by Edward Snowden, published on Continuing Ed, July 26, 2021
I found this little article by Snowden rather entertaining. Of course I used to be a computer programmer so this isn’t news to me. What Ed neglects to mention here is that many of the same insecurities exist in the modem your internet provide gives you, your router and Alexis and any other wireless remote control device you may use to monitor your home. Of course this only affects you when you are home. [jb]
The first thing I do when I get a new phone is take it apart. I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate. Fixing the hardware, which is to say surgically removing the two or three tiny microphones hidden inside, is only the first step of an arduous process, and yet even after days of these DIY security improvements, my smartphone will remain the most dangerous item I possess.
Prior to this week’s Pegasus Project, a global reporting effort by major newspapers to expose the fatal consequences of the NSO Group—the new private-sector face of an out-of-control Insecurity Industry—most smartphone manufacturers along with much of the world press collectively rolled their eyes at me whenever I publicly identified a fresh-out-of-the-box iPhone as a potentially lethal threat.
Despite years of reporting that implicated the NSO Group’s for-profit hacking of phones in the deaths and detentions of journalists and human rights defenders; despite years of reporting that smartphone operating systems were riddled with catastrophic security flaws (a circumstance aggravated by their code having been written in aging programming languages that have long been regarded as unsafe); and despite years of reporting that even when everything works as intended, the mobile ecosystem is a dystopian hellscape of end-user monitoring and outright end-user manipulation, it is still hard for many people to accept that something that feels good may not in fact be good. Over the last eight years I’ve often felt like someone trying to convince their one friend who refuses to grow up to quit smoking and cut back on the booze—meanwhile, the magazine ads still say “Nine of Ten Doctors Smoke iPhones!” and “Unsecured Mobile Browsing is Refreshing!”
In my infinite optimism, however, I can’t help but regard the arrival of the Pegasus Project as a turning-point—a well-researched, exhaustively-sourced, and frankly crazy-making story about a “winged” “Trojan Horse” infection named “Pegasus” that basically turns the phone in your pocket into an all-powerful tracking device that can be turned on or off, remotely, unbeknownst to you, the pocket’s owner.
Here is how the Washington Post describes it:
In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by anyone willing to put money in the hand of this new Insecurity Industry. The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that occupy the red-hot intersection of a Venn Diagram between “desperately craves the tools of oppression” and “sorely lacks the sophistication to produce them domestically.”
An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled.
Edward Snowden is a former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013 when he was an employee and subcontractor for the Central Intelligence Agency (CIA). His disclosures revealed numerous global surveillance programs, many run by the NSA with the cooperation of telecommunication companies. Snowden now blogs on Substack at Continuing Ed.