🚨BREAKING: @Microsoft @Google @Cisco @LinkedIn @github @VMware & @InternetAssn joining the @WhatsApp v. #NSOGroup case w/an Amicus brief THREAD 1/
2. Brief begins with #NotPetya attack. Says: Shows how dangerous and damaging it can be when attack tools proliferate. Notes number of states that can develop such tools v. limited & NSA still protected by longstanding principles of sovereign immunity from liability...
2. Brief begins with #NotPetya attack. Says: Shows how dangerous and damaging it can be when attack tools proliferate. Notes number of states that can develop such tools v. limited & NSA still protected by longstanding principles of sovereign immunity from liability...
2. Brief begins with #NotPetya attack. Says: Shows how dangerous and damaging it can be when attack tools proliferate. Notes number of states that can develop such tools v. limited & NSA still protected by longstanding principles of sovereign immunity from liability...
2. Brief begins with #NotPetya attack. Says: Shows how dangerous and damaging it can be when attack tools proliferate. Notes number of states that can develop such tools v. limited & NSA still protected by longstanding principles of sovereign immunity from liability...
2. Brief begins with #NotPetya attack. Says: Shows how dangerous and damaging it can be when attack tools proliferate. Notes number of states that can develop such tools v. limited & NSA still protected by longstanding principles of sovereign immunity from liability...
3. ...court must decide whether to "radically expand" risks from attack tools by immunizing private spyware developers. If even NSA couldn't keep #EternalBlue from leaking, what chance is there that tools made & used indiscriminately won't spiral out of control.
4. As more govs. purchase sophisticated hacking tools the risk of proliferation spiraling out of control and threatening all of our security grows & is compounded because some of them are more likely to engage in "riskier behaviors".
5. [Editorializing for a tweet] interesting rebuttal to the common spyware dev. narrative that hacking tools are designed to be used 'surgically' and hence always under control by giving a real life case of 'surgical' tools being repurposed to take down a whole country.
6. Argument A1. Giving NSO & peers immunity would increase the number of Gov customers, fueling the proliferation of spyware & create large-scale systemic risk w/potential for disaster. Liability must be used to deter this business model that depends on violating US law.
6. Argument A1. Giving NSO & peers immunity would increase the number of Gov customers, fueling the proliferation of spyware & create large-scale systemic risk w/potential for disaster. Liability must be used to deter this business model that depends on violating US law.
6. Argument A1. Giving NSO & peers immunity would increase the number of Gov customers, fueling the proliferation of spyware & create large-scale systemic risk w/potential for disaster. Liability must be used to deter this business model that depends on violating US law.
6. Argument A1. Giving NSO & peers immunity would increase the number of Gov customers, fueling the proliferation of spyware & create large-scale systemic risk w/potential for disaster. Liability must be used to deter this business model that depends on violating US law.
7. A2: Expanding immunity to spyware devs will result in more newly discovered exploits flowing towards private actors & away from mechanisms used to ensure the security of society (e.g. Vulnerabilities Equities Process etc).
7. A2: Expanding immunity to spyware devs will result in more newly discovered exploits flowing towards private actors & away from mechanisms used to ensure the security of society (e.g. Vulnerabilities Equities Process etc).
7. A2: Expanding immunity to spyware devs will result in more newly discovered exploits flowing towards private actors & away from mechanisms used to ensure the security of society (e.g. Vulnerabilities Equities Process etc).
8. Argument B: Spyware devs & customers don't always have have good security. Tools can and do get stolen. Or reverse engineered. Some Govs may narrowly prioritize their interests above cybersecurity ecosystem and act and in ways that harm whole internet.
8. Argument B: Spyware devs & customers don't always have have good security. Tools can and do get stolen. Or reverse engineered. Some Govs may narrowly prioritize their interests above cybersecurity ecosystem and act and in ways that harm whole internet.
8. Argument B: Spyware devs & customers don't always have have good security. Tools can and do get stolen. Or reverse engineered. Some Govs may narrowly prioritize their interests above cybersecurity ecosystem and act and in ways that harm whole internet.
8. Argument B: Spyware devs & customers don't always have have good security. Tools can and do get stolen. Or reverse engineered. Some Govs may narrowly prioritize their interests above cybersecurity ecosystem and act and in ways that harm whole internet.
8. Argument B: Spyware devs & customers don't always have have good security. Tools can and do get stolen. Or reverse engineered. Some Govs may narrowly prioritize their interests above cybersecurity ecosystem and act and in ways that harm whole internet.
9. C: #NotPetya = tip of iceberg of kind of systematic harm to come from conferring immunity on spyware industry. Can take years to fix vulnerabilities & get implants off networks & devices. Some damage, like stolen materials, cannot be undone.
9. C: #NotPetya = tip of iceberg of kind of systematic harm to come from conferring immunity on spyware industry. Can take years to fix vulnerabilities & get implants off networks & devices. Some damage, like stolen materials, cannot be undone.
9. C: #NotPetya = tip of iceberg of kind of systematic harm to come from conferring immunity on spyware industry. Can take years to fix vulnerabilities & get implants off networks & devices. Some damage, like stolen materials, cannot be undone.
9. C: #NotPetya = tip of iceberg of kind of systematic harm to come from conferring immunity on spyware industry. Can take years to fix vulnerabilities & get implants off networks & devices. Some damage, like stolen materials, cannot be undone.
9. C: #NotPetya = tip of iceberg of kind of systematic harm to come from conferring immunity on spyware industry. Can take years to fix vulnerabilities & get implants off networks & devices. Some damage, like stolen materials, cannot be undone.
10. KEY TAKEAWAYS: #NSOGroup framed case as "public safety vs. privacy." The amicus shifts the frame by arguing that allowing companies like NSO to be exempt from liability is itself a serious threat to public safety.
11 'cont'd... this Amicus does *exactly* what you want from such a filing. Credible actors helping the court to understand the wider stakes of the case beyond the specific legal arguments.
12. Link to the full brief: https://blogs.microsoft.com/wp-content/uploads/prod/sites/5/2020/12/NSO-v.-WhatsApp-Amicus-Brief-Microsoft-et-al.-as-filed.pdf
You can follow @jsrailton.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.