Björn Finke, reporting for Süddeutsche Zeitung (original in German; I’m quoting here from Safari 15’s translation to English):
For example, these powerful companies must no longer prefer their
own services in search results, as Google did in the 2.4 billion
case. You may also not collect business data from independent
merchants on the platform and use it for your own offers, as
Amazon is accused of. And they must allow mobile phone users to
install other app stores and thus get more choice in mobile phone
programs. This will hurt Apple a lot. In the event of violations,
the Commission can intervene directly in the future without having
to prove market power and harmful consequences in long
Misguided, to say the least.
Parliament expanded the list of platforms to be viewed and
includes, for example, Internet-enabled TVs or voice assistants
such as Alexa. On the other hand, MEPs increased the thresholds
for sales to eight billion euros and the market value to 80
billion euros. This means that only Booking.com should be able to
fall under the law from Europe for the foreseeable future. MEP
Schwab argues that it is better for the Commission to focus on the
really large companies in the implementation and control of the
legal act. Critics warn, however, that the US government could
consider it an unfriendly act if the groundbreaking law hits
almost only American companies.
European regulations that are targeted, almost exclusively, at U.S. companies. You think that might be perceived here as “unfriendly”? You don’t say.
Another important addition to the Commission draft is that
Parliament wants to force gatekeepers to allow exchanges between
rival messenger services and social media. Then, for example, a
user could send a message from WhatsApp to the competitor Signal — this opening should also stimulate competition.
This nugget is under a sub-head that was translated to “Send a message from WhatsApp to Signal? No problem”. No problem at all. Probably will only take a few lines of code to get all the world’s messaging systems — including those using end-to-end encryption like Signal and WhatsApp (and iMessage) — talking to each other.
They should do another draft that mandates the invention of personal jet packs and flying cars, too.
Jeffifer Elias, reporting for CNBC:
The manifesto within Google, which has been signed by at least 600
Google employees, asks company leaders to retract the vaccine
mandate and create a new one that is “inclusive of all Googlers,”
arguing leadership’s decision will have outsize influence in
corporate America. It also calls on employees to “oppose the
mandate as a matter of principle” and tells employees to not let
the policy alter their decision if they’ve already chosen not to
get the Covid vaccine.
Wow, they made a list of the dumbest people at Google.
Don’t let the door hit you on the way out. And, to be clear, Google has somewhere north of 140,000 employees.
(I sure would like to read the actual “manifesto”, but I can’t find it.)
The opening paragraph:
Defendants are notorious hackers — amoral 21st century
mercenaries who have created highly sophisticated
cyber-surveillance machinery that invites routine and flagrant
abuse. They design, develop, sell, deliver, deploy, operate, and
maintain offensive and destructive malware and spyware products
and services that have been used to target, attack, and harm Apple
users, Apple products, and Apple. For their own commercial gain,
they enable their customers to abuse those products and services
to target individuals including government officials, journalists,
businesspeople, activists, academics, and even U.S. citizens.
It gets more strident from there.
I genuinely wonder what Apple’s goals are with this suit. Is it just to bring NSO Group’s activities to light? If this goes to trial, the testimony should really be something to see. How much in damages will Apple seek at trial? Enough to bankrupt NSO Group? (Don’t forget Facebook has an ongoing lawsuit against NSO Group for having exploited a bug in WhatsApp to install malware on targets.)
Apple’s legal complaint provides new information on NSO Group’s
FORCEDENTRY, an exploit for a now-patched vulnerability previously
used to break into a victim’s Apple device and install the latest
version of NSO Group’s spyware product, Pegasus. The exploit was
originally identified by the Citizen Lab, a research group at the
University of Toronto. [...]
NSO Group and its clients devote the immense resources and
capabilities of nation-states to conduct highly targeted
cyberattacks, allowing them to access the microphone, camera, and
other sensitive data on Apple and Android devices. To deliver
FORCEDENTRY to Apple devices, attackers created Apple IDs to send
malicious data to a victim’s device — allowing NSO Group or its
clients to deliver and install Pegasus spyware without a victim’s
knowledge. Though misused to deliver FORCEDENTRY, Apple servers
were not hacked or compromised in the attacks.
A couple of things are interesting about this. First, Apple repeatedly refers to the “FORCEDENTRY” exploit by name. This is not PR bullshit — they’re talking about a very specific exploit. Second, they refer to Android as their compatriot, not their competitor. There’s a time and place for Apple to brag about iOS being more secure than Android, but this isn’t it. The message here: “This isn’t just about us, NSO Group is after everyone.”
Lastly, the phrase “the immense resources and capabilities of nation-states”. This is Apple hammering home the fact that deliberate backdoors would be exploited. They’re up against countries with, effectively, infinite money and resources to find and exploit accidental vulnerabilities. If there were deliberate backdoors, the game would be over before it started.
Apple commends groups like the Citizen Lab and Amnesty Tech for
their groundbreaking work to identify cybersurveillance abuses and
help protect victims. To further strengthen efforts like these,
Apple will be contributing $10 million, as well as any damages
from the lawsuit, to organizations pursuing cybersurveillance
research and advocacy.
The New York Times story on this mentioned that Apple would be donating any damages from the lawsuit, if they win. It’s a nice touch that they’re donating $10 million no matter what happens in court. Citizen Lab and Amnesty Tech did crackerjack work exposing this exploit.
Apple is notifying the small number of users that it discovered
may have been targeted by FORCEDENTRY. Any time Apple discovers
activity consistent with a state-sponsored spyware attack, Apple
will notify the affected users in accordance with industry best
Nicole Perlroth, reporting for The New York Times:
Apple is also asking for unspecified damages for the time and cost
to deal with what the company argues is NSO’s abuse of its
products. Apple said it would donate the proceeds from those
damages to organizations that expose spyware. [...]
The sample of Pegasus gave Apple a forensic understanding of how
Pegasus worked. The company found that NSO’s engineers had created
more than 100 fake Apple IDs to carry out their attacks. In the
process of creating those accounts, NSO’s engineers would have had
to agree to Apple’s iCloud Terms and Conditions, which expressly
require that iCloud users’ engagement with Apple “be governed by
the laws of the state of California.” The clause helped Apple
bring its lawsuit against NSO in the Northern District of
Shades of nailing Al Capone for tax evasion.
Apple executives described the lawsuit as a warning shot to NSO
and other spyware makers. “This is Apple saying: If you do this,
if you weaponize our software against innocent users, researchers,
dissidents, activists or journalists, Apple will give you no
quarter,” Ivan Krstic, head of Apple security engineering and
architecture, said in an interview on Monday.
That is not — at all — how leaders at Apple usually speak in the press. Apple is not a hard or tricky company to read. They are furious about NSO Group.