that this is far from the full story. A 2021 report from Amnesty International, for instance, found that hundreds of reporters, activists, lawyers, politicians, and other members of civil society had been targeted by Pegasus. Hot spots include Mexico, Jordan, Bahrain, and El Salvador, each of which has grappled with well-documented and widespread human rights abuses.

Perhaps the best-known Pegasus case thought occurred in Saudi Arabia, with the alleged targeting of Washington Post columnist Jamal Khashoggi. Several phone numbers linked to Khashoggi’s family members were reportedly included on surveillance lists maintained by multiple NSO clients. Omar Abdulaziz, a close associate of Khashoggi and fellow critic of the Saudi government, claimed in a lawsuit that surveillance enabled by Pegasus was instrumental in the government’s decision to abduct and kill him after he entered a consulate building in Istanbul. The city’s top prosecutor detailed the events of the day, alleging Khashoggi was choked to death and dismembered with a bone saw. NSO, it’s worth noting, has repeatedly denied those reports

And while NSO long claimed it could not control how its customers deploy their products, the appeal of its technology is clear. Larger, resource-rich countries like the United States and China already maintain highly resourced espionage operations with tools equivalent to Pegasus. European Union member states, meanwhile, have stronger privacy laws that place firmer guardrails on how their intelligence agencies and law enforcement can deploy spyware (though a handful have reportedly considered using Pegasus in the past). This largely leaves a third group: authoritarian-leaning countries that wish to surveil dissidents but lack the technical capacity to do so themselves.

In other words, NSO might not actually be the one physically sifting through journalists intercepted text messages, but they surely must have known they were creating the conditions for that surveillance to occur.

Share

NSO’s fall from grace

It took some time, but ongoing reports of murdered journalists and secretly monitored government officials eventually caught up to NSO. In November 2021, the U.S. Commerce Department formally added NSO to its banned “Entity List” after the agency determined that its tools were credibly being used for authoritarian-style surveillance. That designation immediately prevented nearly all U.S. firms and individuals from working with or supplying NSO with components without prior government approval. Worse still for NSO, the Entity List designation also meant that its clients in numerous other countries, many of which rely on U.S. technology and internet services, were similarly restricted from using its products. At the time, I wrote for Gizmodo that the shakeup could cripple NSO’s business, and it nearly did.

But, like so many other figures with morally muddy recent histories, NSO saw an opportunity in President Trump, a leader comfortable letting past transgressions slide in the name of political expediency.

Which brings us to the topic of NSO’s unlikely new owners. Following months of speculation, a company spokesperson confirmed that NSO had received tens of millions of dollars (and gained controlling ownership) from an American investment group led by Robert Simonds, a film producer and financier perhaps best known for his work on 1990s-era Adam Sandler comedies. An unusual choice, to be sure, but what is even more interesting is who the new U.S. owners appointed to steer NSO’s ship.

Almost immediately, the company appointed close Trump ally David Friedman as its new Executive Chairman. Friedman was nominated by the president during his first administration to serve as the US ambassador to Israel and oversaw the diplomatic recognition of Jerusalem as the country’s capital. (He’s also a noted proponent of Israeli settlement expansion, for what it’s worth). Prior to that, Friedman worked as Trump’s personal bankruptcy attorney, reportedly playing a key role in helping the then-civilian Trump navigate bankruptcy proceedings for several casinos scattered around Atlantic City. Needless to say, the two go way back.

That close proximity to the president gives NSO a far greater chance of achieving a paramount business goal: having its name removed from the trade blacklist. President Trump could basically make that happen at any time with the stroke of a pen. But, if the past ten months are any guide, the president isn’t likely to handover his signature without receiving a weighty gift in return. Friedman, for his part, has stated that he believes NSO’s spy technology can help “achieve a better world.”

“If the administration, as I expect they’ll be, is receptive to considering any opportunity that might keep Americans safer, it will consider us,” he said in a recent interview with The Wall Street Journal.

How Pegasus could surveil ‘the enemy within’

NSO’s technology stack, and Pegasus in particular, is a near-perfect tool for the current administration to deploy in its ongoing and expanding domestic surveillance operations. Surreptitious access to the phones of migrants (and the lawyers or reporters who regularly communicate with them) could grant ICE and Customs and Border Protection unprecedented insight into where groups are organizing and hiding. The fear of undetectable monitoring could also pressure activists and critics of current immigration enforcement policies to self-censor or avoid entering the political fray altogether.

Pegasus could also add an additional, even more intensive layer to the administration’s ongoing social media surveillance program. The administration has stated that it monitors social media posts for content that “bear hostile attitudes” toward the country and may use that information as a basis for revoking visas. It’s not difficult to imagine a social media user flagged by one of the administration’s speech monitors then being targeted by Pegasus for more intensive surveillance. The targets for that surveillance aren’t limited to noncitizens, either, as the Brennan Center For Justice’s Faiza Patel and Matthew Ruppert explained in a recent blog post.

“Labeled as ‘domestic terrorists’ by the administration, these targets include anti-ICE protesters and anyone who allegedly funds them—all of them part of a supposed left-wing conspiracy to violently oppose the president’s agenda,” Patel and Ruppert write.

Any of those actions, should in theory require a search warrant. But there’s decent reason to believe the administration could easily find loopholes to sidestep that roadblock. Recent reports in Wired and 404 Media have detailed efforts by the administration to outsource more of its immigration investigation and enforcement effort to private contractors, which some lawmakers have critically referred to as “bounty hunters.” So far, these groups have reportedly received close to a third of a billion dollars.

These private firms, operating at arm’s length from federal government oversight, could easily purchase Pegasus and use it to conduct the kinds of quick, surreptitious surveillance for which ICE or local police forces may require court orders. (The legal precedents governing how “private investigators” can conduct digital surveillance are complex and vary from state to state). And since these contractors aren’t always operating under the scope of the Freedom of Information Act, it will be much more difficult for reporters and activists to petition for records.

In short, removing NSO from the entity list and permitting its use to spy on the domestic “enemy from within“ risks moving the US into that third category of country mentioned above. One where unaccountable private police monitor political dissent with a thin veneer of plausible deniability.

None of that is to say that current surveillance will simply cease to exist without NSO’s involvement. ICE and CBP have a plethora of tools currently at their disposal, as does the FBI and local law enforcement, which often share data and methods. Still, adding another, even-less publicly accountable layer to that structure, one fueled by a company linked to well documented abuses in numerous authoritarian regimes around the world, certainly wouldn’t be a move in the right direction.

In other news…

More on ICE’s efforts to outsource immigration tracking to private firms (Dell Cameron / Wired)

• A recent proposal includes sending $180 million to a company that would be charged with remote spying.

• Reports suggest that these companies—which include the notorious Blackwater military group, are being offered an “incentive-based pricing structure” tied to performance.

• “The filings outline a performance-based structure with bounty-like incentives: Firms will be paid a fixed price per case, plus bonuses for speed and accuracy, with vendors expected to propose their own incentive rates,” Wired writes.

Afghan man charged with federal crimes for making a TikTok post (Associated Press)

• Still developing, but one of the more extreme reactions so far to the recent National Guard shootings in D.C.

India’s telecom ministry is forcing smartphone owners to install a controversial state-run security app (Chiara Castro / TechRadar)

• Critics warn that the “Sanchar Saathi” app, intended as a citizen crime-tracking tool, could be used as a surveillance Trojan horse.

A growing number of US towns are turning their backs on Flock license plate readers (Faith Wardwell / Politico)

• These systems have been installed in more than 6,000 municipalities across the United States in recent years.

• But backlash over overly broad records requests tied to immigration-enforcement actions is causing residents in these areas to have second thoughts.

Pornhub is asking Apple and Google to verify age on device (AJ Dellinger / Gizmodo)

• Pornhub’s owners said that “site-based age-assurance approaches are fundamentally flawed and counterproductive.”

• The world’s most used porn site is currently blocked in 23 states.

• Something to watch in 2025: momentum around age verification is shifting toward placing greater pressure on leading smartphone makers.

The ‘The “Algorithm Accountability Act”’ is just online censorship by another name (Mike Masnick / TechDirt)

• Lawmakers, always eager to repeal Section 230 online speech protections, are now using Charlie Kirk’s name to push their agenda.

• “The bill would strip Section 230 protections from companies if it can be proven in court that they used an algorithm to amplify content that caused harm. This change means tech giants would “own” the harmful content they promote, creating a private cause of action for individuals to sue.‘

Big Tech’s strongest lobbying firm is suing Virgina over law limiting kids to one hour of social media (Emma Roth / The Verge)

• The bill, set to take effect on January 1, 2026, would require social media platforms to ensure that users under the age of 16 can’t use their services for more than 60 minutes per day.

• A law firm representing Meta, Google, and Amazon argues that the measure would violate the First Amendment and would force companies to require privacy-risking age verification for all users, not just those under 16.

That’s it for now.

Share

Honduran migrant Victor Díaz was lying in bed with his wife in Macon, Georgia during the early days of the second Trump presidency when a loud alarm blared. After frantically looking around their bedroom, the couple realized the piercing sound was coming from his Department of Homeland Security-issued ankle monitor. Amid the cacophony, Díaz heard a loud knock at the door. When he stepped outside, the father of three was immediately met by 10 uniformed Immigration and Customs Enforcement (ICE) agents there to detain him.

“It [the alarm] scared him, and he had no choice but to come out,” Díaz’s wife said in a translated interview with NotiVisión Georgia.

Elsewhere in the state, migrants were apprehended at their homes, on their way to work, and outside a church. Since then, thousands of others, including some US citizens, have been detained outside of Home Depots, construction sites, and as they walked out of courthouses. In many of those cases, ICE appears to have tracked individuals using electronic monitoring devices issued during the Biden administration. The devices were part of the “Alternatives to Detention” (ATD) program, initially designed to monitor migrants while their immigration cases moved through the backlogged court system.

Now, however, rights advocates and immigration attorneys told me the Trump administration appears to be using those same GPS-enabled ankle monitors—as well as smartphone apps, and wrist wearables—to locate and detain individuals. As a result, thousands of migrants enrolled in the ADT program are living in a state of constant anxiety, unsure if their tracking device will trigger an alarm and lead to their deportation. In some cases, migrants have been deported to countries they’ve never set foot in before.

A tool intended to streamline backlogged immigration cases, in other words, is now being deployed in the administration’s war on migrants.

“This program (ADT) is being weaponized to facilitate enforcement and raids,” Just Futures Law Senior Staff Attorney Laura Rivera told me earlier this year.

Evan Benz, a senior attorney at the Amica Center for Immigrant Rights, echoed that sentiment and said it’s likely the administration will continue targeting migrants with GPS trackers as deportation efforts progress.

“I think we could see larger-scale operations against people who have been enrolled in ADT in the future, unfortunately,” Benz said.

DHS and ICE did not respond to requests for comment. The Trump administration also didn’t respond. not

How Alternatives to Detention Program (ADT) works

The ADT program, launched in 2004, saw a surge in enrollment in recent years. An estimated 182,600 people were enrolled in 2022, up from 66,000 in 2021. DHS data shows the numbers continued to climb through 2023 as border crossings hit a record high, before plateauing in 2024. And while reliable government data on just many people are currently in the system remains murky, a memo obtained by The Washington Post over the summer revealed ICE is being instructed to shackle migrants in ADT with ankle monitors “whenever possible.”

ADT uses various mobile surveillance technologies to monitor migrants as they await their immigration proceedings. Some migrants in ADT complete these checks-in physically at ICE offices, but often the process involves a biometric face scan completed via a phone app called SmartLink. That software, like the ankle monitor worn by many on ADT, can determine a migrant’s GPS location. A smaller, but growing cohort of migrants on ADT are given a biometrics “VeriWatch” wrist wearable that resembles commercial smartwatches. Enrolled people are often theoretically allowed to live and work at home or with family during this time but they must regularly check in with ICE to confirm they haven’t left the pre-approved areas where they’re permitted to travel.

These devices give ICE near 24/7 monitoring capabilities. Rivera says private contractors working with DHS are required to include a “demand locate” function and a reporting mode that allows officials to obtain an immediate, real-time location fix. DHS is also exploring a continuous reporting mode that would automatically provide location updates in real time or at least every 30 seconds, she added. That’s likely responsible for the alarms migrants heard before their arrests. Díaz’s wife claims her husband never missed a check-in and that the alarm was unlike anything they had heard before.

The frequency of those check-ins, Rivera said, varies widely—ranging from a few times a year to daily. One thing remains consistent: failing to check in at the assigned time or location can lead to physical detention. And while ATD is technically an “opt-in” program, experts told me migrants rarely feel they have a real choice when the alternative is being detained.

“They are choosing between being surveilled by ICE in a non-detained setting and reuniting with their family or being kept in a cage for many months,” Benz said. “You have to wonder how much agency and actual choice there is.”

Leave a comment

Like any technology, these tools can malfunction. University of Dublin Assistant Professor and surveillance expert Geoff Boyce told me of a case where the SmartLink app fails to recognize a user’s face through no fault of their own. Benz, meanwhile, recounted cases where their surveillance tools falsely alerted an ICE agent a migrant was crossing state lines when they were actually sitting at home. An estimated 90% of people wearing ankle monitors have reported experiencing some form of physical harm, everything from cuts and bruises to electric shocks and infections.

“Those technological glitches can add up to violations of the program,” Benz said, “In theory could lead to lead detention for having violated the terms of the ATD.”

While the Biden administration reportedly used these tools occasionally to detain migrants, experts say the Trump administration’s aggressive actions mark a significant shift in tactics. Boyce said he believes the current president is “building on infrastructure” established under the Biden administration.

“The scale of implementation of these surveillance systems is really a legacy of the Biden administration,” Boyce said. “Biden expanded these programs.”

Share

How the Trump administration target migrants on ADT

Experts worry the Trump administration could use ADT technology to target larger groups of migrants. These concerns grew after DHS rescinded a 2021 directive against raids in “protected areas” like churches, schools, and hospitals. Once ICE identifies a target in one of these locations—or places like businesses—a policy known as “collateral arrests” allows agents to detain other migrants they encounter, even if they weren’t the initial targets.

”If they [ICE] are searching for one person who they want to detain, they can also question anyone else in the vicinity,” Benz said. “And if they determine that they’re undocumented or subject to removal, they can also detain those people in the vicinity.”

“It’s actually a very efficient tool in some ways to locate not just an individual, but potentially other acquaintances, or family members, who might be in the area,” he added.

Boyce, the professor, worries these policy changes, coupled with a renewed push to track migrants on ADT, could encourage ICE to launch broad “phishing expeditions.” In late January, ICE agents seemingly used this shift in policy to detain Wilson Rogelio Velasquez Cruz, a Honduran immigrant attending church with his wife and children in Tucker, Georgia. Velasquez Cruz’s wife told local affiliate WSB-TV that her husband received a call from ICE during the service. When he didn’t answer, agents allegedly triggered an alarm on his ankle monitor. When Velasquez Cruz stepped outside to avoid disturbing the service, ICE agents were waiting for him. His wife says her family sought asylum at the U.S. border two years ago after fleeing violence in Honduras.

This new reality presents migrants enrolled in ADT with a difficult dilemma: continue providing regular location details that may lead to their eventual arrest or abandon their surveillance tech and risk immediate detention. Rivera said she was prohibited from advising clients to disregard laws or rules but noted that individuals being surveilled by ICE need to “weigh their risks.”

“We see now that it’s possible for ICE to target anyone who’s not a US citizen and possibly ensnare people who are US citizens,” Rivera said.

In other news…

ICEBlock, a crowdfunding app that lets people report sightings of ICE agents, has been removed from Apple’s App Store (Joseph Cox / 404 Media)

• Just the latest examples of tech companies cowing to pressure from the federal government.

• DOJ Secretary Pam Bondi, who urged tech companies to remove the app, claims it is designed to put ICE agents at risk just for doing their jobs. Critics say that the argument essentially categorizes masked federal law enforcement as a “vulnerable” group.

ICE is purchasing vehicles with fake cell towers built into them (Lorenzo Franceschi-Bicchierai / TechCrunch)

• “Cell-site simulators” can trick nearby phones into connecting to them which then gives law enforcement more perceived ability to track them. Some versions can intercept texts, calls, and internet traffic.

Flock license plate readers were used to track a Texas woman who self-administered an abortion (Jason Koebler, Joseph Cox / 404 Media)

• Police previously claimed they were tracking the woman for her safety, but a new report shows they had conducted a so-called “death investigation” related to the fetus.

The FAA may be using a drone ban in Chicago to censor ICE reporting (Jay Stanley / ACLU)

• Similar temporary “no-fly zones” have been used to suppress reporting on past protests in Ferguson, Missouri, and Portland.

• “Blocking drone operations by reporters while allowing other non-governmental flights is unconstitutional,” Stanley writes. And we can’t give government the power to block drone photography of newsworthy events simply by claiming a need to fly their own aircraft in an area or claiming the existence of vague ‘security threats.’”

Doorbell camera company Ring is interested is exploring adding facial identification feature (Lauren Forristal / TechCrunch)

• The new feature could help find lost pets or arrest your neighbor.

ICE wants to build a 24/7 social media surveillance team (Dell Cameron / Wired)

• The agency wants to hire nearly 30 contractors to “sift through posts, photos, and messages—raw material to be transformed into intelligence for deportation raids and arrests.”

Facebook owner Meta says it will use AI chatbot logs to create targeted ads (Meghan Bobrowsky / The Wall Street Journal)

• It turns out “AI God” might actually look like a cardigan-wearing Don Draper.

That’s it for now.

Hey everyone. It’s been quite a while since I’ve written here. Obviously, much has happened since then.

There were multiple occasions over the past few years where I considered, and in a few cases even started, the process of reviving this newsletter. But there was always just enough friction present to keep that eager kindling from sparking.

This year is different. I started this blog prior to the pandemic era as a kind of idealistic thought experiment. “The State of Surveillance” was a conceptual warning: an esoteric abstraction that only actually occurs in far-off lands or the fictionalized pages of Orwell novels.

That’s no longer the case. I’m not here to suddenly place the weight of the world’s calamities on the shoulders of the current president or political moment. Such a gesture would be both unhelpful and untrue. In reality, the bedrock foundation for the maturing surveillance state has been decades in the making. President Trump just so happens to have broken the seal and proven willing to use the tools at the government’s disposal to their most aggressive ends. And there’s a sizable chunk of the people eager to have him do so.

If you disagree with that general assessment, that’s fine. Just know, this publication won’t spend time carrying water for the administration’s half-baked argument for attacking civil liberties. I’ll state their claims, but I won’t bend my mind trying to translate them into coherence.

All of that preamble is a lengthy way of saying that I feel increasingly motivated to try and bear witness to the specific issue of tech surveillance in our current moment. Like everyone else, I find keeping up with news can seem overwhelming and daunting. The goal here is to make this a one-stop shop for everything you need to know in this particular corner of the news. I’ll try to make my point of view apparent, but not give opposing arguments short shrift. I hope that in an era of mass distrust and uncertain information, you can feel confident that I’m doing my best to give you the “straight shit.” That’s the hope, at least.

To start things off, I’ll be sending out a reported story tomorrow about ICE detentions I started work on earlier this year. Some of the details may feel slightly dated, but I thought it was a good place to rebound, since it points out the ways past policy has empowered the current administration’s draconian actions.

Stay tuned y’all

Hello again everyone and happy Friday. I wanted to quickly let y’all know that my podcast cohost Jonah and I have released a new episode of The Future is Ow where I go into more depth on the Apple CSAM story I’ve been covering in the newsletter. You can listen to the episode here. Please consider subscribing!

In addition to the Apple news, we dive into a recent widely read ProPublica piece that revealed a previously unknown group of around 1,000 WhatsApp content moderators who have the ability to read some users’ private messages. This story, though still significant, left many commentators claiming WhatsApp had broken encryption. Jonah and I discuss whether that was really the case.

Additionally, I also give my two cents around Texas’ recent abortion bill, which is single-handedly transforming legislation around the US and stripping women of abortion access before many of them even know they are pregnant.

I’ll see y’all around soon for another edition of the newsletter.

Share The State of Surveillance

Hello again everyone! Just a quick reminder to check out this newsletter’s sister podcast, The Future is Ow, anywhere you get podcasts. You can check out our latest episode on Apple Podcasts here or at SoundCloud below.

Alright, with that out of the way, let’s get going!

Today’s Big Story: Apple Walks Back CSAM Detection System...for Now

Well, this is a change of pace. In a techno futurist world often seemingly hellbent on forward movement in spite of collateral damage, it’s rare to see the tides of resistance reel in the surveillance sea. Yet, that’s exactly what happened last week, though as we’ll get into, the change may represent more of an ephemeral reprieve than a codified decree. 

As discussed at length in a previous issue of this newsletter, Apple recently revealed its plans to release an image detection tool called NeuralHash which works by scanning (though Apple disagrees with the framing) images on a user’s device and cross-references them against a database of known child sexual abuse media (CSAM) files maintained by the National Center for Missing & Exploited Children. 

If enough similarities between the hashes are flagged and if a threshold of 30 images is met, the user’s data is then reviewed by an Apple employee and eventually passed along to law enforcement if necessary. This scanning impacts images being uploaded to iCloud, but the scanning itself takes place locally on a user’s device, a marked departure from previous CSAM prevention method. The effrt was the focal point of a cascading wave of backlash, including from 90 civil and digital rights organizations who called on Apple to send the tools to pasture. 

Ultimately, Apple is trying to strike some sort of middle ground by providing an alternative to scanning iCloud images in totality, but as multiple privacy advocates quickly pointed out, such a tool could potentially be co-opted by authoritarian governments around the world to scan for images other than CSAM material. And though Apple has repeatedly said it won’t expand its nueralHash tool beyond CSAM material, as soon as a government passes legislation requiring Apple to do otherwise the company will have no choice but to comply. 

Edward Snowden@Snowden

No matter how well-intentioned, @Apple is rolling out mass surveillance to the entire world with this. Make no mistake: if they can scan for kiddie porn today, they can scan for anything tomorrow. They turned a trillion dollars of devices into iNarcs—*without asking.*

Edward Snowden @Snowden

🚨🚨 Apple says to "protect children," they're updating every iPhone to continuously compare your photos and cloud storage against a secret blacklist. If it finds a hit, they call the cops. iOS will also tell your parents if you view a nude in iMessage. https://t.co/VZCTsrVnnc

2:23 AM · Aug 6, 2021

---

9.65K Reposts · 24.3K Likes

Which leads us to last week. On Friday, followings weeks of push back and a volley of back and forth debates, Apple announced it would delay the feature’s rollout. Here’s Apple’s statement per CNBC: 

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material,” the company said in a statement. “Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”

That’s a major reversal from just a few weeks ago where Apple appeared determined to ram through the tools in spite of mounting opposition. But this “reversal” really should have never had to happen in the first place. 

One of the primary concerns around Apple’s new tools had nothing to do with the technology itself, but instead with its surreptitious rollout approach. News of the features (which would place digital fingerprints of known CSAM material on every iPhone) wasn’t made widely known until a researcher risked his reputation to leak the details. What’s more, Apple, widely regarded as a bulwark for privacy amongst an increasing surveillance sympathetic tech landscape, refused to reach out to any critical member of civil society to weigh in on the update prior to launch. 

Still, the news was met with cautious optimism from privacy and security experts including former Facebook CSO Alex Stamos. “I think this is a smart move by Apple,” Stamos told Wired. “There is an incredibly complicated set of trade-offs involved in this problem and it was highly unlikely that Apple was going to figure out an optimal solution without listening to a wide variety of equities.” 

In addition to the scanner delay, Apple said it’s also pumping the brakes on an AI system that it had developed to identify explicit images sent and received by users under 13 and subsequently send an alert to the account holder (usually a parent). For context, many advocates warned this feature risked potentially outing queer or trans children or could run others afoul with abusive parents.

✨Yael Grauer ✨@yaelwrites

My 1st thoughts on Apple’s CSAM solution: I’m concerned that it’ll be easy for criminals to bypass, will exacerbate sexual abuse in people’s homes, will out queer kids to their homophobic parents, and will compromise everyone else. So add my voice to the “screeching minority.” 🗣

7:12 PM · Aug 8, 2021

---

20 Reposts · 89 Likes

Though news of the delay represents a significant victory for privacy advocates, not all welcomed the decision. Child safety groups, including the National Society for the Prevention of Cruelty to Children (NSPCC) admonished Apple for giving in to pressure. 

“This is an incredibly disappointing delay,” Andy Burrows, the NSPCC’s Head of Child Safety Online Policy, told The Guardian. “Apple were on track to roll out really significant technological solutions that would undeniably make a big difference in keeping children safe from abuse online and could have set an industry standard.”

Andy Burrows@_andyburrows

This is incredibly disappointing. @Apple had adopted a proportionate approach that sought to balance user safety and privacy, and should have stood their ground.

Tim Bradshaw @tim

Just in: Apple delaying CSAM system: "Based on feedback from customers, advocacy groups, researchers & others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features."

1:39 PM · Sep 3, 2021

---

3 Reposts · 6 Likes

A Temporary Ceasefire

Apple’s delay is significant in that the company is finally acknowledging its refusal to listen to critics, but the debate over the technology and its rollout are far from over. In announcing its delay, Apple also implicitly confirmed its unwavering intention to move forward with the tool in some capacity. And as others have pointed out, it’s unclear how any such scanning tool could exist without fundamentally altering the dynamics of encryption and privacy as we know it.

Matthew Green, the original researcher who leaked the features, suggested Apple could limit the scanning simply to shared iCloud accounts as opposed to individuals’ devices but even that comes with its own set of privacy tradeoffs. 

Delays and conversations are of course welcome, but one is left with the lingering feeling that Apple is simply buying time, hoping to step outside the news cycle before reintroducing the features to a less acutely hostile audience. 

It’s with that in mind that the Electronic Frontier Foundation, one of the most vocal groups opposing the new tools, came out and immediately called on Apple to abandon the new tools entirely. 

“EFF is pleased Apple is now listening to the concerns,” the organization wrote, “but the company must go further than just listening, and drop its plans to put a backdoor into its encryption entirely.”

Why Now? 

While researching this story and hashing out the details with friends, I was struck by the sense that all of this felt quite unique. As a writer coming to age in wake of September 11th and amid a gushing wave of techno optimistic fervor, it often felt as if Silicon Valley behemoths and the titans of the US state security apparatus regularly passed familiar ground, both regularly escaping scrutiny and constantly heralded as benevolent caretakers of society.  

But eventually, things started to change. The wars dragged on, the body counts rose, city after city were reduced to rubble, only to have an invading force retreat nearly two decades later, leaving its experiment largely the same as it was once before. It’s no wonder then that public trust in the military has tanked to near record lows. 

In a similar vein, the lacquered pedestal Big Tech once stood upon has gradually been swept away, revealing a figure increasingly guided not by utopian visions of increasing human flourishing but by acts of transparent deception. I’d wager this unraveling ramped up with the Snowden revelations, but its continued to metastasis with regularly scheduled horrors, from the Cambridge Analytica scandal in 2018, to a Facebook-fueled genocide in Myanmar and followed up by the storming of the US capitol by mislead retrogrades. 

Said more bluntly, tech companies (and just about every other once hallowed institution) are hemorrhaging trust.

Bruce Mehlman@bpmehlman

In Tech We Trust... Less (Edelman Trust Barometer)

1:36 PM · Mar 31, 2021

---

3 Likes

Don’t take it from me. This same point was made in a recent report from global communications firm Edelman’s which found public trust in tech companies was at its lowest point on record, both in the US and more generally in 17 of 27 markets surveyed. 

Much of this rapid decline in trust can be traced back to comprises made over user privacy. According to Edelmans, 34% of adults surveyed worldwide viewed data privacy as a social issue brands should address … and yet users are still constantly being let down. 

That has consequences. A separate survey from research firm Geneys found that misusing or abusing personal data was the top reason respondents would lose trust in a company. And last year, over half (52%) of US adults said they decided not to use a product or service based on fears how about much personal information would be collected about them, with 15% describing sharing general personal information as “problematic,” per Pew Research. 

With all these figures in place in starts to make more sense why the time was right for a major social backlash to Apple’s CSAM scanner. As one of the few companies to draw a line in the sand in favor of privacy, the reversal came as a feeling of betrayal to many. Though it seems likely Apple will still roll out this feature in some capacity in the coming months, the bigger story here that’s less talked about is just how much the global demand for privacy has shifted in recent years. If this had happened five or ten years ago, I doubt we would have seen the same level of resistance.

What that means for the future though remains to be seen. While everyday users appear to see the value of digital privacy, governments and companies all around the world are moving in the opposite direction. At some point, these two opposing forces are destined to clash, and what comes out the other side is still anyone’s guess.

BMD

Here’s What Else is New

Facebook released its Ray-Ban style “smart” glasses 

• Users will be able to take photos and videos with two onboard 5 megapixel cameras and listen to audio through built-in speakers. 

• The public has known about the glasses for years and during that time Facebook has repeatedly lowered the bar in terms of what to expect from their actual technical ability. 

• These are not AR glasses in any meaningful way and to call them smart is a stretch. In reality, they are little more than a slight aesthetic improvement from Snapchat’s first pair of Spectacles released years ago. 

• Even if the glasses amount to little more than a small GoPro, they do still present a huge privacy issue that has so far been left unanswered. Who gave Facebook the okay to return every one one of its customers into a walking CCTV camera? 

• Lucas Matney, TechCrunch

The LAPD are regularly collecting and monitoring social media information from suspects they stop 

• The document, obtained by the Brennan Center for Justice found the officers regularly monitor the content with little oversight. 

• LAPD is also building a new tool called Media Sonar, “which can build detailed profiles on individuals and identify links between them.” 

• In the past, the LAPD has reportedly used Twitter analysis to track the movements of anti-Trump protesters on May Day per the Verge.

• Mary Pat Dwyer, The Brennan Center For Justice 

Australia’s high court ruled media sites can be held liable defamatory comments left on their site 

• The move may force media companies and social media sites to heavily police or entirely remove public comments in order to avoid facing litigation. 

• For a sense of the scale of the issue, David Rolph, a professor of law at the University of Sydney, said the ruling “may mean anyone who runs a social media page can theoretically be sued over disparaging comments posted by readers or random group members — even if you aren’t aware of the comment.”

• The ruling is a reminder of what could happen if US legislators make good on their claims to want to revoke Section 230 protections. 

• James Vincent, The Verge

That’s it for now. See y’all next week!