Resources

Maine Passes Facial Recognition

The new law prohibits government use of facial recognition except in specifically outlined situations, with the most broad exception being if police have probable cause that an unidentified person in an image committed a serious crime, or for proactive fraud prevention. Since Maine police will not have access to facial recognition, they will be able to ask the FBI and Maine Bureau of Motor Vehicles (BMV) to run these searches.

Crucially, the law plugs loopholes that police have used in the past to gain access to the technology, like informally asking other agencies or third parties to run backchannel searches for them. Logs of all facial recognition searches by the BMV must be created and are designated as public records. The only other state-wide facial recognition law was enacted by Washington in 2020, but many privacy advocates were dissatisfied with the specifics of the law. Maine’s new law also gives citizens the ability to sue the state if they’ve been unlawfully targeted by facial recognition, which was notably absent from Washington’s regulation. If facial recognition searches are performed illegally, they must be deleted and cannot be used as evidence.

A Government Watchdog May Have Missed Clearview AI Use By Five Federal Agencies

A government inquiry into federal agencies’ deployment of facial recognition may have overlooked some organizations’ use of popular biometric identification software Clearview AI, calling into question whether authorities can understand the extent to which the emerging technology has been used by taxpayer-funded entities. In a 92-page report published by the Government Accountability Office on Tuesday, five agencies — the US Capitol Police, the US Probation Office, the Pentagon Force Protection Agency, Transportation Security Administration, and the Criminal Investigation Division at the Internal Revenue Service — said they didn’t use Clearview AI between April 2018 and March 2020. This, however, contradicts internal Clearview data previously reviewed by BuzzFeed News.

In April, BuzzFeed News revealed that those five agencies were among more than 1,800 US taxpayer-funded entities that had employees who tried or used Clearview AI, based on internal company data. As part of that story, BuzzFeed News published a searchable table disclosing all the federal, state, and city government organizations whose employees are listed in the data as having used the facial recognition software as of February 2020. While the GAO was tasked with “review[ing] federal law enforcement use of facial recognition technology,” the discrepancies between the report, which was based on survey responses and BuzzFeed News’ past reporting, suggest that even the US government may not be equipped to track how its own agencies access to surveillance tools like Clearview. The GAO report surveyed 42 federal agencies in total, 20 of which reported that they either owned their own facial recognition system or used one developed by a third party between April 2018 and March 2020. Ten federal agencies — including Immigration and Customs Enforcement and Customs and Border Protection — said they specifically used Clearview AI.

Facebook Tests Prompts That Ask Users If They’re Worried a Friend is ‘Becoming an Extremist’

Some Facebook users in the United States are being served a prompt that asks if they are worried that someone they know might be becoming an extremist. Others are being notified that they may have been exposed to extremist content.

It is all part of a test the social media company is running that stems from its Redirect Initiative, which aims to combat violent extremism, Andy Stone, a Facebook spokesperson, told CNN. Screen shots of the alerts surfaced on social media Thursday. “This test is part of our larger work to assess ways to provide resources and support to people on Facebook who may have engaged with or were exposed to extremist content, or may know someone who is at risk,” Stone said. “We are partnering with NGOs and academic experts in this space and hope to have more to share in the future,” Stone added. One of the alerts, a screen grab of which made the rounds on social media Thursday, asks users, “Are you concerned that someone you know is becoming an extremist?” “We care about preventing extremism on Facebook,” explained that alert, according to a screen grab posted on social media. “Others in your situation have received confidential support.”

How Big Tech created a data ‘treasure trove’ for police

When U.S. law enforcement officials need to cast a wide net for information, they’re increasingly turning to the vast digital ponds of personal data created by Big Tech companies via the devices and online services that have hooked billions of people around the world.

Data compiled by four of the biggest tech companies shows that law enforcement requests for user information — phone calls, emails, texts, photos, shopping histories, driving routes and more — have more than tripled in the U.S. since 2015. Police are also increasingly savvy about covering their tracks so as not to alert suspects of their interest.

That’s the backdrop for recent revelations that the Trump-era U.S. Justice Department sought data from Apple, Microsoft and Google about members of Congress, their aides and news reporters in leak investigations — then pursued court orders that blocked those companies from informing their targets.

In just the first half of 2020 — the most recent data available — Apple, Google, Facebook and Microsoft together fielded more than 112,000 data requests from local, state and federal officials. The companies agreed to hand over some data in 85% of those cases. Facebook, including its Instagram service, accounted for the largest number of disclosures.

Consider Newport, a coastal city of 24,000 residents that attracts a flood of summer tourists. Fewer than 100 officers patrol the city — but they make multiple requests a week for online data from tech companies.

That’s because most crimes — from larceny and financial scams to a recent fatal house party stabbing at a vacation rental booked online — can be at least partly traced on the internet. Tech providers, especially social media platforms, offer a “treasure trove of information” that can help solve them, said Lt. Robert Salter, a supervising police detective in Newport.

Fired by Bot at Amazon: ‘It’s You Against the Machine’

Contract drivers say algorithms terminate them by email—even when they have done nothing wrong.

Stephen Normandin spent almost four years racing around Phoenix delivering packages as a contract driver for Amazon.com Inc. Then one day, he received an automated email. The algorithms tracking him had decided he wasn’t doing his job properly.

The 63-year-old Army veteran was stunned. He’d been fired by a machine.

Normandin says Amazon punished him for things beyond his control that prevented him from completing his deliveries, such as locked apartment complexes. Amazon assigned him some pre-dawn deliveries at apartment complexes when their gates were still locked, a common complaint among Flex drivers. The algorithm instructs drivers in such instances to deliver packages to the main office, but that wasn’t open either. Normandin called the customer as instructed—a long shot because most people don’t answer calls from unfamiliar numbers, especially early morning. He called driver support, which couldn’t get through to the customer either. Meanwhile, the clock was ticking, and the algorithm was taking note.

When Ryan Cope was deactivated in 2019, he didn’t bother arguing or consider paying for arbitration. By then, Cope had already decided there was no way he could meet the algorithms’ demands. Driving miles along winding dirt roads outside Denver in the snow, he often shook his head in disbelief that Amazon expected the customer to get the package within two hours.

When drivers do challenge poor ratings, they can’t tell if they’re communicating with real people. Responses often include just a first name or no name at all, and the replies typically apply to a variety of situations rather than a specific problem. Even if a name is attached, a machine most likely generated the first few email responses, according to people familiar with the matter.

When human managers get involved, they typically conduct a hasty review—if they do one at all—because they must meet their own performance standards. A former employee at a driver support call center said dozens of part-time seasonal workers with little training were assigned to oversee issues for millions of drivers.

Data Centres Exacerbate Droughts

A data center can easily use up to 1.25 million gallons of water each day — and “More data centers are being built every day by some of America’s largest technology companies,” reports NBC News, “including Amazon, Microsoft and Google and used by millions of customers.”

Almost 40 percent of them are in the United States, and Amazon, Google and Microsoft account for more than half of the total. The U.S. also has at least 1,800 “colocation” data centers, warehouses filled with a variety of smaller companies’ server hardware that share the same cooling system, electricity and security, according to Data Center Map. They are typically smaller than hyperscale data centers but, research has shown, more resource intensive as they maintain a variety of computer systems operating at different levels of efficiency.

Many data center operators are drawn to water-starved regions in the West, in part due to the availability of solar and wind energy. Researchers at Virginia Tech estimate that one-fifth of data centers draw water from moderately to highly stressed watersheds, mostly in the Western United States, according to a paper published in April…

The growth in the industry shows no signs of slowing. The research company Gartner predicts that spending on global data center infrastructure will reach $200 billion this year, an increase of 6 percent from 2020, followed by 3-4 percent annually over the next three years. This growth comes at a time of record temperatures and drought in the United States, particularly in the West. “The typical data center uses about 3-5 million gallons of water per day — the same amount of water as a city of 30,000-50,000 people,” said Venkatesh Uddameri, professor and director of the Water Resources Center at Texas Tech University. Although these data centers have become much more energy and water efficient over the last decade, and don’t use as much water as other industries such as agriculture, this level of water use can still create potential competition with local communities over the water supply in areas where water is scarce, he added…

Sergio Loureiro, vice president of core operations for Microsoft, said that the company has pledged to be “water positive” by 2030, which means it plans to replenish more water than it consumes globally. This includes reducing the company’s water use and investing in community replenishment and conservation projects near where it builds facilities.

Amazon did not respond to requests for comment.

Despite pandemic shutdowns, carbon dioxide and methane surged in 2020

Carbon dioxide levels are now higher than at anytime in the past 3.6 million years. Levels of the two most important anthropogenic greenhouse gases, carbon dioxide and methane, continued their unrelenting rise in 2020 despite the economic slowdown caused by the coronavirus pandemic response, NOAA announced today. The global surface average for carbon dioxide (CO2), calculated from measurements collected at NOAA’s remote sampling locations, was 412.5 parts per million (ppm) in 2020, rising by 2.6 ppm during the year. The global rate of increase was the fifth-highest in NOAA’s 63-year record, following 1987, 1998, 2015 and 2016. The annual mean at NOAA’s Mauna Loa Observatory in Hawaii was 414.4 ppm during 2020.

The economic recession was estimated to have reduced carbon emissions by about 7 percent during 2020. Without the economic slowdown, the 2020 increase would have been the highest on record, according to Pieter Tans, senior scientist at NOAA’s Global Monitoring Laboratory. Since 2000, the global CO2 average has grown by 43.5 ppm, an increase of 12 percent.

The atmospheric burden of CO2 is now comparable to where it was during the Mid-Pliocene Warm Period around 3.6 million years ago, when concentrations of carbon dioxide ranged from about 380 to 450 parts per million. During that time sea level was about 78 feet higher than today, the average temperature was 7 degrees Fahrenheit higher than in pre-industrial times, and studies indicate large forests occupied areas of the Arctic that are now tundra.

Also: https://www.cbsnews.com/news/climate-change-carbon-dioxide-highest-level-million-years/

TikTok sued for billions over use of children’s data

Lawyers will allege that TikTok takes children’s personal information, including phone numbers, videos, exact location and biometric data, without sufficient warning, transparency or the necessary consent required by law, and without children or parents knowing what is being done with that information. TikTok has more than 800 million users worldwide and parent firm ByteDance made billions in profits last year, with the vast majority of that coming via advertising revenue.

US Intelligence may partner with private firms to monitor “extremist chatter” online

The Biden administration is considering using outside firms to track extremist chatter by Americans online, an effort that would expand the government’s ability to gather intelligence but could draw criticism over surveillance of US citizens. The Department of Homeland Security is limited in how it can monitor citizens online without justification and is banned from activities like assuming false identities to gain access to private messaging apps used by extremist groups such as the Proud Boys or Oath Keepers. Instead, federal authorities can only browse through unprotected information on social media sites like Twitter and Facebook and other open online platforms. A source familiar with the effort said it is not about decrypting data but rather using outside entities who can legally access these private groups to gather large amounts of information that could help DHS identify key narratives as they emerge. The plan being discussed inside DHS, according to multiple sources, would, in effect, allow the department to circumvent those limits.

Even as the DHS eyes a more robust use of its intelligence authorities, it continues to face fierce scrutiny on Capitol Hill over its handling of the Portland protests last summer — raising the possibility that at least some lawmakers will push back on the effort. The department — then led by Trump appointees but staffed by career officials, some of whom remain on the job — collected and disseminated open source reports on U.S. journalists who were publicly reporting on the protests.

Samsung Lost More than $268 Million During Power Shutdown in Texas

Samsung executives said the company’s semiconductor business saw profits fall in the first quarter, mainly due to disruptions and product losses caused by the shutdown. Samsung’s Austin fab was offline for more than a month after it was shut down due to power outages during the freeze… About 71,000 wafers were affected by production disruptions, said Han Jinman, executive vice-president of Samsung’s memory chip business. He estimated the wafer loss is equivalent to $268 million to $357 million.

Semiconductor fabs are typically operational 24 hours a day for years on end. Each batch of wafers — a thin slice of semiconductor used for the fabrication of integrated circuits — can take 45 to 60 days to make, so a shutdown of any length can mean a loss of weeks of work. Restoring a fab is also a complicated process, and even in the best of circumstances can take a week… NXP Semiconductors was also among the facilities that were shut down in February, as its two Austin fabrication facilities were offline for nearly a month. In March, the company estimated the shutdown would result in a $100 million loss in revenue and a month of wafer production…

Jinman said Samsung is working with the state, municipal government and local utility companies to find solutions to prevent similar shutdowns in the future.

Amazon had sales income of €44bn in Europe in 2020 but paid no corporation tax

Corporate filings in Luxembourg revealed that the company collected record sales income of €44bn (£38bn) in Europe last year but did not have to pay any corporation tax to the Grand Duchy.

Accounts for Amazon EU Sarl, through which it sells products to hundreds of millions of households in the UK and across Europe, show that despite collecting record income, the Luxembourg unit made a €1.2bn loss and therefore paid no tax.

In fact the unit was granted €56m in tax credits it can use to offset any future tax bills should it turn a profit. The company has €2.7bn worth of carried forward losses stored up, which can be used against any tax payable on future profits.

“Amazon’s revenues have soared under the pandemic while our high streets struggle, yet it continues to shift its profits to tax havens like Luxembourg to avoid paying its fair share of tax. These big digital companies all rely on our public services, our infrastructure…

Climate crisis has shifted the Earth’s axis, study shows

The massive melting of glaciers as a result of global heating has caused marked shifts in the Earth’s axis of rotation since the 1990s, research has shown. It demonstrates the profound impact humans are having on the planet, scientists said.

The planet’s geographic north and south poles are the point where its axis of rotation intersects the surface, but they are not fixed. Changes in how the Earth’s mass is distributed around the planet cause the axis, and therefore the poles, to move.

In the past, only natural factors such as ocean currents and the convection of hot rock in the deep Earth contributed to the drifting position of the poles. But the new research shows that since the 1990s, the loss of hundreds of billions of tonnes of ice a year into the oceans resulting from the climate crisis has caused the poles to move in new directions.

The scientists found the direction of polar drift shifted from southward to eastward in 1995 and that the average speed of drift from 1995 to 2020 was 17 times faster than from 1981 to 1995.

Since 1980, the position of the poles has moved about 4 metres in distance.

“The accelerated decline [in water stored on land] resulting from glacial ice melting is the main driver of the rapid polar drift after the 1990s,” concluded the team, led by Shanshan Deng, from the Institute of Geographic Sciences and Natural Resources Research at the Chinese Academy of Sciences.

Gravity data from the Grace satellite, launched in 2002, had been used to link glacial melting to movements of the pole in 2005 and 2012, both following increases in ice losses. But Deng’s research breaks new ground by extending the link to before the satellite’s launch, showing human activities have been shifting the poles since the 1990s, almost three decades ago.

The research, published in the journal Geophysical Research Letters, showed glacial losses accounted for most of the shift, but it is likely that the pumping up of groundwater also contributed to the movements.

Groundwater is stored under land but, once pumped up for drinking or agriculture, most eventually flows to sea, redistributing its weight around the world. In the past 50 years, humanity has removed 18tn tonnes of water from deep underground reservoirs without it being replaced.

Vincent Humphrey, at the University of Zurich, Switzerland, and not involved in the new research said it showed how human activities have redistributed huge amounts of water around the planet: “It tells you how strong this mass change is – it’s so big that it can change the axis of the Earth.” However, the movement of the Earth’s axis is not large enough to affect daily life, he said: it could change the length of a day, but only by milliseconds.

Prof Jonathan Overpeck, at the University of Arizona, US, told the Guardian previously that changes to the Earth’s axis highlighted “how real and profoundly large an impact humans are having on the planet”.

Some scientists argue that the scale of this impact means a new geological epoch – the Anthropocene – needs to be declared. Since the mid-20th century, there has been a marked acceleration of carbon dioxide emissions and sea level rise, the destruction of wildlife and the transformation of land by farming, deforestation and development.

Satellites show world’s glaciers melting faster than ever

Glaciers are melting faster, losing 31 percent more snow and ice per year than they did 15 years earlier, according to three-dimensional satellite measurements of all the world’s mountain glaciers.

Scientists blame human-caused climate change.

Using 20 years of recently declassified satellite data, scientists calculated that the world’s 220,000 mountain glaciers are losing more than 328 billion tons (298 billion metric tons) of ice and snow per year since 2015, according to a study in Wednesday’s journal Nature. That’s enough melt flowing into the world’s rising oceans to put Switzerland under almost 24 feet (7.2 meters) of water each year.

Half the world’s glacial loss is coming from the United States and Canada.

Almost all the world’s glaciers are melting, even ones in Tibet that used to be stable, the study found. Except for a few in Iceland and Scandinavia that are fed by increased precipitation, the melt rates are accelerating around the world.

The Facebook Loophole that Lets World Leaders Deceive and Harass Their Citizens

Facebook has repeatedly allowed world leaders and politicians to use its platform to deceive the public or harass opponents despite being alerted to evidence of the wrongdoing. The Guardian has seen extensive internal documentation showing how Facebook handled more than 30 cases across 25 countries of politically manipulative behavior that was proactively detected by company staff. The investigation shows how Facebook has allowed major abuses of its platform in poor, small and non-western countries in order to prioritize addressing abuses that attract media attention or affect the US and other wealthy countries. The company acted quickly to address political manipulation affecting countries such as the US, Taiwan, South Korea and Poland, while moving slowly or not at all on cases in Afghanistan, Iraq, Mongolia, Mexico and much of Latin America.

Amazon Delivery Drivers Forced to Sign ‘Biometric Consent’ Form or Lose Job

Amazon delivery drivers nationwide have to sign a “biometric consent” form this week that grants the tech behemoth permission to use AI-powered cameras to access drivers’ location, movement, and biometric data. If the company’s delivery drivers, who number around 75,000 in the United States, refuse to sign these forms, they lose their jobs. The form requires drivers to agree to facial recognition and other biometric data collection within the trucks they drive.

“Amazon may… use certain Technology that processes Biometric Information, including on-board safety camera technology which collects your photograph for the purposes of confirming your identity and connecting you to your driver account,” the form reads. “Using your photograph, this Technology, may create Biometric Information, and collect, store, and use Biometric Information from such photographs.”

It adds that “this Technology tracks vehicle location and movement, including miles driven, speed, acceleration, braking, turns, and following distance …as a condition of delivery packages for Amazon, you consent to the use of Technology.”

New Site Extracts and Posts Every Face from Parler’s Capitol Hill Insurrection Videos

“Late last week, a website called Faces of the Riot appeared online, showing nothing but a vast grid of more than 6,000 images of faces, each one tagged only with a string of characters associated with the Parler video in which it appeared,” reports WIRED, saying the site raises clear privacy concerns:
The site’s creator tells WIRED that he used simple, open source machine-learning and facial recognition software to detect, extract, and deduplicate every face from the 827 videos that were posted to Parler from inside and outside the Capitol building on January 6, the day when radicalized Trump supporters stormed the building in a riot that resulted in five people’s deaths. The creator of Faces of the Riot says his goal is to allow anyone to easily sort through the faces pulled from those videos to identify someone they may know, or recognize who took part in the mob, or even to reference the collected faces against FBI wanted posters and send a tip to law enforcement if they spot someone… “It’s entirely possible that a lot of people who were on this website now will face real-life consequences for their actions….”

A recent upgrade to the site adds hyperlinks from faces to the video source, so that visitors can click on any face and see what the person was filmed doing on Parler. The Faces of the Riot creator, who says he’s a college student in the “greater DC area,” intends that added feature to help contextualize every face’s inclusion on the site and differentiate between bystanders, peaceful protesters, and violent insurrectionists. He concedes that he and a co-creator are still working to scrub “non-rioter” faces, including those of police and press who were present. A message at the top of the site also warns against vigilante investigations, instead suggesting users report those they recognize to the FBI, with a link to an FBI tip page….

McDonald has previously both criticized the power of facial recognition technology and himself implemented facial recognition projects like ICEspy, a tool he launched in 2018 for identifying agents of the Immigration and Customs Enforcement agency… He sees Faces of the Riot as “playing it really safe” compared even to his own facial recognition experiments, given that it doesn’t seek to link faces with named identities. “And I think it’s a good call because I don’t think that we need to legitimize this technology any more than it already is and has been falsely legitimized,” McDonald says.

But McDonald also points out that Faces of the Riot demonstrates just how accessible facial recognition technologies have become. “It shows how this tool that has been restricted only to people who have the most education, the most power, the most privilege is now in this more democratized state,” McDonald says.

Twitter Bots Are a Major Source of Climate Disinformation

Twitter accounts run by machines are a major source of climate change disinformation that might drain support from policies to address rising temperatures. In the weeks surrounding former President Trump’s announcement about withdrawing from the Paris Agreement, accounts suspected of being bots accounted for roughly a quarter of all tweets about climate change, according to new research. “If we are to effectively address the existential crisis of climate change, bot presence in the online discourse is a reality that scientists, social movements and those concerned about democracy have to better grapple with,” wrote Thomas Marlow, a postdoctoral researcher at the New York University, Abu Dhabi, campus, and his co-authors. Their paper published last week in the journal Climate Policy is part of an expanding body of research about the role of bots in online climate discourse.

The new focus on automated accounts is driven partly by the way they can distort the climate conversation online. Marlow’s team measured the influence of bots on Twitter’s climate conversation by analyzing 6.8 million tweets sent by 1.6 million users between May and June 2017. Trump made his decision to ditch the climate accord on June 1 of that year. President Biden reversed the decision this week. From that dataset, the team ran a random sample of 184,767 users through the Botometer, a tool created by Indiana University’s Observatory on Social Media, which analyzes accounts and determines the likelihood that they are run by machines.

Researchers also categorized the 885,164 tweets those users had sent about climate change during the two-month study period. The most popular categories were tweets about climate research and news. Marlow and the other researchers determined that nearly 9.5% of the users in their sample were likely bots. But those bots accounted for 25% of the total tweets about climate change on most days. […] The researchers weren’t able to determine who deployed the bots. But they suspect the seemingly fake accounts could have been created by “fossil-fuel companies, petro-states or their surrogates,” all of which have a vested interest in preventing or delaying action on climate change.

Intelligence Analysts Use US Smartphone Location Data Without Warrants, Memo Says

A military arm of the intelligence community buys commercially available databases containing location data from smartphone apps and searches it for Americans’ past movements without a warrant, according to an unclassified memo obtained by The New York Times. Defense Intelligence Agency analysts have searched for the movements of Americans within a commercial database in five investigations over the past two and a half years, agency officials disclosed in a memo they wrote for Senator Ron Wyden, Democrat of Oregon.

The disclosure sheds light on an emerging loophole in privacy law during the digital age: In a landmark 2018 ruling known as the Carpenter decision, the Supreme Court held that the Constitution requires the government to obtain a warrant to compel phone companies to turn over location data about their customers. But the government can instead buy similar data from a broker — and does not believe it needs a warrant to do so. “D.I.A. does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes,” the agency memo said.

Mr. Wyden has made clear that he intends to propose legislation to add safeguards for Americans’ privacy in connection with commercially available location data. In a Senate speech this week, he denounced circumstances “in which the government, instead of getting an order, just goes out and purchases the private records of Americans from these sleazy and unregulated commercial data brokers who are simply above the law.” He called the practice unacceptable and an intrusion on constitutional privacy rights. “The Fourth Amendment is not for sale,” he said.

How Law Enforcement Gets Around Your Smartphone’s Encryption

Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new research indicates governments already have methods and tools that, for better or worse, let them access locked smartphones thanks to weaknesses in the security schemes of Android and iOS.

Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools…

once you unlock your device the first time after reboot, lots of encryption keys start getting stored in quick access memory, even while the phone is locked. At this point an attacker could find and exploit certain types of security vulnerabilities in iOS to grab encryption keys that are accessible in memory and decrypt big chunks of data from the phone. Based on available reports about smartphone access tools, like those from the Israeli law enforcement contractor Cellebrite and US-based forensic access firm Grayshift, the researchers realized that this is how almost all smartphone access tools likely work right now. It’s true that you need a specific type of operating system vulnerability to grab the keys — and both Apple and Google patch as many of those flaws as possible — but if you can find it, the keys are available, too…

Forensic tools exploiting the right vulnerability can grab even more decryption keys, and ultimately access even more data, on an Android phone.

NSO Used Real People’s Location Data To Pitch Its Contact-Tracing Tech

NSO, a private intelligence company best known for developing and selling governments access to its Pegasus spyware, pitched its contact-tracing system earlier this year, dubbed Fleming, aimed at helping governments track the spread of COVID-19. Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus. NSO gave several news outlets each a demo of Fleming, which NSO says helps governments make public health decisions “without compromising individual privacy.” But in May, a security researcher told TechCrunch that he found an exposed database storing thousands of location data points used by NSO to demonstrate how Fleming works — the same demo seen by reporters weeks earlier. TechCrunch reported the apparent security lapse to NSO, which quickly secured the database, but said that the location data was “not based on real and genuine data.” NSO’s claim that the location data wasn’t real differed from reports in Israeli media, which said NSO had used phone location data obtained from advertising platforms, known as data brokers, to “train” the system. Academic and privacy expert Tehilla Shwartz Altshuler, who was also given a demo of Fleming, said NSO told her that the data was obtained from data brokers, which sell access to vast troves of aggregate location data collected from the apps installed on millions of phones.

NSO is currently embroiled in a lawsuit with Facebook-owned WhatsApp, which last year blamed NSO for exploiting an undisclosed vulnerability in WhatsApp to infect some 1,400 phones with Pegasus, including journalists and human rights defenders. NSO says it should be afforded legal immunity because it acts on behalf of governments.