jamal khashoggi – Techdirt (original) (raw)

Court Tosses Lawsuit Against NSO Group Brought By Murdered Journalist Jamal Khashoggi’s Widow

from the may-eventually-find-justice-but-not-by-going-this-route dept

Jamal Khashoggi, a dissident journalist often critical of the Saudi government, was murdered by Saudi government agents while inside the Saudi consulate in Istanbul, Turkey. He wasn’t just murdered. His body was dismembered. All of this was captured by hidden recording devices placed by the Turkish government in the Saudi consulate.

The Saudi government is — or at least, was — a customer of Israeli exploit developer, NSO Group. For years, NSO Group sold its powerful phone malware to some of the world’s most notorious human rights abusers. On that list is the Saudi government — a point it drove home by luring legal US resident (and Washington Post journalist) Jamal Khashoggi to its consulate for the sole purpose of erasing him from human existence.

NSO knew who it was selling to. It just didn’t care. It didn’t care until several months of increasingly negative coverage forced multiple countries to issue sanctions, open investigations, and — in the case of its homeland — finally restrict which countries it could sell to.

This has also led to NSO being sued multiple times by people targeted by its spyware as well as by US tech companies whose infrastructure and communication services were used to infect targeted devices.

NSO Group will be walking away from at least one lawsuit, though. Hanan Elatr, Khashoggi’s widow, sued NSO, along with Q Cyber Technologies, another malware manufacturer. Elatr alleged multiple injuries stemming from the infection of her two phones by NSO’s Pegasus malware, a zero-click exploit. These infections were confirmed by Toronto’s Citizen Lab, which has uncovered dozens of similar infections of journalists, dissidents, government critics, and human rights advocates over the past few years.

Among the violations listed in Elatr’s suit are violations of Virginia’s Computer Crimes Act and the CFAA. On top of that, there are counts of negligence and intentional infliction of emotional distress. Elatr alleges her phones were infected to make it easier for the Saudi government to locate Jamal Khashoggi, an effort that ultimately resulted in his murder by Saudi security personnel.

Unfortunately, as horrific as this crime was, there’s no reason to believe NSO Group was complicit, at least not in the legal sense. NSO Group’s business model is unethical. But it’s not illegal. And it can’t be held directly responsible for the acts of its customers, especially when there’s a lot of missing connective tissue between selling malware to the Saudi government and the Saudi government deciding to murder someone on foreign soil.

Sure, NSO is obviously aware it’s been selling oppression enhancement software to some of the worst people on earth. And while it’s capable of comprehending the damage it’s helping create, it is not (at least I hope it isn’t) conspiring with foreign governments to commit acts of brutality.

Whether or not NSO can even be considered legally culpable in any way for acts of violence by its customers isn’t up for debate in this case. The real problem with this lawsuit is there’s nothing connecting NSO Group, the Saudi government, and the murder of a journalist on (technically) Saudi soil located in Istanbul, Turkey. On top of that, most of the detected infections of Hanan Elatr’s phones appeared to have been initiated by the United Arab Emirates government, another one of NSO’s detestable customers.

NSO moved to dismiss the lawsuit, first by claiming it had “derivative sovereign immunity” as a foreign company. The court notes this argument just doesn’t work, having already been rejected by the Ninth Circuit Appeals Court when NSO attempted to escape the lawsuit brought by WhatsApp. The Foreign Sovereign Immunities Act (FSIA) does not cover private companies. It’s as simple as that.

More to the point is the lack of jurisdiction. It doesn’t really matter what either party argues. There’s nothing tying any of them to Virginia other than Elatr’s current residence in Virginia. Since the alleged phone infections occurred in 2018, when Elatr was located in Dubai working as a flight attendant for Emirates Airlines, none of the alleged injuries were sustained in Virginia.

Despite alleging that the surveillance was ongoing in this district, and that NSO Group “and its clients” targeted plaintiff, the Complaint fails to include any non-conclusory allegations regarding how long and where plaintiff had been living in the district, and how NSO Group specifically participated in the surveillance of her phones while she was in Virginia, as opposed to the conduct that may have happened while she was overseas or travelling for work as flight attendant for Emirates Airlines. Nor does the Complaint allege facts that counter defendants’ argument that non-party Saudi and Emirati governments were using the Pegasus technology to surveil plaintiff.

On top of that, there’s no evidence NSO Group had anything to do with the targeting of Elatr. It provided the malware, but the targeting was done by foreign governments that aren’t named as defendants. (Sovereign immunity would likely apply if they were.)

While the court doesn’t particularly care for NSO Group’s repeated assertions it’s indistinguishable from the Israeli government in terms of immunity, it also says it can’t be sued in Virginia. It may not even be able to be sued at all by Khashoggi’s widow, no matter where the legal action is filed, because it did not infect her phones, nor did it directly engage in surveillance of her devices.

Khashoggi’s widow will have to seek justice elsewhere. But given the shamelessness of the Saudi government and its unwillingness to take responsibility for a murder it ordered, it’s unlikely going after the murderers directly is going to result in anything more than years of frustration.

Filed Under: cfaa, hanan elatr, jamal khashoggi, liability, saudi arabia, spyware, surveillance
Companies: nso group, q cyber technologies

Elon Seems To Think The Cruelest Thing He Can Do To People… Is To Pretend They Want To Associate With Him

from the lords-and-peasants-redux dept

Let’s start this post out by noting that a key reason Elon Musk said he was getting rid of the legacy Twitter verification system was that it was arbitrary and unfair and created a “lords and peasants” scenario. Keep that in mind, because you’re going to want to remember that by the end of this article.

Anyway… what a weird few days on Twitter. Late last week, Twitter finally got around to doing the thing Elon Musk had promised would happen at several earlier dates (including a firm deadline promised at the beginning of April): remove the “blue checkmarks” from those who were legacy verified accounts.

As we’ve detailed over and over again, Elon’s nonsensical decision to combine Twitter Blue and Twitter “verification” (loosely speaking) never made any sense. It misunderstands the point of verification as well as undermines the value of Twitter Blue. It’s kind of self-defeating, and basically most people recognize this. It’s why he’s struggled to get most people to sign up for it.

As part of the great removal, Musk seemed to think that maybe it would push those legacy verified accounts to pay up. That, well, didn’t happen. Travis Brown, a researcher who’s been the most thorough in tracking all of this and had created a database of the over 400,000 legacy verified accounts, noted that as the blue checks were removed… a net total of 28 new Twitter Blue accounts were created.

Yes. Just 28. That’s net total, meaning that somewhat more than 28 people who had been legacy verified signed up, but a bunch of people also canceled their Twitter Blue account, so when you net it out, it was plus 28. Which is… nothing.

Again, as we’ve pointed out repeatedly, there are all sorts of things that Elon Musk could have done to make Twitter Blue worth subscribing to. But, instead, he focused on the “blue check” as if that was valuable. It was never valuable. And by changing it from a verified to a “this mfer paid for Elon’s Twitter” badge, he actually devalued it massively.

Either way, this resulted in a pretty stupid Twitter war, in which some people started pushing a kinda silly “Block the Blue” campaign, urging Twitter users to block anyone with the blue checkmark. And then Elon supporters with the blue checkmark went on an equally silly campaign to yell at people for not giving a billionaire $8. Frankly, neither side looked particularly good in all of this.

But, into that mix came chaos in the form of (of course) Elon Musk.

First, a few people noticed that a few celebrities who had very, very publicly stated that they would not pay for Twitter Blue were showing up as having paid “and verified” by their phone number. This included LeBron James and Stephen King among others. Elon admitted in a response to King that he had gifted him a Twitter Blue account:

Musk separately admitted that he was “paying for a few personally” to give them a Twitter Blue account, though he later said it was just LeBron James, Stephen King, and William Shatner — all three of whom had very publicly stated they had no interest in paying.

This made me wonder if he was opening himself up to yet another lawsuit. Given how much Elon has basically turned paying for Twitter Blue into an “endorsement” of the new Twitter and Elon himself, putting that label on the accounts of people who have not paid for it and don’t seem to want it could violate a number of laws, including the Lanham Act’s prohibition on false endorsement as well as a variety of publicity rights claims.

In general, I’m not a huge fan of publicity rights claims, because they are commonly used by the rich and powerful to silence speech. The original point of publicity rights laws was to stop false endorsement claims, whereby a commercial entity was using the implied association of a famous person to act as a promotion or endorsement of the commercial entity or its products.

Which, uh, seems to be exactly what Musk was doing in paying for Blue for some celebrities.

Separately, there are a bunch of questions about how this might violate EU data protection laws, but we’ll wait and see how the EU handles that.

Of course, then things got stupider. Remember the deal with Elon Musk: it can always get stupider.

As that “Block the Blue” campaign started getting more attention (and even started trending on Twitter), Musk gave the ringleaders of the campaign Twitter Blue. Yes, you read that right. Musk gave the people who were telling everyone to block anyone with a blue checkmark… a blue checkmark. And then admitted it by joking about how he was a troll.

Of course… as Twitter user Mobute noted, this is Musk admitting that the trolliest insult he can think of is to say someone is associated with him and his company:

Seems… kinda… like a self own?

Anyway, a few hours later, people started noticing that a ton of other accounts of famous people also started showing up with Twitter Blue despite not paying for it, nor wanting it. Some people said that it was being given to anyone with over 1 million followers, though there were some other accounts with fewer that got it and said they didn’t want it, like Terry Pratchett.

Still, it seemed that most accounts suddenly getting Blue without paying, requesting, or verifying their phone numbers had a million or more followers. And this included a large number of dead celebrities, where Twitter claims (if you click on their blue checkmark) that they paid and verified their phone number, which is pretty hard to do when you’re dead. There were lots of people who fell into this camp, including Chadwick Boseman, Norm MacDonald, Michael Jackson, and the aforementioned Terry Pratchett.

Oh, and Jamal Khashoggi, who was somewhat famously murdered by the Saudi government. I get the feeling he did not, in fact, confirm his phone number.

There have been questions about the publicity rights of dead people, and I’m a strong believer in the idea that publicity rights go away after death. But, you know, it’s still a bad look.

The end result though, is bizarre. Even as Musk is claiming that “everyone has to pay the same” that’s clearly no longer true:

He’s literally handing them out for free (1) based on levels of fame via follower counts (2) if he just decides to arbitrarily or (3) to troll people.

Which, you know, his site, he can do whatever the fuck he wants, but remember what I said up top? His entire reason for going down this path was to get rid of the arbitrary check mark system that created a “lords and peasants” setup where people deemed notable by Twitter got a check mark, and he was bring back “power to the people.”

But… as seems to keep happening, Elon Musk brings back a system he decried as stupid, but brings it back in a much stupider, and much worse, manner. So now there’s still an arbitrary lords and peasants system, but rather than one where at least someone is trying to determine if a person is notable and needs to be verified, it’s now an arbitrary cut-off on followers, or if Elon thinks it’s funny. Which seems way more arbitrary and stupid than the old system.

Filed Under: block the blue, checkmarks, elon musk, false endorsement, jamal khashoggi, lebron james, publicity rights, stephen king, twitter blue, william shatner
Companies: twitter

Intelligence Agencies Sued For Refusing To Turn Over Documents Related To Jamal Khashoggi's Brutal Murder

from the letting-the-passage-of-time-do-the-dirty-work dept

The shocking and brutal murder of Washington Post journalist Jamal Khashoggi by members of the Saudi Arabian government late last year was breathtaking in its audacity and execution. Lured to the Saudi consulate in Turkey by Saudi government officials, Khashoggi was strangled and dismembered by a team of Saudi security operatives.

Khashoggi was a legal resident of the United States, in self-imposed exile from Saudi Arabia as a result of the government’s treatment of dissidents. As a lawful resident, Khashoggi was technically protected by the many of the same laws and rights US citizens are. While the US government limits those rights and protections when legal residents (but not citizens) travel out of the country, the US intelligence community still bears a “duty to warn” lawful residents of any violent threats against them.

The IC knew Khashoggi was a target of the Saudi government. It knew Riyadh had “something unpleasant” waiting for Khashoggi should he return to Saudi Arabia. A plan to lure Khashoggi back to Saudi Arabia was intercepted by US intelligence. No one knows whether Khashoggi was ever warned by US intelligence of these plans.

The Committee to Protect Journalists — along with the Knight Institute — wants to know if any attempts were made to inform the murdered journalist of Saudi Arabia’s plans. So far, the Office of the Director of National Intelligence has refused to publicly comment on the IC’s “duty to warn.” These two entities have filed FOIA requests seeking info about the IC’s duty to warn Jamal Khashoggi, asking each of the IC’s five components to release documents detailing their actions/inactions. These were filed shortly after news broke of Khashoggi’s murder. So far, none of the agencies have handed over any documents.

As the Knight Institute points out, there definitely should be documents related to Khashoggi and the government’s “duty to warn.”

Intelligence Community Directive 191 provides that, when a U.S. intelligence agency acquires information indicating an impending threat of intentional killing, serious bodily injury, or kidnapping directed at a person, the agency must “warn the intended victim or those responsible for protecting the intended victim, as appropriate.” The directive further obligates the agencies to “document and maintain records” on any actions taken pursuant to that duty.

“Document” is a key part of “document and maintain,” but so far, the IC agencies haven’t turned over any documents, or even admitted they have any. All five agencies have rejected the request for expedited processing and most haven’t even gotten around to deciding whether or not a fee waiver applies. So, the two entities have sued [PDF], hoping to jolt the Intelligence Community out of its complacency.

Documents pertaining to the IC’s duty to warn are extremely newsworthy… right now. The IC knows this just as much as the plaintiffs know this. But the IC has much more to gain by stonewalling these requests. If these agencies failed to pass on information to Khashoggi — in effect allowing him to end up in the hands of people who wanted him dead — it’s not going to reflect well on the IC. The longer it takes for the news to get out, the greater the chance a new obscenely-disturbing incident will grab the attention of the American public and allow it to walk away from any dereliction of duty unscathed.

If it does have documents and it did warn Khashoggi of the Saudi government’s plans for him, it would make little sense to withhold these facts and allow public perception to fill the void. But the IC tends to indulge in secrecy for secrecy’s sake, viewing frustrated requesters, Senators, and Congresspersons as a reward in itself.

Filed Under: duty to warn, foia, jamal khashoggi, journalism, state department, transprarency, us government
Companies: committee to protect journalists, knight institute

Israeli Exploit Developer Caught Negotiating Spyware Sales With Saudi Government

from the got-'em-right-in-the-optics dept

More ugly news has surfaced about Israeli malware developer NSO Group. Over the past year, investigations have uncovered sales of phone-targeting spyware to countries known mostly for their human rights violations. Even less questionable governments have purchased NSO’s software ostensibly for law enforcement purposes only to use it to target activists, journalists, and government critics.

There’s no telling how US agencies will deploy this malware, but there’s no question federal entities like the DEA think NSO spyware would be a useful addition to their investigative tool kits. The US government doesn’t appear to be worried about getting in bed with tech companies willing to sell software to blacklisted countries, so NSO Group is still a viable option.

Haaretz has obtained information showing NSO is willing to sell its exploits to its own enemies. Unfortunately, Haaretz has also decided to paywall its discovery, so we’ll be pointing you to the Times of Israel’s reporting instead.

An Israeli company that specializes in cyber espionage tools reportedly negotiated a multi-million-dollar deal with Saudi Arabia to sell a technology that allows governments to hack their citizens’ cellphones, and to listen to calls as well as conversations that take place near the phones.

Representatives from the Herzliya-based NSO Group held meetings with Saudi officials in Vienna and, apparently, also in a Gulf State to negotiate a $55 million sale of their Pegasus 3 software, the Haaretz daily reported on Sunday.

These negotiations occurred shortly before Mohammed bin Salman kicked his purge machinery into high gear. Unfortunately, the documents (which surfaced due to a lawsuit filed against NSO by an employee who says the company screwed him on commissions) don’t say whether or not the Saudi government chose to purchase this software and/or whether it was used to help MBS hunt down his political opponents.

From what has been seen, NSO tried to play it both ways while negotiating a deal with the Saudis. It refused to identify the person behind an anti-government Twitter account but did offer to demonstrate the effectiveness of tools designed to hijack targets’ cellphones.

In response to the recent stream of criticism, NSO Group also tried to have it both ways:

The NSO Group has insisted in the past that it sells its software to clients on the condition that it be used only against crime and terrorism, and has shirked responsibility in cases where it was allegedly used for civil rights abuses.

“We made them promise to only use the tools for good” is a pretty weak defense of sales to countries like Uzbekistan and Kazakhstan. And it certainly doesn’t excuse approaching the Saudi government with tools NSO certainly knew would not be used for good. Then again, our president just made it clear no amount of murdered journalists is going to stand in the way of selling weapons to Mohammed bin Salman’s government, so there’s really no taking the high road in international relations should it be discovered the Saudi government is using Israeli tools to hunt down dissenters… or Israeli natsec personnel.

Filed Under: espionage, exploits, israel, jamal khashoggi, journalists, mohammed bin salman, saudi arabia, spying
Companies: nso group