The spy war in your pocket

From: POLITICO's Digital Future Daily - Thursday Jul 07,2022 08:01 pm

Jul 07, 2022

With help from Derek Robertson

WhatsApp displayed on an iPhone. | Justin Sullivan/Getty Images

Mobile phones are becoming more essential and more powerful. But they aren’t keeping up with phone spyware, which is getting more aggressive and harder to detect.

As it does, an unsettling vision of the future is arising: One where we all carry surveillance devices without intending to.

It sounds dystopian, but that future is more or less arriving now. The mobile devices of politicians, human rights defenders, journalists, and other individuals have been compromised — all by so-called Pegasus spyware made by Israeli company NSO Group, which the Commerce Department blacklisted last year. This advanced spyware can be installed on devices through what are called “zero-click” vulnerabilities, where the spyware installs itself without the targeted individual clicking on a malicious link or doing anything to activate it. And once Pegasus has infiltrated a phone, there’s no easy way to tell it’s there.

So who’s protecting you? Mobile-phone makers are some of the biggest and most sophisticated software makers on the planet, and they're worried.

"A world where nobody can trust the phone in their pockets…that’s such a dangerous world," says Shane Huntley, the director of Google’s Threat Analysis Group.

Apple took steps Wednesday to secure devices of users targeted by spyware, including launching “Lockdown Mode,” which blocks most message attachments, further secures web browsing, and blocks incoming calls if the user hasn’t previously interacted with the caller. Apple will offer up to $2 million bounties to threat researchers who find vulnerabilities in Lockdown Mode.

Google warns customers whose devices are compromised by spyware, and keeps its Google Play Protect program updated to alert customers about potentially dangerous apps on their phones. Verizon claims to use anti-spyware software to protect devices.

NSO claims that Pegasus can’t be used with U.S. numbers, but the danger has already grown well beyond a single company. Google has said it is tracking more than 30 groups selling vulnerabilities or surveillance capabilities. And last month, Google said Italian company RCS Labs was behind spyware found on phones in Italy and Kazakhstan.

As politicians find their phones at increasing risk of compromise and spyware rises to the public’s attention, there may be a role for Capitol Hill to play.

Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, told me that Congress needs to pass legislation “to set enforceable cybersecurity standards” for mobile devices, force the Federal Communications Commission to require phone companies to patch vulnerabilities and sanction spyware companies like NSO.

“The U.S. government can do a lot to fight back against foreign hackers, predators and criminals who use spyware to stalk Americans,” Wyden said. “Unfortunately, its response has been far too little, far too late to protect American families or our national security.”

leading the pac

CEO of FTX Sam Bankman-Fried testifies during a hearing.

Sam Bankman-Fried testifies during a hearing before the House Financial Services Committee. | Alex Wong/Getty Images

As crypto money has become a force in American tech and finance, so it has in politics — on both sides of the aisle.

After last week’s primaries in Illinois and elsewhere, Stephanie Murray of crypto news outlet The Block recapped the successes and failures of some of the most high-profile crypto-funded PACs, including FTX founder Sam Bankman-Fried’s prolific Protect Our Future PAC.

So far, the results for crypto money have been mixed: In Illinois, where Protect Our Future spent nearly $1 million on Congressional races, three of the Democrats they backed advanced to the general election. But Protect Our Future’s Republican-assisting counterpart, the American Dream Federal Action PAC founded by FTX Digital Markets co-CEO Ryan Salame, spent big (more than $2 million) on Illinois Rep. Rodney Davis’ losing effort against Trump-backed Rep. Mary Miller.

Bankman-Fried has quickly become crypto’s most prominent political actor, giving $16 million to various PACs in April alone. His preferred candidate in a high-profile May primary in Oregon, Carrick Flynn, lost a Democratic Congressional nomination to a more experienced state legislator, but not before raising the profile of the philosophy of effective altruism that Flynn and his benefactor both share. — Derek Robertson

afternoon snack

A pencil, paper, and some dice: Futuristic, the technology behind the tabletop RPG “Dungeons and Dragons” is not. So why wasn’t the game invented until the 1970s? Did people during the Great Depression have some inherent aversion to quasi-randomized make-believe?

The scientist and writer Samuel Arbesman posed that question in a blog post yesterday, positing that the game might have been partially inspired by the 1972 publication of “The Limits to Growth,” a seminal work of futurism based on a then-sophisticated simulations of world demographic and agricultural trends. If we could simulate something that vast and complicated with 1970s-era supercomputers, Arbesman’s reasoning goes, it would then be just a minor leap to imagine a little capsule world on the tabletop, powered by a handful of polyhedral dice.

One problem with the theory: his readers quickly pointed out that the history of tabletop gaming long predated “The Limits of Growth,” with the use of six-sided dice dating back as far as the 19th century. Most of the formalized role-playing that predated D&D was centered around less fantastical worlds, however, like that of the board game Diplomacy, and even some experimentation with the military uses of role-playing carried out by the RAND Corporation, as the writer Jon Peterson points out in his history of the genre “Playing at the World.”

Still, Arbesman’s fixation on “The Limits to Growth” is timely, although maybe not for the reasons he intended. The book recently saw its 50th anniversary, inspiring scientists to look back and re-evaluate the challenges and rewards of trying to predict the future. — Derek Robertson

The Future In 5 Links

More context on the awkward, unexpected crossroads at which the U.S. chip manufacturing push finds itself.
Take a swing around the country and check in with the municipalities that have wholeheartedly embraced crypto.
The U.K. is testing the use of drones to operate its energy grid.
Celsius wasn’t the only company to freeze withdrawals amid the crypto crash.
A jury might soon have to decide whether AI is liable in an autonomous vehicle-related death.

Stay in touch with the whole team: Ben Schreckinger (bschreckinger@politico.com); Derek Robertson (drobertson@politico.com); Konstantin Kakaes (kkakaes@politico.com); and Heidi Vogt (hvogt@politico.com). Follow us on Twitter @DigitalFuture.

If you’ve had this newsletter forwarded to you, you can sign up here. And read our mission statement here.

Magnifying the Innovation Need – July 21 Event : We’re teaming up with MeriTalk for the inaugural MerITocracy 2022: American Innovation Forum, which will feature bipartisan Congressional and agency leaders and technology’s leading edge of thinkers. Join America’s most innovative minds as we look under the magnifying glass to examine some of the largest and most enduring problems around policy and technology. Save your seat by clicking here.