Monday Brief for 26 July 2021

Tech Terms

Antivirus (an·ti·vi·rus) — Software designed to detect and destroy computer viruses.

The down-low on NSO Group

What’s New: An Israeli “spyware” company is getting a lot of attention and is accused of helping governments to track and abuse journalists, activists, and others.

Why This Matters: The NSO Group’s capabilities and business model have been hotly debated for years, but recent reporting is drawing new attention to the company’s activities.

Key Points:

• Originally started as a customer service platform for mobile phones, Shalev Hulio and Omri Lavie pivoted to cyber surveillance after being asked to help law enforcement in 2009, according to the Washington Post.

• Hulio and Lavie had built an effective way for mobile phone carriers to access their customers’ phones via a simple SMS link. Law enforcement officials asked them to repurpose this tool so that police could gain access to the phones of terrorists, pedophiles, and other criminals.

• Since then, NSO Group has been accused of helping governments in Saudi Arabia, Dubai in the U.A.E., Mexico, and others to spy on and to track private citizens and even journalists.

• Last week, it was reported that NSO Group had hacked at least 37 mobile phones belonging to human rights activists, business leaders, journalists, and two women close to murdered Saudi journalist Jamal Khashoggi.

“There is one thing I want to say: We built this company to save life. Period,” said Hulio. “I think there is not enough education about what a national security or intelligence organization needs to do every day in order to give, you know, basic security to their citizens. And all we hear is this campaign that we are violating human rights, and it’s very upsetting. Because I know how much life has been saved globally because of our technology. But I cannot talk about it.”

• According to an investigation by the Washington Post and 16 other news organizations, the 37 compromised phone numbers are among a list of more than 50,000 targeted numbers concentrated in countries whose governments are known NSO Group clients.

• Hulio said, “If even one is true, it is something we will not stand as a company,” and that the company was still investigating the list of numbers.

• The investigating consortium claims it has identified more than 1,000 people from the 50,000 number list — including multiple Arab royals, 65 business executives, 85 human rights workers, 189 reporters, and more than 600 politicians and government officials.

What I’m Thinking:

• NSO’s troubles are not new. As far back as 2017 the FBI was looking into NSO Group to see if the company had gotten any of its code from American hackers — which would possibly run afoul of U.S. law. The Bureau began its investigation after Facebook accused the company of exploiting a WhatsApp vulnerability to hack 1,400 users.

• Law enforcement is also a key customer. While NSO Group has had its share of legal questions, law enforcement regularly turns to companies like this for help. For example, the FBI reportedly turned to another Israeli company when it wanted access to the phone of the San Bernardino shooter.

• Seller beware. Obviously, a company’s customers matter when it comes to staying on the up-and-up. Helping the FBI track a human trafficker is different than assisting a government to track and “disappear” a journalist. But knowing when you’re doing the one and not the other can be difficult when working with a lot of governments. Even more, there’s no guarantee once a government gets these capabilities for legitimate use that they will not also be used for more nefarious applications.

• Accountability is key. There’s no way the U.S. government can keep companies from developing these capabilities and, as we’ve seen, the government often needs this help from the private sector. Things get even more difficult when the service provider is outside of the United States. Even so, privatized surveillance and human rights violations at scale cannot be normalized. Even if NSO Group is completely innocent of these accusations, there are plenty of companies who can and do commit such crimes. This reality is just another example of how the internet is shifting capabilities that were once the exclusive domain of the State into the private sector.

DeepMind’s AlphaFold AI is changing science

What’s New: London-based DeepMind is close to predicting the structure of the entire human proteome — the more than 20,000 potential proteins whose instructions are contained within our DNA, according to the company.

Why This Matters: The new AI, called AlphaFold, is accurately predicting 3D models of protein structures and could dramatically accelerate every field of biological study.

Key Points:

• Billions of tiny protein “machines” are inside every cell in our body. These machines cause neurons to fire, our eyes to see light, and our unique genetic “instructions” to be read.

• In fact, these machines underpin every biological process in every living thing.

• It is currently believed that there are more than 100 million distinct proteins and each has its own 3D shape that determines what it does and how it works.

• But, figuring out the shape and function of a protein is a slow and expensive process. In fact, we can only describe and explain a tiny fraction of known proteins.

• The AlphaFold AI is now enabling researchers to predict the 3D shape of proteins with high accuracy — potentially allowing the description and study of many more proteins in a much shorter amount of time.

• This, in turn, will allow us to understand and treat disease more quickly and effectively while also unlocking deeper secrets about how life itself works.

“What took us months and years to do, AlphaFold was able to do in a weekend,” said John McGeehan, Professor of Structural Biology and Director of the Center for Enzyme Innovation at the University of Portsmouth.

• Even more, DeepMind is making their AlphaFold database of protein structures open and free for researchers around the world.

• The science nerds can click here to get the technical download.

What I’m Thinking:

• It’s amazing what AI will help us to know. I often speak about the hype surrounding AI and will often try to sprinkle in a healthy dash of realism in the midst of our age’s rampant techno-idealism. But, I do believe many of AI’s promises will be realized and that this new “general-purpose technology” is going to have a decisive impact on virtually every industry and field of study — especially healthcare and life sciences.

• It’s also amazing how much we still don’t know. Innovations like this one rightly inspire awe in human ingenuity and knowledge. But they should also provoke humility. Proteins were first described by Dutch chemist Gerardus Johannes Mulder in 1838 and, 183-years later, we’re still not really clear on how many there are and how they work. It’s good for man to be reminded of his limitations and of the vastness and majesty of the created order. It is when we lose this perspective that innovations like these are misapplied and abused.

• Of course, this also brings dangers. As is always the case, scientific advancements like this can be applied to threaten, as well as defend, human life. The insights generated by AlphaFold are no different. Biotechnologies are on the short list of “things that keep me up at night.” Mostly because our ability to splice genes, to modify biology, and to build synthetic organisms greatly exceeds our understanding of the implications of these abilities. This is why we cannot allow Sarin attacks in Japan, chlorine bombs in Syria, and Russian chemical and biological attacks in London to be normalized. Unfortunately, the technology to build and to wield these weapons is running rampant and I suspect biotech non-proliferation will be a growing policy concern in the near-future.

Beijing complains after getting called out

What’s New: Chinese media are reacting after the United States and other nations publicly attributed a series of cyber attacks to Beijing and aligned criminal groups.

Why This Matters: The Chinese Communist Party (CCP) is (somewhat) sensitive to public critique and its response to last week’s call-out is another example of how Beijing is quick to complain and escalate whenever it gets the slightest pushback.

Key Points:

• As discussed in last week’s Briefing, the Biden administration led a group of governments in publicly blaming China for the recent Microsoft Exchange hack and other serious cyber attacks.

• In response, China’s English-language Global Times (a CCP mouthpiece) published a post calling the attribution “ridiculous,” “slander,” and “a huge lie.”

• The post also warned of “retaliation” if Washington and others pursued sanctions or any form of cyber attack.

“The vicious accusations made by Washington have almost destroyed any trust between China and the US in the field of cyberspace,” according to the article. “Their mutual suspicion is bound to significantly increase. There will be a higher probability that both sides could misjudge that the other side is launching cyber attacks.”

What I’m Thinking: While “naming and shaming” is not a sufficient response, it is a critical part of our national efforts to contain China’s cyber aggression. In fact, we need to do more of this and to be prepared for the attendant CCP whining and threats that will surely follow. That is not to say, however, that we should be indifferent or ignore Beijing’s complaints and threats. China is not unable to respond or to exercise its own type of coercive diplomacy. Even so, we have set out on a policy of confrontation with the CCP and that demands that the United States will, in fact, confront China with its misdeeds and irresponsible behavior. So, to all my sensitive friends in the CCP: Sorry, not sorry.

Let’s Get Visual

Nerd Humor

Quick Clicks

• The Pentagon is bolstering its AI to hack itself

• China is weaponizing cybersecurity research

• Russia & China want to control the internet, even as they censor it

• RUSI Report: Innovation and great power competition

• Man creates chatbot to mimic dead fiancé and experts warn the tech could be misused

That’s it for this Monday Brief. Thanks for reading, and if you think someone else would like this newsletter, please share it with your friends and followers. Have a great week!