1) If you're counting investment, you should count it in dollars, not number of investors or corporate entity locations.
2) This is missing at least two extremely well-known CNE vendors, which makes me doubt its accuracy.
3) The takeaway from the graph on Mythical Beasts [1] should be that the industry is _very small_, not that it's very big.
4) Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? Get a warrant -> own a phone is a very straightforward process that fits into existing models of civil liberties in the US.
This data set is missing even several pretty well-known CNE vendors.
The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies.
bigyabai · 11m ago
> why would you expect the US not to be the largest investor?
Mostly because $FAV_TECH_COMPANY constantly tells me they love privacy. They fight backdoors in court, they rush out security patches and closely coordinate with the government to ensure I'm safe. Every advertisement seems to reinforce the idea that they cared about my security, I guess I put too much faith in the principles of private enterprise.
tptacek · 6m ago
What would that have to do with anything I just said?
The headline can't be taken at face value. "Largest" is based on the number of investing entities (including individuals), not something more objective like dollars invested. Also, the US is not making these decisions as the headline implies.
Enterprises are generally not customers of serious CNE vendors.
evanjrowley · 42m ago
This is a big step beyond just enterprise EDR/MDM
OutOfHere · 1h ago
Hacking personal devices goes way beyond enterprise security. It is cybercriminal behavior.
mensetmanusman · 24m ago
Google and FB are commercial spyware.
reactordev · 20m ago
Microsoft Teams and O365 suite are as well.
esalman · 1h ago
The former number one, and current number two, is anyone's guess.
My home country does not have formal diplomatic ties with them, yet we purchased and deployed surveillance tech from this country.
We live in a truly dystopian nightmare.
howmayiannoyyou · 27m ago
Good. I want my tax dollars allocated to penetrating every and any system my country's adversaries may use to undermine our interests or threaten our people. And, I want maximum penalties, civil and criminal, for any person or company who misuses these systems for personal or political gain. Also, I'd like to see mandatory statutory civil damages for any vendor creating and/or selling/providing these systems who does so in a negligent or malicious manner, same as we provide for other high risk products and services.
vkou · 24m ago
Well, you're definitely not going to get the latter two, and the only guarantee about the first one is that they will definitely be used against enemies of the state.
Whether there's any overlap between them and enemies of the people will heavily depend on the latter's ability to steer towards good governance. The track record for the past few decades hasn't been great.
ChainnChompp · 10m ago
Nailed it - well said. Going to take some serious work for the populace to start steering the ship again, unfortunately.
It is why the employer contracts the hacking firm to do it all for them. Meanwhile, the employer has deniability. The employer receives reports of your data and activities as accessed by the firm. That is the whole point. It's a legal gray area. Being naive and daft about it doesn't help.
dadrian · 18m ago
No, that is also illegal.
tptacek · 19m ago
Sounds made up.
bamboozled · 1h ago
“Freedomware”
Group_B · 1h ago
Gotta love the good old US of A. I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. An amazing world we live in.
generalizations · 57m ago
I suspect that in the very near future, the latter will dramatically decrease and the former dramatically increase. I wonder how that tradeoff will be perceived.
bregma · 16m ago
As surveillance increases the definition of crime will expand.
Consider the incentives. Surveillance is costly. The only way to justify increasing surveillance costs is to demonstrate increasing intervention in criminal activity. If traditional crime is reduced, new crimes need to be introduced.
Once all the enemies of the state have been eliminated, it becomes mandatory to introduce new enemies of the state so they, too, can be rounded up. Eventually there will be no one left to come for and the surveillance technology will go unmonitored.
jrochkind1 · 42m ago
Don't worry, the crime wont' actually decrease either.
hansvm · 42m ago
Maybe. If we use our powers too capriciously then they'll deter behaviors other than criminal behaviors. Like that boat of alleged drug traffickers we recently blew up -- that looks more likely to discourage boating within 1000 miles of the US than any particular crime.
falcor84 · 53m ago
What do you mean? What would lead to government surveillance decreasing?
wil421 · 45m ago
No he means crime will dramatically decrease and surveillance will increase. I’d be inclined to agree.
roughly · 49m ago
> I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still.
One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former.
mrtesthah · 49m ago
The problem is that when laws no longer apply to certain individuals in our government, we no longer have rule of law at all, because a law is inherently universal. The US is rotting from the head.
kubb · 1h ago
At least you have freedom… in some sense.
No comments yet
RianAtheer · 2h ago
Wow, didn’t know the U.S. is now the top investor in commercial spyware clearly a big push for cyber defense and global intelligence edge. Essentially, it’s about maintaining an edge in cyber operations and national security. The U.S likely sees commercial spyware not just as a tool for spying, but as a strategic investment to keep up with global cyber threats.
linkregister · 1h ago
Investment in these firms does not equate to improved national security. Existing US government programs exceed the capabilities of these firms. A purpose for contracting with these firms is to evade the significant legal oversight present in the NSA, CIA, and FBI computer network exploitation programs.
OutOfHere · 1h ago
US and Israel are the the global cyber threat.
SilverElfin · 1h ago
What about China? Salt typhoon was just one among many actual attacks, not just threats, connected back to the Chinese state.
soperj · 1h ago
What attacks from the US have you heard of?
autoexec · 46m ago
Does microsoft windows count?
Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too.
That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places.
OutOfHere · 1h ago
Yes, but with rare exceptions, China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. Meanwhile, the US and Israel are well known to target individuals both domestically and around the world irrespective of their affiliation.
SilverElfin · 55m ago
What is power? Like legally? China definitely has international policing outposts that are meant to cast their power outside their borders.
1) If you're counting investment, you should count it in dollars, not number of investors or corporate entity locations.
2) This is missing at least two extremely well-known CNE vendors, which makes me doubt its accuracy.
3) The takeaway from the graph on Mythical Beasts [1] should be that the industry is _very small_, not that it's very big.
4) Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? Get a warrant -> own a phone is a very straightforward process that fits into existing models of civil liberties in the US.
[1]: https://mythicalbeasts.atlanticcouncil.org/
The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies.
Mostly because $FAV_TECH_COMPANY constantly tells me they love privacy. They fight backdoors in court, they rush out security patches and closely coordinate with the government to ensure I'm safe. Every advertisement seems to reinforce the idea that they cared about my security, I guess I put too much faith in the principles of private enterprise.
The headline can't be taken at face value. "Largest" is based on the number of investing entities (including individuals), not something more objective like dollars invested. Also, the US is not making these decisions as the headline implies.
My home country does not have formal diplomatic ties with them, yet we purchased and deployed surveillance tech from this country.
We live in a truly dystopian nightmare.
Whether there's any overlap between them and enemies of the people will heavily depend on the latter's ability to steer towards good governance. The track record for the past few decades hasn't been great.
Report: https://www.atlanticcouncil.org/in-depth-research-reports/re...
Dataset: https://github.com/ac-csi/mythical-beasts
Consider the incentives. Surveillance is costly. The only way to justify increasing surveillance costs is to demonstrate increasing intervention in criminal activity. If traditional crime is reduced, new crimes need to be introduced.
Once all the enemies of the state have been eliminated, it becomes mandatory to introduce new enemies of the state so they, too, can be rounded up. Eventually there will be no one left to come for and the surveillance technology will go unmonitored.
One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former.
No comments yet
Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too.
That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places.
https://www.nytimes.com/2023/01/12/world/europe/china-outpos...
I am not certain that is necessarily true. At least, not if one is originally from China.
https://www.publicsafety.gc.ca/cnt/trnsprnc/brfng-mtrls/prlm...