Економіка

Israel’s Cognyte Software Ltd won a tender to sell intercept spyware to a Myanmar state-backed telecommunications firm a month before the Asian nation’s February 2021 military coup, according to documents reviewed by Reuters.

The deal was made even though Israel has claimed it stopped defense technology transfers to Myanmar following a 2017 ruling by Israel’s Supreme Court, according to a legal complaint recently filed with Israel’s attorney general and disclosed Sunday.

While the ruling was subjected to a rare gag order at the request of the state and media cannot cite the verdict, Israel’s government has publicly stated on numerous occasions that defense exports to Myanmar are banned.

The complaint, led by high-profile Israeli human rights lawyer Eitay Mack who spearheaded the campaign for the Supreme Court ruling, calls for a criminal investigation into the deal.

It accuses Cognyte and unnamed defense and foreign ministry officials who supervise such deals of “aiding and abetting crimes against humanity in Myanmar.”

The complaint was filed on behalf of more than 60 Israelis, including a former speaker of the house as well as prominent activists, academics and writers.

The documents about the deal, provided to Reuters and Mack by activist group Justice for Myanmar, are a January 2021 letter with attachments from Myanmar Posts and Telecommunications (MPT) to local regulators that list Cognyte as the winning vendor for intercept technology and note the purchase order was issued “by 30th Dec 2020.”

Intercept spyware can give authorities the power to listen in on calls, view text messages and web traffic including emails, and track the locations of users without the assistance of telecom and internet firms.

Representatives for Cognyte, Myanmar’s military government and MPT did not respond to multiple Reuters requests for comment. Japan’s KDDI Corp and Sumitomo Corp, which have stakes in MPT, declined to comment, saying they were not privy to details on communication interception.

Israel’s attorney general did not respond to requests for comment about the complaint. The foreign affairs ministry did not respond to requests for comment about the deal, while the defense ministry declined to comment.

Two people with knowledge of Myanmar’s intercept plans separately told Reuters the Cognyte system was tested by MPT.

They declined to be identified for fear of retribution by Myanmar’s junta.

MPT uses intercept spyware, a source with direct knowledge of the matter and three people briefed on the issue told Reuters although they did not identify the vendor. Reuters was unable to determine whether the sale of Cognyte intercept technology to MPT was finalized.

Even before the coup, public concern had mounted in Israel about the country’s defense exports to Myanmar after a brutal 2017 crackdown by the military on the country’s Rohingya population while Aung San Suu Kyi’s government was in power. The crackdown prompted the petition led by Mack that asked the Supreme Court to ban arms exports to Myanmar.

Since the coup, the junta has killed thousands of people including many political opponents, according to the United Nations.

Cognyte under fire

Many governments around the world allow for what are commonly called “lawful intercepts” to be used by law enforcement agencies to catch criminals but the technology is not ordinarily employed without any kind of legal process, cybersecurity experts have said.

According to industry executives and activists previously interviewed by Reuters, Myanmar’s junta is using invasive telecoms spyware without legal safeguards to protect human rights.

Mack said Cognyte’s participation in the tender contradicts statements made by Israeli officials after the Supreme court ruling that no security exports had been made to Myanmar.

While intercept spyware is typically described as “dual-use” technology for civilian and defense purposes, Israeli law states that “dual-use” technology is classified as defense equipment.

Israeli law also requires companies exporting defense-related products to seek licenses for export and marketing when doing deals. The legal complaint said any officials who granted Cognyte licenses for Myanmar deals should be investigated. Reuters was unable to determine whether Cognyte obtained such licenses.

Around the time of the 2020 deal, the political situation in Myanmar was tense with the military disputing the results of an election won by Suu Kyi.

Norway’s Telenor, previously one of the biggest telecoms firms in Myanmar before withdrawing from the country last year, also said in a Dec. 3, 2020 briefing and statement that it was concerned about Myanmar authorities’ plans for a lawful intercept due to insufficient legal safeguards.

Nasdaq-listed Cognyte was spun off in February 2021 from Verint Systems Inc, a pioneering giant in Israel’s cybersecurity industry.

Cognyte, which had $474 million in annual revenue for its last financial year, was also banned from Facebook in 2021.

Facebook owner Meta Platforms Inc said in a report Cognyte “enables managing fake accounts across social media platforms.”

Meta said its investigation identified Cognyte customers in a range of countries such as Kenya, Mexico and Indonesia and their targets included journalists and politicians. It did not identify the customers or the targets.

Meta did not respond to a request for further comment.

Norway’s sovereign wealth fund last month dropped Cognyte from its portfolio, saying states said to be customers of its surveillance products and services “have been accused of extremely serious human rights violations.” The fund did not name any states.

Cognyte has not responded publicly to the claims made by Meta or Norway’s sovereign wealth fund.
…

An upcoming U.S. Supreme Court case that asks whether tech firms can be held liable for damages related to algorithmically generated content recommendations has the ability to “upend the internet,” according to a brief filed by Google this week.

The case, Gonzalez v. Google LLC, is a long-awaited opportunity for the high court to weigh in on interpretations of Section 230 of the Communications Decency Act of 1996. A provision of federal law that has come under fire from across the political spectrum, Section 230 shields technology firms from liability for content published by third parties on their platforms, but also allows those same firms to curate or bar certain content.

The case arises from a complaint by Reynaldo Gonzalez, whose daughter was killed in an attack by members of the terror group ISIS in Paris in 2015. Gonzales argues that Google helped ISIS recruit members because YouTube, the online video hosting service owned by Google, used a video recommendation algorithm that suggested videos published by ISIS to individuals who displayed interest in the group.

Gonzalez’s complaint argues that by recommending content, YouTube went beyond simply providing a platform for ISIS videos, and should therefore be held accountable for their effects.

Dystopia warning

The case has garnered the attention of a multitude of interested parties, including free speech advocates who want tech firms’ liability shield left largely intact. Others argue that because tech firms take affirmative steps to keep certain content off their platforms, their claims to be simple conduits of information ring hollow, and that they should therefore be liable for the material they publish.

In its brief, Google painted a dire picture of what might happen if the latter interpretation were to prevail, arguing that it “would turn the internet into a dystopia where providers would face legal pressure to censor any objectionable content. Some might comply; others might seek to evade liability by shutting their eyes and leaving up everything, no matter how objectionable.”

Not everyone shares Google’s concern.

“Actually all it would do is make it so that Google and other tech companies have to follow the law just like everybody else,” Megan Iorio, senior counsel for the Electronic Privacy Information Center, told VOA.

“Things are not so great on the internet for certain groups of people right now because of Section 230,” said Iorio, whose organization filed a friend of the court brief in the case. “Section 230 makes it so that tech companies don’t have to respond when somebody tells them that non-consensual pornography has been posted on their site and keeps on proliferating. They don’t have to take down other things that a court has found violate the person’s privacy rights. So you know, to [say] that returning Section 230 to its original understanding is going to create a hellscape is hyperbolic.”

Unpredictable effects

Experts said the Supreme Court might try to chart a narrow course that leaves some protections intact for tech firms, but allows liability for recommendations. However, because of the prevalence of algorithmic recommendations on the internet, the only available method to organize the dizzying array of content available online, any ruling that affects them could have a significant impact.

“It has pretty profound implications, because with tech regulation and tech law, things can have unintended consequences,” John Villasenor, a professor of engineering and law and director of the UCLA Institute for Technology, Law and Policy, told VOA.

“The challenge is that even a narrow ruling, for example, holding that targeted recommendations are not protected, would have all sorts of very complicated downstream consequences,” Villasenor said. “If it’s the case that targeted recommendations aren’t protected under the liability shield, then is it also true that search results that are in some sense customized to a particular user are also unprotected?”

26 words

The key language in Section 230 has been called, “the 26 words that created the internet.” That section reads as follows:

“No provider or user of an interactive computer service shall be treated as the publisher of or speaker of information provided by another information content provider.”

At the time the law was drafted in the 1990s, people around the world were flocking to an internet that was still in its infancy. It was an open question whether an internet platform that gave individual third parties the ability to post content on them, such as a bulletin board service, was legally liable for that content.

Recognizing that a patchwork of state-level libel and defamation laws could leave developing internet companies exposed to crippling lawsuits, Congress drafted language meant to shield them. That protection is credited by many for the fact that U.S. tech firms, particularly in Silicon Valley, rose to dominance on the internet in the 21st century.

Because of the global reach of U.S. technology firms, the ruling in Gonzalez v. Google LLC is likely to echo far beyond the United States when it is handed down.

Legal groundwork

The groundwork for the Supreme Court’s decision to take the case was laid in 2020, when Justice Clarence Thomas wrote in response to an appeal that, “in an appropriate case, we should consider whether the text of this increasingly important statute aligns with the current state of immunity enjoyed by internet platforms.”

That statement by Thomas, arguably the court’s most conservative member, heartened many on the right who are concerned that “Big Tech” firms enjoy too much cultural power in the U.S., including the ability to deny a platform to individuals with whose views they disagree.

Gonzalez v. Google LLC is remarkable in that many cases that make it to the Supreme Court do so in part because lower courts have issued conflicting decisions, requiring an authoritative ruling from the high court to provide legal clarity.

Gonzalez’s case, however, has been dismissed by two lower courts, both of which held that Section 230 rendered Google immune from the suit.

Conservative concerns

Politicians have been calling for reform of Section 230 for years, with both Republicans and Democrats joining the chorus, though frequently for different reasons.

Former President Donald Trump regularly railed against large technology firms, threatening to use the federal government to rein them in, especially when he believed that they were preventing him or his supporters from getting their messages out to the public.

His concern became particularly intense during the early years of the COVID-19 pandemic, when technology firms began working to limit the spread of social media accounts that featured misinformation about the virus and the safety of vaccinations.

Trump was eventually kicked off Twitter and Facebook after using those platforms to spread false claims about the 2020 presidential election, which he lost, and to help organize a rally that preceded the assault on the U.S. Capitol on January 6, 2021.

Major figures in the Republican Party are active in the Gonzalez case. Missouri Senator Josh Hawley and Texas Senator Ted Cruz have both submitted briefs in the case urging the court to crack down on Google and large tech firms in general.

“Confident in their ability to dodge liability, platforms have not been shy about restricting access and removing content based on the politics of the speaker, an issue that has persistently arisen as Big Tech companies censor and remove content espousing conservative political views,” Cruz writes.

Biden calls for reform

Section 230 criticism has come from both sides of the aisle. On Wednesday, President Joe Biden published an essay in The Wall Street Journal urging “Democrats and Republicans to come together to pass strong bipartisan legislation to hold Big Tech accountable.”

Biden argues for a number of reforms, including improved privacy protections for individuals, especially children, and more robust competition, but he leaves little doubt about what he sees as a need for Section 230 reform.

“[W]e need Big Tech companies to take responsibility for the content they spread and the algorithms they use,” he writes. “That’s why I’ve long said we must fundamentally reform Section 230 of the Communications Decency Act, which protects tech companies from legal responsibility for content posted on their sites.”
…

A recently published report in a U.S.-based magazine says Iran is likely using facial recognition technology to monitor women’s compliance with the country’s hijab law.

While there are other ways people can be identified, Wired magazine says Iran’s apparent use of facial recognition technology against women is “perhaps the first known instance of a government using face recognition to impose dress law on women based on religious belief.”

Iran announced late last year that it would begin to use recognition technology to monitor its women.

Wired said that since the protests that have erupted across Iran following the death of a young women who was arrested for wearing her headscarf improperly, Iranian women are reporting that they are being arrested for hijab infractions a day or two after attending protests, even though they had no interaction with police during the protests.

Tiandy, a Chinese company blacklisted by the U.S., is a likely provider of facial recognition technology to Iran, although neither it nor Iranian officials responded to a request for comment from Wired.

The company has in the past listed the Iran Revolutionary Guard Corp and other Iranian police and government agencies as customers. Tiandy also boasted on its website that its technology has helped China identify the country’s ethnic minorities, including Uyghurs.
…