Every time I heard from Pegasus I wonder why nobody is talking about how illegal this business is and how EU and other countries are talking nothing about the use of this.
The impression I have — and I’d be very interested to find out if I’m right or wrong — is that governments basically all spy on each other all the time, and they consider this normal and only problematic when it touches certain very specific projects.
Something about it being important to know the capabilities of your friends and your enemies, and to test the quality of your intelligence and counterintelligence assets before it becomes critical: you don’t want to start stupid wars you can’t win, nor waste money fighting wars to end the non-existent threat of non-existent WMDs.
I can’t tell the difference between espionage that gets overlooked, espionage that gets chest-thumping and wailing and gnashing of teeth, and espionage that gets kinetic responses, but I assume there must be such divisions.
You'd be wrong. All of the available evidence points to a tiered system, with some countries spying on everyone, some spying on very specific other countries, and some just not doing much at all.
Yes, you can claim that that last category just hasn't been caught yet. But there are some, like the US and Israel, that have been caught several times while others have, so far, escaped notice. Is Belgium so much smarter, or are they maybe just not doing as much?
And the funny thing is that most of the spies are actually known to each nation. Whenever you hear about country X has evicted Y number of "diplomats" from the embassy, that is just a few spies getting thrown out to make a point (and of course the evicted country will throw out a few spies in retaliation).
What has been interesting of late is the mass evictions of known Russian spies from even the smallest of nations like Belgium. And of course, Russian has been throwing out Western agents at an equal rate these last few weeks. There are a lot of spies on desk duty right now...
> The impression I have — and I’d be very interested to find out if
I’m right or wrong — is that governments basically all spy on each
other all the time
Yes. That's exactly what NSA, GCHQ, MI6 etc are tasked to do.[1]
The problem came when foreign intelligence got confused with domestic
intelligence. This is further compounded by the change in procurement
of specialist technologies that the army or government offices might
once have had. In the 80s a prime-minister would communicate with a
special "scrambler" (supplied by the security services and designed
against foreign espionage). Today everyone uses the same gear made in
China, and the market for offensive cyberweapons is both international
and privatised.
Here is a quote from [2]
"" For complex reasons the US embargo on Huawei, while looking like
a trade dispute, more or less proves this. Simply; western phones
have backdoors and remote controls for western governments. Chinese
phones have backdoors for Communist Party intelligence
apparatus. Each spies on their own citizens and everybody is happy
(except the citizens that end up in camps). It's the presence of the
other's spyware within the respective borders/markets that is the
problem, do you see?
So when these powers fell out, or failed to reach agreement on data
sharing, this escalated into an issue with clear symmetry. We see
that products by Apple, Google or Amazon are to be trusted no more
than Huawei handsets. Indeed, the safest phone for a Chinese citizen
is probably an Apple iPhone, whereas the safest phone for a western
civilian would be a Huawei, because historically, people are most
risk from their *own* government's domestic surveillance than a
foreign government's international surveillance. ""
The upshot of this is that offensive cyberweapons, which are
indiscriminate, persistent, reusable and infinitely replicatable at
near zero cost (all the worst qualities of a weapon on par with
bioweapons) affect all strata of society. Politicians, military
generals, schoolteachers and pizza delivery guys are equally exposed.
This marks a significant transition that blurs the boundaries between
civil and military war, as the current Russo-Ukraine conflict shows.
We're all soldiers now.
>how EU and other countries are talking nothing about the use of this
You mean the customers of such malware (even if not necessarily Pegasus in particular)?
E.g. the German government bought FinFisher licenses, the German federal police bought Pegasus licenses. France was reportedly in late talks with NSO to buy Pegasus when the latest scandal hit that included Pegasus apparently having been used against Macron (tho the French government denies it was about to buy Pegasus). The UK might have been a customer too - at the very least the UK government hosted NSO at a trade show.
Aside from buying spyware, governments are keen on spying not just on foreigners but also their own citizens, in the EU too, e.g. the EU Data Retention Directive [0] or the German "remote forensic software" which is commonly known as the "Staatstrojaner" ("state trojans") which is basically the same as Pegasus just in blue. Or in the UK Theresa May's "snooper charter" (which eventually became the "Investigatory Powers Act").
Note that Germany failed to buy Pegasus in 2017 because their in-house lawyers decided that it would be illegal to use. After a lot of back-and-forth, they did eventually sign a contract for modified version in 2021. That version was supposed to include changes making its use legal. It isn't quite known what the alterations were, but it's been speculated that data would have to match a case-specific wordlist to be exfiltrated, excluding, for example, irrelevant private data.
Finfisher was bought despite every legal expert they asked, including those they had on permanent payroll, saying it would be illegal to use. They later claimed they didn't use it only paid for the license.
They also said they'd only use a special Pegasus version that would be within the law, laws that they made and that then had to be severely limited later on by the Bundesverfassungsgericht (German constitutional court) again and again. If the government parties back then (one of which is still leading the new federal government coalition, both of which are leading different state legislators, 14 out of 16) had their way back then, things would be a lot worse.
If "they" (for various theys, as in federal government, state governments, federal/state police, intelligence services including internal ones such as the Verfassungsschutz and the MAD) actually did abide by the law is another matter E.g. they (intelligence services, in particular the BND) "helped" the US spy on German citizens including politicians via the XKeyscore program, and only admitted what was already known thanks to journalists, or even less actually, and didn't comment on anything else even when questioned by the German parliament, doing the whole "national security" yadayada or "I cannot recall".
In a day and age where government agencies write guides on how to carry out "parallel construction"[0], and after all that Snowden and others revealed, I am a bit skeptical when "they" tell the citizens that "they" only bought spyware but never used it, or only bought spyware with undisclosed modifications that allegedly made it lawful (under framework of law that indeed is of a questionable constitutionality in itself, and which had major parts struck or severely limited by courts) - a claim nobody was ever able to check thus far.
> wonder why nobody is talking about how illegal this business is and how EU and other countries are talking nothing about the use of this
The ground is shifting with Israel’s (albeit forced) hesitance to criticise Russia too loudly. Prior to a few weeks ago, maintaining security ties outweighed NSO’s nuisance factor. (In Europe. The U.S. is already fed up with NSO.)
Something about it being important to know the capabilities of your friends and your enemies, and to test the quality of your intelligence and counterintelligence assets before it becomes critical: you don’t want to start stupid wars you can’t win, nor waste money fighting wars to end the non-existent threat of non-existent WMDs.
I can’t tell the difference between espionage that gets overlooked, espionage that gets chest-thumping and wailing and gnashing of teeth, and espionage that gets kinetic responses, but I assume there must be such divisions.