web analytics
a

Facebook

Twitter

Copyright 2015 Libero Themes.
All Rights Reserved.

8:30 - 6:00

Our Office Hours Mon. - Fri.

703-406-7616

Call For Free 15/M Consultation

Facebook

Twitter

Search
Menu
Westlake Legal Group > Instant Messaging

How Jeff Bezos’ iPhone X Was Hacked

SAN FRANCISCO — On the afternoon of May 1, 2018, Jeff Bezos received a message on WhatsApp from an account belonging to Saudi Arabia’s crown prince, Mohammed bin Salman.

The two men had previously communicated using the messaging platform, but Mr. Bezos, Amazon’s chief executive, had not expected a message that day — let alone one with a video of Saudi and Swedish flags with Arabic text.

The video, a file of more than 4.4 megabytes, was more than it appeared, according to a forensic analysis that Mr. Bezos commissioned and paid for to discover who had hacked his iPhone X. Hidden in that file was a separate bit of code that most likely implanted malware that gave attackers access to Mr. Bezos’ entire phone, including his photos and private communications.

Mr. Bezos has been on a singular quest to find out who penetrated the device since early 2019, when he said The National Enquirer’s parent company had threatened to release private photographs and texts, and the forensic study was part of that effort. Those pictures and messages showed Mr. Bezos, who was married at the time, with another woman, Lauren Sanchez. The analysis did not connect the hack to The Enquirer.

The forensic report on Mr. Bezos’ phone was at the heart of a United Nations statement on Wednesday raising concerns about Prince Mohammed. The analysis essentially accused the Saudi prince of using malware created by a private cybersecurity company to spy on and to intimidate Mr. Bezos, who also owns The Washington Post. At the time of the hack, Jamal Khashoggi, a dissident Saudi writer, was employed at The Post, which has published coverage critical of the Saudi government. Mr. Khashoggi was killed in the Saudi consulate in Istanbul in late 2018.

Many technical mysteries remain about the infiltration of Mr. Bezos’ phone, including what type of malware was used. The forensic report did not detail whether Mr. Bezos had opened the file that was sent to him via Crown Prince Mohammed’s WhatsApp account. Cybersecurity experts said some malware did not require anyone to click on the file for it to install on a phone.

The details of the hack could not be independently verified by The New York Times. Mr. Bezos has been pushing a theory of Saudi involvement with the threats from The Enquirer, without providing proof, since early 2019. The Enquirer’s parent company has said Ms. Sanchez’s brother, Michael, was the sole source of the texts and intimate photos it acquired.

The Saudi Embassy in Washington has said that accusations that the kingdom was involved in hacking Mr. Bezos’ phone were “absurd.

The report’s conclusions renew questions about the shadowy world of private hackers for hire. For the right client, or the right sum, such hackers apparently infiltrated the phone of one of the world’s wealthiest and most powerful men. The report did not say which private cybersecurity company was used, but suggested that the Tel Aviv-based NSO Group and Milan-based Hacking Team had the capabilities for such an attack.

ImageWestlake Legal Group merlin_167589126_eff65b38-30ad-4782-9ce7-6665e1a336e8-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

Some of the texts that Mr. Bezos exchanged with Saudi Arabia’s crown prince, Mohammed bin Salman, on WhatsApp.Credit…via FTI

The hack also exposed how popular messaging platforms like WhatsApp have vulnerabilities that attackers can exploit. In October, WhatsApp sued the NSO Group in federal court, claiming that NSO’s spy technology was used on its service to target journalists and human rights activists. WhatsApp, which is owned by Facebook, has patched the flaw that the malware used.

“This case really highlights the threats that are posed by a lawless and unaccountable private surveillance industry,” said David Kaye, the United Nations special rapporteur who was a co-author of Wednesday’s statement. “The companies who are creating these tools are extremely crafty and aggressive, and it’s a cat-and-mouse game at this point.”

NSO said it was not involved in any hack of Mr. Bezos’ phone. Hacking Team did not respond to a request for comment. WhatsApp declined to comment, as did FTI Consulting, the company that Mr. Bezos’ security team hired to examine his phone and that wrote the forensic analysis. Amazon declined to comment on behalf of Mr. Bezos.

Malware that was created for the explicit purpose of prying into private online communications, also known as spyware, has become a $1 billion industry. While companies like the NSO Group and Hacking Team have been accused of deploying their spyware with governments to monitor dissidents and others, smaller companies also sell simpler versions of the software for as little as $10, allowing people to snoop on their spouses or children.

Ron Deibert, the director of Citizen Lab at the University of Toronto, which was not involved in the Bezos investigation, said the Amazon chief’s situation was “a reminder that the proliferation of commercial spyware is a global security problem for all sectors, from government and businesses to civil society.”

Over the years that he has run Amazon, Mr. Bezos has largely kept private. That changed when The National Enquirer published photos and messages last year between him and Ms. Sanchez, a TV anchor. Mr. Bezos and his wife, MacKenzie Bezos, later got a divorce.

ImageWestlake Legal Group merlin_167589129_4ca70071-cec4-47aa-8c76-ca5cabb20b63-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

The WhatsApp message that contained a video file sent to Mr. Bezos from the account of Prince Mohammed. The file contained malware, investigators said in a forensic analysis.Credit…via FTI

On Feb. 7, 2019, Mr. Bezos went public with his claims. In a post on Medium, he accused The Enquirer of trying to blackmail him with his own text messages and photos and said he had asked Gavin de Becker, a private investigator, to determine how his phone had been hacked.

Ten days later, Mr. de Becker was advised by a “leading intelligence expert” to conduct a forensic analysis of Mr. Bezos’ iPhone and to look for Saudi fingerprints in the hack, according to notes in the report. The report did not identify the intelligence expert who reached out to Mr. de Becker.

Mr. de Becker, who declined to comment, hired FTI Consulting on Feb. 24, 2019, to examine Mr. Bezos’ phone. FTI was initially asked to look into several text messages that Mr. Bezos had received from the WhatsApp account of the Saudi prince. In mid-May 2019, Mr. Bezos handed over his iPhone X and asked FTI to run a full analysis on it, according to the report.

FTI zeroed in on an April 2018 dinner in which Prince Mohammed and Mr. Bezos had exchanged phone numbers in Los Angeles. After that, FTI found, the WhatsApp account of the prince initiated contact with Mr. Bezos repeatedly and without prompting.

The May 2018 message that contained the innocuous-seeming video file, with a tiny 14-byte chunk of malicious code, came out of the blue, according to the report and additional notes obtained by The New York Times. In the 24 hours after it was sent, Mr. Bezos’ iPhone began sending large amounts of data, which increased approximately 29,000 percent over his normal data usage.

In the additional notes to the report, investigators said several phone apps were being used during the time that data was leaving the phone. Those included the Safari web browser and the Apple Mail program, both of which Mr. Bezos did not appear to be using heavily himself. Mr. Bezos did not have iCloud backup enabled on the phone, the notes added, which would have also explained large amounts of data leaving the phone.

Messages sent by Prince Mohammed’s WhatsApp account starting in late 2018 soon began to suggest that the sender had intimate knowledge of Mr. Bezos’ private life. On Nov. 8, 2018, the report said, Mr. Bezos received a message from the account that included a photo of a woman resembling Ms. Sanchez.

The photo was captioned, “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.”

At the time, Mr. Bezos and his wife were discussing divorce, which would have been apparent to anyone reading his text messages.

ImageWestlake Legal Group merlin_167589132_cf7a619f-695f-4949-9429-fe5a0df925c6-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

A text sent to Mr. Bezos from Prince Mohammed’s WhatsApp account included a photo of a woman who resembled Lauren Sanchez, who Mr. Bezos was seeing.Credit…via FTI Cybersecurity

In mid-February 2019, Mr. Bezos held a series of phone calls with his security team about the Saudis’ alleged online campaign against him, the report said. Two days later, Mr. Bezos received a message from Prince Mohammed’s WhatsApp account that read, in part, “there is nothing against you or Amazon from me or Saudi Arabia.”

The report listed spyware known as Pegasus, developed by the NSO Group, and spyware called Galileo, developed by Hacking Team, as the two most likely tools used to carry out the attack. The report added that Saud al-Qahtani, a close adviser of Prince Mohammed, owned a 20 percent stake in Hacking Team.

The FTI report was not definitive about the hack, but said it had “medium to high confidence” that the message from the prince’s WhatsApp account was the culprit. In notes to the report, FTI said it was still attempting a more thorough analysis of the iPhone, including by jailbreaking it, or bypassing Apple’s control system on the phone.

Some cybersecurity experts said more information about the hack was needed to verify the report’s conclusions. Bill Marczak, a cyber expert at Citizen Lab, said in a blog post on Wednesday that technology existed for decrypting the WhatsApp messages to see more detail about the video file that was sent.

Agnes Callamard, the United Nations special rapporteur who also co-wrote Wednesday’s statement, said the episode was “a wake-up call to the international community as a whole that we are facing a technology that is very difficult to track, extremely powerful and effective, and that is completely unregulated.”

She said Mr. Bezos’ experience should sound alarms because even with his wealth and resources, it took months of investigation by specialists to figure out what had happened — a luxury few others have.

“It basically means that we are all extremely vulnerable,” she said.

Ben Hubbard contributed reporting from Beirut, and Karen Weise from Seattle.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

How Jeff Bezos’ iPhone X Was Hacked

SAN FRANCISCO — On the afternoon of May 1, 2018, Jeff Bezos received a message on WhatsApp from an account belonging to Saudi Arabia’s crown prince, Mohammed bin Salman.

The two men had previously communicated using the messaging platform, but Mr. Bezos, Amazon’s chief executive, had not expected a message that day — let alone one with a video of Saudi and Swedish flags with Arabic text.

The video, a file of more than 4.4 megabytes, was more than it appeared, according to a forensic analysis that Mr. Bezos commissioned and paid for to discover who had hacked his iPhone X. Hidden in that file was a separate bit of code that most likely implanted malware that gave attackers access to Mr. Bezos’ entire phone, including his photos and private communications.

Mr. Bezos has been on a singular quest to find out who penetrated the device since early 2019, when he said The National Enquirer’s parent company had threatened to release private photographs and texts, and the forensic study was part of that effort. Those pictures and messages showed Mr. Bezos, who was married at the time, with another woman, Lauren Sanchez. The analysis did not connect the hack to The Enquirer.

The forensic report on Mr. Bezos’ phone was at the heart of a United Nations statement on Wednesday raising concerns about Prince Mohammed. The analysis essentially accused the Saudi prince of using malware created by a private cybersecurity company to spy on and to intimidate Mr. Bezos, who also owns The Washington Post. At the time of the hack, Jamal Khashoggi, a dissident Saudi writer, was employed at The Post, which has published coverage critical of the Saudi government. Mr. Khashoggi was killed in the Saudi consulate in Istanbul in late 2018.

Many technical mysteries remain about the infiltration of Mr. Bezos’ phone, including what type of malware was used. The forensic report did not detail whether Mr. Bezos had opened the file that was sent to him via Crown Prince Mohammed’s WhatsApp account. Cybersecurity experts said some malware did not require anyone to click on the file for it to install on a phone.

The details of the hack could not be independently verified by The New York Times. Mr. Bezos has been pushing a theory of Saudi involvement with the threats from The Enquirer, without providing proof, since early 2019. The Enquirer’s parent company has said Ms. Sanchez’s brother, Michael, was the sole source of the texts and intimate photos it acquired.

The Saudi Embassy in Washington has said that accusations that the kingdom was involved in hacking Mr. Bezos’ phone were “absurd.

The report’s conclusions renew questions about the shadowy world of private hackers for hire. For the right client, or the right sum, such hackers apparently infiltrated the phone of one of the world’s wealthiest and most powerful men. The report did not say which private cybersecurity company was used, but suggested that the Tel Aviv-based NSO Group and Milan-based Hacking Team had the capabilities for such an attack.

ImageWestlake Legal Group merlin_167589126_eff65b38-30ad-4782-9ce7-6665e1a336e8-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

Some of the texts that Mr. Bezos exchanged with Saudi Arabia’s crown prince, Mohammed bin Salman, on WhatsApp.Credit…via FTI

The hack also exposed how popular messaging platforms like WhatsApp have vulnerabilities that attackers can exploit. In October, WhatsApp sued the NSO Group in federal court, claiming that NSO’s spy technology was used on its service to target journalists and human rights activists. WhatsApp, which is owned by Facebook, has patched the flaw that the malware used.

“This case really highlights the threats that are posed by a lawless and unaccountable private surveillance industry,” said David Kaye, the United Nations special rapporteur who was a co-author of Wednesday’s statement. “The companies who are creating these tools are extremely crafty and aggressive, and it’s a cat-and-mouse game at this point.”

NSO said it was not involved in any hack of Mr. Bezos’ phone. Hacking Team did not respond to a request for comment. WhatsApp declined to comment, as did FTI Consulting, the company that Mr. Bezos’ security team hired to examine his phone and that wrote the forensic analysis. Amazon declined to comment on behalf of Mr. Bezos.

Malware that was created for the explicit purpose of prying into private online communications, also known as spyware, has become a $1 billion industry. While companies like the NSO Group and Hacking Team have been accused of deploying their spyware with governments to monitor dissidents and others, smaller companies also sell simpler versions of the software for as little as $10, allowing people to snoop on their spouses or children.

Ron Deibert, the director of Citizen Lab at the University of Toronto, which was not involved in the Bezos investigation, said the Amazon chief’s situation was “a reminder that the proliferation of commercial spyware is a global security problem for all sectors, from government and businesses to civil society.”

Over the years that he has run Amazon, Mr. Bezos has largely kept private. That changed when The National Enquirer published photos and messages last year between him and Ms. Sanchez, a TV anchor. Mr. Bezos and his wife, MacKenzie Bezos, later got a divorce.

ImageWestlake Legal Group merlin_167589129_4ca70071-cec4-47aa-8c76-ca5cabb20b63-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

The WhatsApp message that contained a video file sent to Mr. Bezos from the account of Prince Mohammed. The file contained malware, investigators said in a forensic analysis.Credit…via FTI

On Feb. 7, 2019, Mr. Bezos went public with his claims. In a post on Medium, he accused The Enquirer of trying to blackmail him with his own text messages and photos and said he had asked Gavin de Becker, a private investigator, to determine how his phone had been hacked.

Ten days later, Mr. de Becker was advised by a “leading intelligence expert” to conduct a forensic analysis of Mr. Bezos’ iPhone and to look for Saudi fingerprints in the hack, according to notes in the report. The report did not identify the intelligence expert who reached out to Mr. de Becker.

Mr. de Becker, who declined to comment, hired FTI Consulting on Feb. 24, 2019, to examine Mr. Bezos’ phone. FTI was initially asked to look into several text messages that Mr. Bezos had received from the WhatsApp account of the Saudi prince. In mid-May 2019, Mr. Bezos handed over his iPhone X and asked FTI to run a full analysis on it, according to the report.

FTI zeroed in on an April 2018 dinner in which Prince Mohammed and Mr. Bezos had exchanged phone numbers in Los Angeles. After that, FTI found, the WhatsApp account of the prince initiated contact with Mr. Bezos repeatedly and without prompting.

The May 2018 message that contained the innocuous-seeming video file, with a tiny 14-byte chunk of malicious code, came out of the blue, according to the report and additional notes obtained by The New York Times. In the 24 hours after it was sent, Mr. Bezos’ iPhone began sending large amounts of data, which increased approximately 29,000 percent over his normal data usage.

In the additional notes to the report, investigators said several phone apps were being used during the time that data was leaving the phone. Those included the Safari web browser and the Apple Mail program, both of which Mr. Bezos did not appear to be using heavily himself. Mr. Bezos did not have iCloud backup enabled on the phone, the notes added, which would have also explained large amounts of data leaving the phone.

Messages sent by Prince Mohammed’s WhatsApp account starting in late 2018 soon began to suggest that the sender had intimate knowledge of Mr. Bezos’ private life. On Nov. 8, 2018, the report said, Mr. Bezos received a message from the account that included a photo of a woman resembling Ms. Sanchez.

The photo was captioned, “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.”

At the time, Mr. Bezos and his wife were discussing divorce, which would have been apparent to anyone reading his text messages.

ImageWestlake Legal Group merlin_167589132_cf7a619f-695f-4949-9429-fe5a0df925c6-articleLarge How Jeff Bezos’ iPhone X Was Hacked WhatsApp Inc Washington Post NSO Group national enquirer Mohammed bin Salman (1985- ) Instant Messaging Hacking Team SRL Forensic Science Cyberattacks and Hackers Computers and the Internet Bezos, Jeffrey P Amazon.com Inc

A text sent to Mr. Bezos from Prince Mohammed’s WhatsApp account included a photo of a woman who resembled Lauren Sanchez, who Mr. Bezos was seeing.Credit…via FTI Cybersecurity

In mid-February 2019, Mr. Bezos held a series of phone calls with his security team about the Saudis’ alleged online campaign against him, the report said. Two days later, Mr. Bezos received a message from Prince Mohammed’s WhatsApp account that read, in part, “there is nothing against you or Amazon from me or Saudi Arabia.”

The report listed spyware known as Pegasus, developed by the NSO Group, and spyware called Galileo, developed by Hacking Team, as the two most likely tools used to carry out the attack. The report added that Saud al-Qahtani, a close adviser of Prince Mohammed, owned a 20 percent stake in Hacking Team.

The FTI report was not definitive about the hack, but said it had “medium to high confidence” that the message from the prince’s WhatsApp account was the culprit. In notes to the report, FTI said it was still attempting a more thorough analysis of the iPhone, including by jailbreaking it, or bypassing Apple’s control system on the phone.

Some cybersecurity experts said more information about the hack was needed to verify the report’s conclusions. Bill Marczak, a cyber expert at Citizen Lab, said in a blog post on Wednesday that technology existed for decrypting the WhatsApp messages to see more detail about the video file that was sent.

Agnes Callamard, the United Nations special rapporteur who also co-wrote Wednesday’s statement, said the episode was “a wake-up call to the international community as a whole that we are facing a technology that is very difficult to track, extremely powerful and effective, and that is completely unregulated.”

She said Mr. Bezos’ experience should sound alarms because even with his wealth and resources, it took months of investigation by specialists to figure out what had happened — a luxury few others have.

“It basically means that we are all extremely vulnerable,” she said.

Ben Hubbard contributed reporting from Beirut, and Karen Weise from Seattle.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

Analysis Ties Hacking of Bezos’ Phone to Saudi Leader’s Account

Westlake Legal Group 21bezoshack-facebookJumbo Analysis Ties Hacking of Bezos’ Phone to Saudi Leader’s Account Text Messaging national enquirer Mohammed bin Salman (1985- ) Khashoggi, Jamal Instant Messaging FTI Consulting Inc Cyberwarfare and Defense Classified Information and State Secrets Bezos, Jeffrey P Assassinations and Attempted Assassinations American Media Inc Amazon.com Inc

SEATTLE — A forensic analysis of Jeff Bezos’ cellphone found with “medium to high confidence” that the Amazon chief’s device was hacked after he received a video from a WhatsApp account reportedly belonging to Crown Prince Mohammed bin Salman of Saudi Arabia.

After Mr. Bezos, who also owns The Washington Post, got the video over the WhatsApp messaging platform in 2018, his phone began sending unusually large volumes of data, according to a report summing up investigators’ findings, which was reviewed by The New York Times.

The investigators believed Prince Mohammed was used as a conduit because the message would not raise suspicions if it came from him, said a person familiar with the investigation, who declined to be identified because they were not authorized to discuss the matter.

According to the report, Mr. Bezos received a message from the crown prince’s account in late 2018 that suggested that the prince had intimate knowledge of Mr. Bezos’ private life.

The forensics investigation was completed on behalf of Mr. Bezos by Anthony Ferrante at the business advisory firm FTI Consulting. Mr. Ferrante declined to comment through a FTI spokesman.

After the findings were reported by The Guardian and The Financial Times, the Saudi Embassy denied that the Saudi government was involved.

“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd,” the Saudi Embassy said on Twitter. “We call for an investigation on these claims so that we can have all the facts out.”

Mr. Bezos’ security consultant, Gavin de Becker, had previously accused the Saudi government of hacking Mr. Bezos’ phone, saying the Saudi authorities targeted him because he owned The Washington Post. The Post has aggressively reported on the murder of Jamal Khashoggi, one of its columnists, who was a critic of the Saudi government. The Central Intelligence Agency has concluded that Prince Mohammed ordered the killing.

According to FTI’s report, Mr. Bezos and Prince Mohammed exchanged phone numbers at a dinner in Los Angeles in April 2018. The crown prince initiated a messaging conversation with Mr. Bezos that same day over WhatsApp.

About a month later, Mr. Bezos received an unexpected message from the crown prince that contained a video attachment, the report said.

The report did not say whether Mr. Bezos opened the video attachment, which had an image of Saudi and Swedish flags overlaid with Arabic text. But immediately after he received the file, the amount of data exiting his phone increased almost three hundredfold, according to the investigators’ analysis of Mr. Bezos’s data.

On two later occasions, according to the report, the crown prince appeared to send Mr. Bezos messages that suggested he had knowledge of the tech mogul’s private communications.

On Nov. 8, 2018, the report said, Mr. Bezos received a message from the account that included a single photo of a woman who strongly resembled Lauren Sanchez, with whom Mr. Bezos was having an affair that had not been made public. The photo was captioned, “Arguing with a woman is like reading the software license agreement. In the end you have to ignore everything and click I agree.”

At the time, Mr. Bezos and his wife were discussing a divorce, which would have been apparent to someone reading his text messages.

The second occasion, on Feb. 16 of last year, came two days after Mr. Bezos took part in phone conversations about the Saudis’ alleged online campaign against him. The message he received read, in part, that “there is nothing against you or Amazon from me or Saudi Arabia.”

The report concluded that advanced mobile spyware could have been used to compromise Mr. Bezos’ phone.

Two United Nations experts plan to release a public statement Wednesday morning “addressing serious allegations” that Mr. Bezos was hacked by receiving a WhatsApp message “reportedly from an account belonging to the crown prince of Saudi Arabia,” one of the experts, Agnes Callamard, said in an email.

Ms. Callamard, a specialist in extrajudicial killings, has been investigating Mr. Khashoggi’s murder, and David Kaye, an expert in human rights law, has been gathering information about violations of freedom of the press.

In its statement, the United Nations plans to say that it is raising concerns over the hacking of Mr. Bezos’s phone directly with the Saudi government, said a person familiar with the statement. The United Nations did not conduct its own investigation into the hack and is basing its statement on the FTI report, the person said.

The United Nations began looking into the situation in June 2019 when someone close to Mr. Bezos shared the forensic analysis with them, the person added.

Amazon and Mr. de Becker declined to comment. William Isaacson, Mr. Bezos’ lawyer at Boies Schiller Flexner, declined to comment beyond saying that Mr. Bezos was cooperating with continuing investigations.

The questions about who has had access to Mr. Bezos’ phone erupted a year ago, after The National Enquirer reported that the tech executive was romantically involved with Ms. Sanchez, a former TV anchor. At the time, The Enquirer published photos of the couple together, as well as intimate text messages.

Mr. Bezos later published emails from American Media, the parent company of The National Enquirer, which he said amounted to “extortion and blackmail.” He suggested that the leaks of photos and details of his private life could have been politically motivated to harm him because of his ownership of The Post.

In March, Mr. de Becker accused the Saudi government of hacking Mr. Bezos’s phone. In an opinion article in The Daily Beast, Mr. de Becker wrote that his “investigators and several experts concluded with high confidence” that the Saudis got private information from Mr. Bezos’ phone and that he turned the evidence they had uncovered over to law enforcement authorities.

Mr. de Becker did not detail specific evidence they uncovered, nor did he detail whether the leaked information was published by The Enquirer. American Media denied any Saudi involvement, saying Ms. Sanchez’s brother was the tabloid’s sole source.

Karen Weise reported from Seattle, Matthew Rosenberg from Washington and Sheera Frenkel from San Francisco. Rick Gladstone contributed reporting from New York.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

Analysis Said to Tie Hacking of Bezos’ Phone to Saudi Leader’s Account

Westlake Legal Group 21bezoshack-facebookJumbo Analysis Said to Tie Hacking of Bezos’ Phone to Saudi Leader’s Account Text Messaging national enquirer Mohammed bin Salman (1985- ) Khashoggi, Jamal Instant Messaging FTI Consulting Inc Cyberwarfare and Defense Classified Information and State Secrets Bezos, Jeffrey P Assassinations and Attempted Assassinations American Media Inc Amazon.com Inc

SEATTLE — A forensic analysis of Jeff Bezos’ cellphone found with “medium to high confidence” that the Amazon chief’s device was hacked after he received a video from a WhatsApp account reportedly belonging to Crown Prince Mohammed bin Salman of Saudi Arabia, according to a person familiar with the Bezos-ordered investigation.

After Mr. Bezos, who also owns The Washington Post, got the video over the WhatsApp messaging platform in 2018, his phone began sending unusually large volumes of data, said the person, who declined to be identified because they were not authorized to discuss the matter.

The person said the investigators believed Prince Mohammed was used as a conduit because the message would not raise suspicions if it came from him.

The findings of the forensics investigation, completed on behalf of Mr. Bezos by Anthony Ferrante at the business advisory firm FTI Consulting, could not be independently verified by The New York Times.

After the findings were reported by The Guardian and The Financial Times, the Saudi Embassy denied that the Saudi government was involved.

“Recent media reports that suggest the Kingdom is behind a hacking of Mr. Jeff Bezos’ phone are absurd,” the Saudi Embassy said on Twitter. “We call for an investigation on these claims so that we can have all the facts out.”

Mr. Bezos’ security consultant, Gavin de Becker, had previously accused the Saudi government of hacking Mr. Bezos’ phone, saying Saudi authorities targeted Mr. Bezos because he owned The Washington Post. The Post has aggressively reported on the murder of Jamal Khashoggi, one of its columnists, who was a critic of the Saudi government. The Central Intelligence Agency has concluded that Prince Mohammed ordered the killing.

Two United Nations experts plan to release a public statement Wednesday morning “addressing serious allegations” that Mr. Bezos was hacked by receiving a WhatsApp message “reportedly from an account belonging to the crown prince of Saudi Arabia,” one of the experts, Agnes Callamard, said in an email.

Ms. Callamard, a specialist in extrajudicial killings, has been investigating Mr. Khashoggi’s murder, and David Kaye, an expert in human rights law, has been gathering information about violations of freedom of the press.

Amazon and Mr. de Becker declined to comment. William Isaacson, Mr. Bezos’ lawyer at Boies Schiller Flexner, declined to comment beyond saying that Mr. Bezos was cooperating with continuing investigations. Mr. Ferrante declined to comment through a FTI spokesman.

“All FTI Consulting client work is confidential,” Matt Bashalany, a spokesman for FTI, said in a statement. “We do not comment on, confirm or deny client engagements or potential engagements.”

The questions about who has had access to Mr. Bezos’ phone erupted a year ago, after The National Enquirer reported that the tech executive was romantically involved with Lauren Sanchez, a former TV anchor. At the time, The Enquirer published photos of the couple together, as well as intimate text messages.

Mr. Bezos later published emails from American Media, the parent company of The National Enquirer, which he said amounted to “extortion and blackmail.” He suggested that the leaks of photos and details of his private life could have been politically motivated to harm him because of his ownership of The Post.

In March, Mr. de Becker accused the Saudi government of hacking Mr. Bezos’s phone. In an opinion article in The Daily Beast, Mr. de Becker wrote that his “investigators and several experts concluded with high confidence” that the Saudis got private information from Mr. Bezos’ phone and that he turned the evidence they had uncovered over to law enforcement authorities.

Mr. de Becker did not detail specific evidence they uncovered, nor did he detail whether the leaked information was published by The Enquirer. American Media denied any Saudi involvement, saying Ms. Sanchez’s brother was the tabloid’s sole source.

Karen Weise reported from Seattle, and Matthew Rosenberg from Washington. Rick Gladstone contributed reporting from New York.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.

Westlake Legal Group 22DC-spy5-facebookJumbo It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool. United Arab Emirates Surveillance of Citizens by Government Social Media Privacy Politics and Government National Security Agency Mobile Applications Middle East Instant Messaging Google Play Google Inc Federal Bureau of Investigation Espionage and Intelligence Services Data-Mining and Database Marketing Dark Matter LLC Cyberwarfare and Defense Computers and the Internet Computer Security Classified Information and State Secrets Apple Inc Android (Operating System)

WASHINGTON — It is billed as an easy and secure way to chat by video or text message with friends and family, even in a country that has restricted popular messaging services like WhatsApp and Skype.

But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

ToTok amounts to the latest escalation in a digital arms race among wealthy authoritarian governments, interviews with current and former American foreign officials and a forensic investigation showed. The governments are pursuing more effective and convenient methods to spy on foreign adversaries, criminal and terrorist networks, journalists and critics — efforts that have ensnared people all over the world in their surveillance nets.

Persian Gulf nations like Saudi Arabia, the Emirates and Qatar previously turned to private firms — including Israeli and American contractors — to hack rivals and, increasingly, their own citizens. The development of ToTok, experts said, showed that the governments can cut out the intermediary to spy directly on their targets, who voluntarily, if unwittingly, hand over their information.

A technical analysis and interviews with computer security experts showed that the firm behind ToTok, Breej Holding, is most likely a front company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence and hacking firm where Emirati intelligence officials, former National Security Agency employees and former Israeli military intelligence operatives work. DarkMatter is under F.B.I. investigation, according to former employees and law enforcement officials, for possible cybercrimes. The American intelligence assessment and the technical analysis also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that appears to be tied to DarkMatter.

Pax AI’s headquarters operate from the same Abu Dhabi building as the Emirates’ signals intelligence agency, which until recently was where DarkMatter was based.

The U.A.E. is one of America’s closest allies in the Middle East, seen by the Trump administration as a bulwark against Iran and a close counterterrorism partner. Its ruling family promotes the country as an example of a modern, moderate Arab nation, but it has also been at the forefront of using surveillance technology to crack down on internal dissent — including hacking Western journalists, emptying the banking accounts of critics, and holding human rights activists in prolonged solitary confinement over Facebook posts.

The government blocks specific functions of apps like WhatsApp and Skype, a reality that has made ToTok particularly appealing in the country. Huawei, the Chinese telecom giant, recently promoted ToTok in advertisements.

Spokesmen for the C.I.A. and the Emirati government declined to comment. Calls to a phone number for Breej Holding rang unanswered, and Pax employees did not respond to emails and messages. An F.B.I. spokeswoman said that “while the F.B.I. does not comment on specific apps, we always want to make sure to make users aware of the potential risks and vulnerabilities that these mechanisms can pose.”

When The Times initially contacted Apple and Google representatives with questions about ToTok’s connection to the Emirati government, they said they would investigate. On Thursday, Google removed the app from its Play store after determining ToTok violated unspecified policies. Apple removed ToTok from its App Store on Friday and was still researching the app, a spokesman said. ToTok users who already downloaded the app will still be able to use it until they remove it from their phones.

It was unclear when American intelligence services first determined that ToTok was a tool of Emirati intelligence, but one person familiar with the assessment said that American officials have warned some allies about its dangers. It is not clear whether American officials have confronted their counterparts in the Emirati government about the app. One digital security expert in the Middle East, speaking on the condition of anonymity to discuss powerful hacking tools, said that senior Emirati officials told him that ToTok was indeed an app developed to track its users in the Emirates and beyond.

ToTok appears to have been relatively easy to develop, according to a forensic analysis performed for The Times by Patrick Wardle, a former National Security Agency hacker who works as a private security researcher. It appears to be a copy of a Chinese messaging app offering free video calls, YeeCall, slightly customized for English and Arabic audiences.

ToTok is a cleverly designed tool for mass surveillance, according to the technical analysis and interviews, in that it functions much like the myriad other Apple and Android apps that track users’ location and contacts.

On the surface, ToTok tracks users’ location by offering an accurate weather forecast. It hunts for new contacts any time a user opens the app, under the pretense that it is helping connect with their friends, much like how Instagram flags Facebook friends. It has access to users’ microphones, cameras, calendar and other phone data. Even its name is an apparent play on the popular Chinese app TikTok.

Though billed as “fast and secure,” ToTok makes no claim of end-to-end encryption, like WhatsApp, Signal or Skype. The only hint that the app discloses user data is buried in the privacy policy: “We may share your personal data with group companies.”

So instead of paying hackers to gain access to a target’s phone — the going rate is up to $2.5 million for a hacking tool that can remotely access Android phones, according to recent price lists — ToTok gave the Emirati government a way to persuade millions of users to hand over their most personal information for free.

“There is a beauty in this approach,” said Mr. Wardle, now a security researcher at Jamf, a software company. “You don’t need to hack people to spy on them if you can get people to willingly download this app to their phone. By uploading contacts, video chats, location, what more intelligence do you need?”

In an intelligence-gathering operation, Mr. Wardle said, ToTok would be Phase 1. Much like the National Security Agency’s bulk metadata collection program — which was quietly shut down this year — ToTok allows intelligence analysts to analyze users’ calls and contacts in search of patterns, though its collection is far more invasive. It is unclear whether ToTok allows the Emiratis to record video or audio calls of its users.

Each day, billions of people freely forgo privacy for the convenience of using apps on their phones. The Privacy Project by the Times’s Opinion section published an investigation last week revealing how app makers and third parties track the minute-by-minute movements of mobile phone users.

Private companies collected that data for targeted marketing. In ToTok’s case — according to current and former officials and digital crumbs the developers left behind — much of the information is funneled to intelligence analysts working on behalf the Emirati state.

In recent months, semiofficial state publications began promoting ToTok as the free app long sought by Emiratis. This month, users of a messaging service in the Emirates requiring paid subscriptions, Botim, received an alert telling users to switch to ToTok — which it called a “free, fast and secure” messaging app. Accompanying the message was a link to install it.

The marketing seems to have paid off.

In reviews, Emiratis expressed gratitude to ToTok’s developers for finally bringing them a free messaging app. “Blessings! Your app is the best App so far that has enable me and my family to stay connected!!!” one wrote. “Kudos,” another wrote. “Finally, an app that works in the UAE!”

ToTok’s popularity extended beyond the Emirates. According to recent Google Play rankings, it was among the top 50 free apps in Saudi Arabia, Britain, India, Sweden and other countries. Some analysts said it was particularly popular in the Middle East because — at least on the surface — it was unaffiliated with a large, powerful nation.

Though the app is a tool for the Emirati government, the exact relationship between the firms behind it is murky. Pax employees are made up of European, Asian and Emirati data scientists, and the company is run by Andrew Jackson, an Irish data scientist who previously worked at Palantir, a Silicon Valley firm that works with the Pentagon and American spy agencies.

Its affiliate company, DarkMatter, is in effect an arm of the Emirati government. Its operations have included hacking government ministries in Iran, Qatar and Turkey; executives of FIFA, the world soccer organization; journalists and dissidents.

Last month, the Emirati government announced that DarkMatter would combine with two dozen other companies to create a defense conglomerate focused on repelling cyberattacks.

The F.B.I. is investigating American employees of DarkMatter for possible cybercrimes, according to people familiar with the investigation. The inquiry intensified after former National Security Agency hackers working for the company grew concerned about its activities and contacted the bureau. Reuters first reported the program they worked on, Project Raven.

At Pax, data scientists openly brag about their work on LinkedIn. One who listed his title as “data science team lead” said he had created a “message intelligence platform” that reads billions of messages to answer four questions: “who you are, what you do, how do you think, and what is your relationship with others.”

“With the answers to these four questions, we know everything about one person,” wrote the data scientist, Jingyan Wang.

Other Pax employees describe their experience creating tools that can search government data sets for faces from billions of video feeds and pinpoint Arabic dialects from transcribed video messages.

None mention an affiliation with ToTok.

Mark Mazzetti reported from Washington, Nicole Perlroth from San Francisco and Ronen Bergman from Tel Aviv. Adam Goldman contributed reporting from Washington, and Ben Hubbard from Beirut, Lebanon.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

F.T.C. Is Said to Consider an Injunction Against Facebook

Westlake Legal Group 12facebook-facebookJumbo F.T.C. Is Said to Consider an Injunction Against Facebook Zuckerberg, Mark E WhatsApp Inc Social Media Mobile Applications Instant Messaging Instagram Inc Federal Trade Commission Facebook Inc Computers and the Internet Antitrust Laws and Competition Issues

SAN FRANCISCO — The Federal Trade Commission is considering seeking a preliminary injunction against Facebook to prevent the social network from integrating several of its messaging services, according to three people with knowledge of the matter.

The agency has discussed how the Silicon Valley company is stitching together the technical infrastructure underlying WhatsApp, Instagram and Facebook Messenger, said the people, who spoke on the condition of anonymity because the talks are confidential.

The F.T.C. is weighing whether such an integration would make it harder to potentially break up Facebook, they said, especially if the agency determines that the company’s acquisitions of some of those apps reduced competition in social networking. The agency has not made a final decision about what to do, the people said.

The F.T.C. and Facebook declined to comment. The potential injunction was reported earlier by The Wall Street Journal.

Facebook and other big technology companies — Google, Apple and Amazon — have been under growing scrutiny for how they are wielding their power. Facebook has attracted particular attention for its dominant position in social networking and how it bought smaller rivals such as Instagram and WhatsApp over the years, which buttressed its lead.

In July, Facebook disclosed that the F.T.C. was investigating it over antitrust concerns. The Justice Department, Congress and state attorneys general are also examining whether Facebook has acted anticompetitively.

Leading antitrust academics and others have laid out a case to regulators for breaking up Facebook by unraveling its acquisitions of Instagram and WhatsApp. They have argued that the company made “serial defensive acquisitions” to protect its edge in the market for social networks.

But seeking an injunction of this kind would be an uncommon step for a federal antitrust agency because officials rarely consider unwinding mergers that have already closed. A majority of F.T.C. commissioners would need to approve the move in a formal vote, said an agency official who was not authorized to speak publicly.

The agency would also face a high bar in court to show that Facebook was about to violate antitrust laws or already had, this person said. A court is unlikely to issue an injunction simply to give the commission more time to investigate, the person said.

The F.T.C. discussed seeking an injunction after Mark Zuckerberg, Facebook’s chief executive, disclosed he was working to unify the technical systems of WhatsApp, Instagram and Facebook Messenger. The integration would allow Facebook’s more than 2.7 billion users to communicate across the platforms, so messages sent through WhatsApp could be received by users who have Facebook accounts and forwarded, in turn, to people on Instagram.

In March, Mr. Zuckerberg said he was trying to unify the apps so that people could engage more easily in private and encrypted communications.

“We’re building a foundation for social communication aligned with the direction people increasingly care about: messaging each other privately,” he said in an interview at the time. “I believe a privacy-focused communications platform will become even more important than today’s open platforms.”

But regulators and lawmakers have been concerned that the moves may make it more difficult to disentangle the apps in the future.

In practice, the back-end infrastructure of many Facebook properties has been shared for some time. Facebook and Instagram both use the same architecture to run their advertising businesses, for example.

If the F.T.C. thinks “that there is any plausible case for challenging previous transactions,” said Gene Kimmelman, a former Department of Justice antitrust official, “seeking an injunction to prevent integration is critical because otherwise they mix the assets together.”

“It’s a little bit like scrambling an egg,” added Mr. Kimmelman, now a senior adviser at the consumer group Public Knowledge.

Facebook announced that it was buying Instagram, a photo-sharing app with only a baker’s dozen full-time employees, for $1 billion in 2012. The app quickly swelled to more than one billion users and is now widely seen as the crown jewel of the Facebook empire.

Mr. Zuckerberg made another audacious bet in 2014 with the $22 billion purchase of WhatsApp, an app that sends text, video and photo messages. WhatsApp is especially popular internationally. Wall Street analysts have said the app, which brings in little revenue, could become a big moneymaker.

Both deals were approved by the F.T.C.

Joseph Simons, the agency’s chairman, has recently said it is open to breaking up big tech companies but has also highlighted the challenges of unwinding mergers of the firms. He has publicly said Facebook’s plan to integrate its apps would pose challenges if regulators wanted to split up the social network.

The F.T.C. has previously faced criticism over whether it has acted aggressively enough against big tech companies.

In July, the agency announced a record $5 billion fine against Facebook to settle privacy violations with users’ data. But Democratic lawmakers and consumer groups said the action was inadequate and would not deter the company from harming users because the agreement did not force changes to social network’s core business of collecting data for targeted advertising.

Mike Isaac reported from San Francisco, and Cecilia Kang from Washington. Jack Nicas contributed reporting from San Francisco, and David McCabe from Washington.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

F.T.C. Said to Consider Injunction Against Facebook

Westlake Legal Group 12facebook-facebookJumbo F.T.C. Said to Consider Injunction Against Facebook Zuckerberg, Mark E WhatsApp Inc Social Media Mobile Applications Instant Messaging Instagram Inc Federal Trade Commission Facebook Inc Computers and the Internet Antitrust Laws and Competition Issues

SAN FRANCISCO — The Federal Trade Commission is considering seeking a preliminary injunction against Facebook to prevent the social network from integrating several of its messaging services, according to three people with knowledge of the matter.

The agency has discussed how the Silicon Valley company is stitching together the technical infrastructure underlying WhatsApp, Instagram and Facebook Messenger, said the people, who spoke on the condition of anonymity because the talks are confidential.

The F.T.C. is weighing whether such an integration would make it harder to potentially break up Facebook, they said, especially if the agency determines that the company’s acquisitions of some of those apps reduced competition in social networking. The agency has not made a final decision about what to do, the people said.

The F.T.C. and Facebook declined to comment. The potential injunction was reported earlier by The Wall Street Journal.

Seeking an injunction of this kind would be an uncommon step for a federal antitrust agency because officials rarely consider unwinding mergers that have already closed. A majority of F.T.C. commissioners would need to approve the move in a formal vote, said an agency official who was not authorized to speak publicly.

The agency would face a high bar in court to show that Facebook was about to violate antitrust laws or already had, this person said. A court is unlikely to issue an injunction simply to give the commission more time to investigate, the person said.

For months, Mark Zuckerberg, Facebook’s chief executive, has been working to unify the technical systems of WhatsApp, Instagram and Facebook Messenger. That would allow Facebook’s more than 2.7 billion users to communicate across the platforms, so messages sent through WhatsApp could be received by users who have Facebook accounts and forwarded, in turn, to people on Instagram.

In March, Mr. Zuckerberg said he was trying to unify the apps so that people could engage more easily in private and encrypted communications.

“We’re building a foundation for social communication aligned with the direction people increasingly care about: messaging each other privately,” he said in an interview at the time. “I believe a privacy-focused communications platform will become even more important than today’s open platforms.”

But regulators and lawmakers have been concerned that an integration may make it more difficult to disentangle the apps in the future. In July, Facebook disclosed that the F.T.C. was investigating it over antitrust concerns. The Justice Department, Congress and state attorneys general are also examining whether Facebook has acted anticompetitively.

Leading antitrust academics and others have laid out a case to regulators for breaking up Facebook by unraveling its acquisitions of Instagram and WhatsApp. They have argued that the company made “serial defensive acquisitions” to protect its dominant position in the market for social networks.

In practice, the back-end infrastructure of many Facebook properties has been shared for some time. Facebook and Instagram both use the same architecture to run their advertising businesses, for example.

Mike Isaac reported from San Francisco, and Cecilia Kang from Washington. Jack Nicas contributed reporting from San Francisco, and David McCabe from Washington.

This is a developing story and will be updated.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

Facebook and Barr Escalate Standoff Over Encrypted Messages

Westlake Legal Group 10facebook-sub-facebookJumbo Facebook and Barr Escalate Standoff Over Encrypted Messages WhatsApp Inc Instant Messaging Facebook Inc Computers and the Internet Computer Security Barr, William P

WASHINGTON — Facebook executives and Attorney General William P. Barr sparred on Monday over whether encrypted messaging products should be open to law enforcement, escalating a standoff over privacy and policing.

In a letter from the company to Mr. Barr, the executives overseeing Facebook’s WhatsApp and Messenger, Will Cathcart and Stan Chudnovsky, wrote that creating a so-called backdoor into their services for law enforcement would make their users less safe.

“The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm,” the executives said. Their letter was sent ahead of a Senate hearing on Tuesday about encryption, at which Facebook and Apple executives testified.

At an afternoon event, Mr. Barr said that dealing with problems that strong encryption creates for law enforcement was one of the Justice Department’s “highest priorities.”

Mr. Barr said that drug cartels, child pornographers and other criminals increasingly used and hid behind messaging apps that law enforcement cannot access during investigations, even with a warrant. Companies like Facebook are selling the idea that “no matter what you do, you’re completely impervious to government surveillance,” Mr. Barr said.

“Do we want to live in a society like that?” he said. “I don’t think we do.”

The dueling comments were the latest volleys in a yearslong fight between tech companies and law enforcement officials over how to balance privacy and security with digital communications. It has ensnared not only Facebook, but also Apple, and it promises to become more intense as more messaging services become encrypted.

In 2016, a federal judge ordered Apple to help the Federal Bureau of Investigation unlock an iPhone tied to a 2015 mass shooting in San Bernardino, Calif. The agency ultimately unlocked the phone without Apple’s help, easing tensions for a time.

Mr. Barr renewed the debate this year, saying that Facebook’s moves toward end-to-end encryption — which shields the content of messages from everyone but the sender and recipient — makes it harder for law enforcement officers to track malicious behavior online. The technology makes it harder to investigate child predators and terrorists, he has said.

Mr. Barr, joined by his British and Australian counterparts, wrote an open letter to Facebook chief executive Mark Zuckerberg in October asking that he take steps to enable “law enforcement to obtain lawful access to content in a readable and usable format.” Companies, they said, “should not deliberately design their systems to preclude any form of access to content,” especially for the investigations of the most serious crimes.

Lawmakers of both parties echoed those worries on Tuesday, threatening to take action if the companies didn’t satisfy their concerns.

“You’re going to find a way to do this, or we’re going to do this for you,” said Sen. Lindsey Graham, Republican of South Carolina and the chairman of the Judiciary Committee. “You’re either the solution, or you’re the problem.”

If Mr. Barr wants to push the issue with Facebook or another tech company, he could take the issue to court, as the government did during the fight over encryption with Apple in 2016. In that case, the Justice Department had secured a search warrant for the phone of an attacker in the San Bernardino shooting. Prosecutors successfully pursued a court order compelling Apple’s assistance. Apple opposed the order. But when the agency found another way to unlock the phone, it dropped the case.

Throughout the hearing on Tuesday, Facebook and Apple representatives said that the companies were committed to working with law enforcement. The witness from Facebook detailed how the company could detect malicious content in spite of encryption.

Encrypting its messaging products is the central aspect of Facebook’s plan to rebrand itself as privacy-focused, after being battered for years by revelations that it mishandled user data. But it has also put the company, which is already the subject of consumer privacy and antitrust investigations, on another collision course with governments around the world.

In recent years, Facebook has undergone a networkwide shift from spreading information openly through the News Feed to more private channels, like Messenger, WhatsApp and Instagram Direct. As users have flocked to one-to-one and private group messaging, it has become more difficult to root out the spread of illicit activity — drug dealing, child pornography, firearms trafficking.

The network also has come under intense criticism for the role private messaging has played in the proliferation of misinformation. In the months before the Brazilian presidential election in October 2018, WhatsApp groups created by anonymous users spread misleading voting and candidate information.

In most regions outside the United States, WhatsApp plays an outsize role in how people communicate with one another, surpassing standard text messaging and other methods. Facebook’s strategy, led by Mr. Zuckerberg, has been to seize on that popularity and focus more on private and group-chat experiences.

In March, Mr. Zuckerberg unveiled a grand plan to encrypt and knit together the back ends of the company’s messaging services, an enormous feat of coding that could take years. The move could eventually help Facebook monetize those services, which account for relatively little revenue.

Jay Sullivan, who oversees privacy and integrity for Messenger, told lawmakers at Tuesday’s hearing, “We think it is critical that American companies lead in the area of secure, encrypted messaging.”

David McCabe and Katie Benner reported from Washington, and Mike Isaac from San Francisco.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

Facebook Tells Barr It Won’t Open Up Encrypted Messages

Westlake Legal Group 10facebook-facebookJumbo Facebook Tells Barr It Won’t Open Up Encrypted Messages WhatsApp Inc Instant Messaging Facebook Inc Computers and the Internet Computer Security Barr, William P

WASHINGTON — Facebook executives told Attorney General William P. Barr on Monday that they would not open up the company’s encrypted messaging products to law enforcement, escalating a standoff with the government over privacy and policing.

In a letter from the company, the executives overseeing Facebook’s WhatsApp and Messenger, Will Cathcart and Stan Chudnovsky, wrote that creating a so-called backdoor into their services would make their users less safe.

“The ‘backdoor’ access you are demanding for law enforcement would be a gift to criminals, hackers and repressive regimes, creating a way for them to enter our systems and leaving every person on our platforms more vulnerable to real-life harm,” they said in the letter, which was obtained by The New York Times. “It is simply impossible to create such a backdoor for one purpose and not expect others to try and open it.”

Mr. Barr has said that Facebook’s moves toward end-to-end encryption, which shields the content of messages from everyone but the sender and recipient, makes it harder for law enforcement officers to track malicious behavior online. The technology makes it harder to investigate child predators and terrorists, he has said.

Mr. Barr, joined by his British and Australian counterparts, wrote an open letter to Facebook chief executive Mark Zuckerberg in October asking that he take steps to enable “law enforcement to obtain lawful access to content in a readable and usable format.” Companies, they said, “should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes.”

Encrypting its messaging products is the central aspect of Facebook’s plan to rebrand itself as privacy-focused after being battered for years by revelations that it mishandled user data. But it has also put the company, which is already the subject of consumer privacy and antitrust investigations, on another collision course with governments around the world.

This is a developing story. It will be updated.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com 

What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech

Westlake Legal Group 19endtoend-illo-facebookJumbo What Is End-to-End Encryption? Another Bull’s-Eye on Big Tech Zuckerberg, Mark E WhatsApp Inc Surveillance of Citizens by Government Privacy Instant Messaging Google Inc Facebook Inc Cook, Timothy D Computers and the Internet Computer Security Barr, William P Apple Inc

SAN FRANCISCO — A Justice Department official hinted on Monday that a yearslong fight over encrypted communications could become part of a sweeping investigation of big tech companies.

While a department spokesman declined to discuss specifics, a speech Monday by the deputy attorney general, Jeffrey A. Rosen, pointed toward heightened interest in technology called end-to-end encryption, which makes it nearly impossible for law enforcement and spy agencies to get access to people’s digital communications.

Law enforcement and technologists have been arguing over encryption controls for more than two decades. On one side are privacy advocates and tech bosses like Apple’s chief executive, Timothy D. Cook, who believe people should be able to have online communications free of snooping. On the other side are law enforcement and some lawmakers, who believe tough encryption makes it impossible to track child predators, terrorists and other criminals.

Attorney General William P. Barr, joined by his British and Australian counterparts, recently pressed Facebook’s chief executive, Mark Zuckerberg, to abandon plans to embed end-to-end encryption in services like Messenger and Instagram. WhatsApp, which is owned by Facebook, already provides that tougher encryption.

“Companies should not deliberately design their systems to preclude any form of access to content even for preventing or investigating the most serious crimes,” Mr. Barr wrote in a letter last month.

Here is an explanation of the technology and the stakes.

End-to-end encryption scrambles messages in such a way that they can be deciphered only by the sender and the intended recipient. As the label implies, end-to-end encryption takes place on either end of a communication. A message is encrypted on a sender’s device, sent to the recipient’s device in an unreadable format, then decoded for the recipient.

There are several ways to do this, but the most popular works like this: A program on your device mathematically generates two cryptographic keys — a public key and a private key.

The public key can be shared with anyone who wants to encrypt a message to you. The private key, or secret key, decrypts messages sent to you and never leaves your device. Think of it as a locked mailbox. Anyone with a public key can put something in your box and lock it, but only you have the private key to unlock it.

A more common form of encryption, known as transport layer encryption, relies on a third party, like a tech company, to encrypt messages as they move across the web.

With this type of encryption, law enforcement and intelligence agencies can get access to encrypted messages by presenting technology companies with a warrant or national security letter. The sender and recipient would not have to know about it.

End-to-end encryption ensures that no one can eavesdrop on the contents of a message while it is in transit. It forces spies or snoops to go directly to the sender or recipient to read the content of the encrypted message. Or they must hack directly into the sender’s or recipient’s device, something that can be harder to do “at scale” and makes mass surveillance much more difficult.

Privacy activists, libertarians, security experts and human rights activists argue that end-to-end encryption steers governments away from mass surveillance and toward a more targeted, constitutional form of intelligence gathering. But intelligence and law enforcement agencies argue that end-to-end encryption makes it much harder to track terrorists, pedophiles and human traffickers.

When Mr. Zuckerberg announced in March that Facebook would move all three of its messaging services to end-to-end encryption, he acknowledged the risk it presented for “truly terrible things like child exploitation.”

“Encryption is a powerful tool for privacy, but that includes the privacy of people doing bad things,” he said.

The debate over end-to-end encryption has had several iterations, beginning in the 1990s with the spread of Pretty Good Privacy, or PGP, software, an end-to-end encryption scheme designed by a programmer named Phil Zimmermann. As a result, the Clinton administration proposed a “Clipper Chip,” a back door for law enforcement and security agencies.

But the Clipper Chip provoked a backlash from a coalition of unlikely bedfellows, including the American Civil Liberties Union; the televangelist Pat Robertson; and Senators John Kerry, the Massachusetts Democrat, and John Ashcroft, the Missouri Republican. The White House backed down in 1996.

End-to-end encryption gained more traction in 2013, after data leaked by the former National Security Agency contractor Edward J. Snowden appeared to show the extent to which the N.S.A. and other intelligence and law enforcement agencies were gaining access to users’ communications through companies like Yahoo, Microsoft, Google and Facebook without their knowledge.

Encrypted messaging apps like Signal and Wicker gained in popularity, and tech giants like Apple and Facebook started wrapping user data in end-to-end encryption.

Google, which pledged to add an end-to-end encryption option for Gmail users several years ago, has not made this the default option for email. But the company does offer a video-calling app, Duo, that is end-to-end encrypted.

As more communications moved to these end-to-end encrypted services, law enforcement and intelligence services around the world started to complain about data’s “going dark.”

Government agencies have tried to force technology companies to roll back end-to-end encryption, or build back doors, like the Clipper Chip of the 1990s, into their encrypted products to facilitate government surveillance.

In the most aggressive of these efforts, the F.B.I. tried in 2016 to compel Apple in federal court to unlock the iPhone of one of the attackers in the 2015 mass shooting in San Bernardino, Calif.

Mr. Cook of Apple called the F.B.I.’s effort “the software equivalent of cancer.” He said complying with the request would open the door to more invasive government interception down the road.

“Maybe it’s an operating system for surveillance, maybe the ability for the law enforcement to turn on the camera,” Mr. Cook told ABC News. “I don’t know where it stops.”

Privacy activists and security experts noted that any back door created for United States law enforcement agencies would inevitably become a target for foreign adversaries, cybercriminals and terrorists.

Alex Stamos, the chief security officer of Yahoo at the time, likened the creation of an encryption back door to “drilling a hole in the windshield.” By trying to provide an entry point for one government, you end up cracking the structural integrity of the entire encryption shield.

The F.B.I. eventually backed down. Instead of forcing Apple to create a back door, the agency said it had paid an outside party to hack into the phone of the San Bernardino gunman.

Governments have stepped up their calls for an encryption back door.

Last year, Australian lawmakers passed a bill requiring technology companies to provide law enforcement and security agencies with access to encrypted communications. The bill gave the government the ability to get a court order allowing it to secretly order technology companies and technologists to re-engineer software and hardware so that it can be used to spy on users.

Australia’s law is based on Britain’s 2016 Investigatory Powers Act, which compels British companies to hand over the keys to unscramble encrypted data to law enforcement agencies. The Australian law could apply to overseas companies like Facebook and Apple.

Australia’s new law applies to network administrators, developers and other tech employees, forcing them to comply with secret government demands without notifying their employers.

Other governments are also considering new encryption laws. In India, Facebook’s biggest market, officials told the country’s Supreme Court in October that Indian law requires Facebook to decrypt messages and supply them to law enforcement upon request.

“They can’t come into the country and say, ‘We will establish a non-decryptable system,’” India’s attorney general, K.K. Venugopal, told the court, referring to Facebook and other big tech platforms. India’s Supreme Court has said it will reconvene on the issue in January.

Real Estate, and Personal Injury Lawyers. Contact us at: https://westlakelegal.com