1) If you're counting investment, you should count it in dollars, not number of investors or corporate entity locations.
2) This is missing at least two extremely well-known CNE vendors, which makes me doubt its accuracy.
3) The takeaway from the graph on Mythical Beasts [1] should be that the industry is _very small_, not that it's very big.
4) Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? Get a warrant -> own a phone is a very straightforward process that fits into existing models of civil liberties in the US.
"Would you prefer to have China or Russia or the Middle East be the biggest player?"
To be fair, an objective person might prefer to have _no_ "big players"
Whether a biased or self-interested commenter on the subject believes this is possible or not doesn't eliminate the possibilty of this preference
It is like asking whether a voter would prefer to have the "biggest players" giving funds to X candidate or Y candidate, ignoring whether the voter would actually prefer campaign finance reform instead
You're not wrong, but youre showing an unserious idealism yourself. Your scenario is more akin to "i dont think there should be a biggest nuke owner, so we're going to pass laws banning nukes" While the USSR simply proceeds with making nukes.
>Would you prefer to have China or Russia or the Middle East be the biggest player?
If the absolute value of China + Russia + ME was the same, but US went down? Yeah, probably. Doubly so if sales going down meant less R&D investment and therefore lower quality software.
We also dont know how much money China is investing in govt spyware either.
I dont really trust the intent of any information I read online. This article could well be part of a influence campaign by a foreign power.
"Because if you talk about something the most, this means you have it the most.." is how most people perceive things. Of course, the opposite is often true.
This data set is missing even several pretty well-known CNE vendors.
The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies.
> why would you expect the US not to be the largest investor?
Mostly because $FAV_TECH_COMPANY constantly tells me they love privacy. They fight backdoors in court, they rush out security patches and closely coordinate with the government to ensure I'm safe. Every advertisement seems to reinforce the idea that they cared about my security, I guess I put too much faith in the principles of private enterprise.
> What would that have to do with anything I just said?
It's a direct answer to the question you posed, which was email-quoted in the first line of the comment.
It relates the point of view of someone who's substantially tech-ignorant and -in part because they simply don't have time or energy to think much on the topic- entirely unaware of how the intelligence and infosec world works. People like that make up a somewhat-surprising fraction of the US population. Sometimes folks who work in computers are a member of this subset of the population!
It might help inform you, if you're unfamiliar with the sentiment Americans hold towards security?
Don't take my word for it, though. Scroll through the rest of the comments in this thread, I counted all of three unique users that took this article at face-value. The fact that we see this cognitive dissonance on HN should really reinforce how unimportant online security is to Silicon Valley.
The headline can't be taken at face value. "Largest" is based on the number of investing entities (including individuals), not something more objective like dollars invested. Also, the US is not making these decisions as the headline implies.
It is why the employer contracts the hacking firm to do it all for them. Meanwhile, the employer has deniability. The employer receives reports of your data and activities as accessed by the firm. That is the whole point. It's a legal gray area. Being naive about it doesn't help.
Investment in these firms does not equate to improved national security. Existing US government programs exceed the capabilities of these firms. A purpose for contracting with these firms is to evade the significant legal oversight present in the NSA, CIA, and FBI computer network exploitation programs.
Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too.
That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places.
Yes, but with rare exceptions, China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. Meanwhile, the US and Israel are well known to target individuals both domestically and around the world irrespective of their affiliation.
I am not sure I am following you. Who are you implying are the bombers and during what time period?
As for China not bombing anyone, while true, I believe it's merely a matter of time. While I hope I am wrong, Taiwan seems awfully worried to be located about 80 miles away from their peaceful and loving neighbor for some reason.
And you think China won't bomb foreign adversaries if they can? Or any country for that matter.
The answer is don't place yourself in the crosshairs of great powers in the first place, which then puts into the degree you can align yourself with their interests.
It's also important to keep in mind that China has less than a quarter of the per capita prison population as the US. If you're talking about who's a police state, the US and China just aren't in the same universe.
Or from another direction, China has 4x the population of the US, and still has fewer people in prison.
1. That is under the assumption that the Chinese government is releasing accurate data. I assume international entities are not granted access to Chinese prison facilities directly, but I could be wrong.
2. There are 'alternative' ways of dealing with suspects and criminals other than prison sentences. And on that note, if China has a lower per capita prison population than the US, then it makes China having the highest rate of capital punishments even worse.
That's more on an indictment of multiculturalism as opposed to cultural homogenization though, which I imagine many here would furiously oppose the latter.
So no, and I'm not sure why OP decided to single out Israel here given it is a order of magnitude less than the others and there are so many other nations, unless if they have a specific agenda to push here.
Gotta love the good old US of A. I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. An amazing world we live in.
I suspect that in the very near future, the latter will dramatically decrease and the former dramatically increase. I wonder how that tradeoff will be perceived.
As surveillance increases the definition of crime will expand.
Consider the incentives. Surveillance is costly. The only way to justify increasing surveillance costs is to demonstrate increasing intervention in criminal activity. If traditional crime is reduced, new crimes need to be introduced.
Once all the enemies of the state have been eliminated, it becomes mandatory to introduce new enemies of the state so they, too, can be rounded up. Eventually there will be no one left to come for and the surveillance technology will go unmonitored.
Maybe. If we use our powers too capriciously then they'll deter behaviors other than criminal behaviors. Like that boat of alleged drug traffickers we recently blew up -- that looks more likely to discourage boating within 1000 miles of the US than any particular crime.
The increase in crime is purely political problem emerging from the demands of a certain segment of middle and upper middle classes, not the government or working class.
> I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still.
One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former.
The problem is that when laws no longer apply to certain individuals in our government, we no longer have rule of law at all, because a law is inherently universal. The US is rotting from the head.
Good. I want my tax dollars allocated to penetrating every and any system my country's adversaries may use to undermine our interests or threaten our people. And, I want maximum penalties, civil and criminal, for any person or company who misuses these systems for personal or political gain. Also, I'd like to see mandatory statutory civil damages for any vendor creating and/or selling/providing these systems who does so in a negligent or malicious manner, same as we provide for other high risk products and services.
Well, you're definitely not going to get the latter two, and the only guarantee about the first one is that they will definitely be used against enemies of the state.
Whether there's any overlap between them and enemies of the people will heavily depend on the latter's ability to steer towards good governance. The track record for the past few decades hasn't been great.
This is an unserious article.
1) If you're counting investment, you should count it in dollars, not number of investors or corporate entity locations.
2) This is missing at least two extremely well-known CNE vendors, which makes me doubt its accuracy.
3) The takeaway from the graph on Mythical Beasts [1] should be that the industry is _very small_, not that it's very big.
4) Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? Get a warrant -> own a phone is a very straightforward process that fits into existing models of civil liberties in the US.
[1]: https://mythicalbeasts.atlanticcouncil.org/
"Would you prefer to have China or Russia or the Middle East be the biggest player?"
To be fair, an objective person might prefer to have _no_ "big players"
Whether a biased or self-interested commenter on the subject believes this is possible or not doesn't eliminate the possibilty of this preference
It is like asking whether a voter would prefer to have the "biggest players" giving funds to X candidate or Y candidate, ignoring whether the voter would actually prefer campaign finance reform instead
You're not wrong, but youre showing an unserious idealism yourself. Your scenario is more akin to "i dont think there should be a biggest nuke owner, so we're going to pass laws banning nukes" While the USSR simply proceeds with making nukes.
>Would you prefer to have China or Russia or the Middle East be the biggest player?
If the absolute value of China + Russia + ME was the same, but US went down? Yeah, probably. Doubly so if sales going down meant less R&D investment and therefore lower quality software.
It also assumes we'd have records of investments outside the US/EU market to begin with.
We also dont know how much money China is investing in govt spyware either.
I dont really trust the intent of any information I read online. This article could well be part of a influence campaign by a foreign power.
"Because if you talk about something the most, this means you have it the most.." is how most people perceive things. Of course, the opposite is often true.
This data set is missing even several pretty well-known CNE vendors.
The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies.
> why would you expect the US not to be the largest investor?
Mostly because $FAV_TECH_COMPANY constantly tells me they love privacy. They fight backdoors in court, they rush out security patches and closely coordinate with the government to ensure I'm safe. Every advertisement seems to reinforce the idea that they cared about my security, I guess I put too much faith in the principles of private enterprise.
What would that have to do with anything I just said?
> What would that have to do with anything I just said?
It's a direct answer to the question you posed, which was email-quoted in the first line of the comment.
It relates the point of view of someone who's substantially tech-ignorant and -in part because they simply don't have time or energy to think much on the topic- entirely unaware of how the intelligence and infosec world works. People like that make up a somewhat-surprising fraction of the US population. Sometimes folks who work in computers are a member of this subset of the population!
It might help inform you, if you're unfamiliar with the sentiment Americans hold towards security?
Don't take my word for it, though. Scroll through the rest of the comments in this thread, I counted all of three unique users that took this article at face-value. The fact that we see this cognitive dissonance on HN should really reinforce how unimportant online security is to Silicon Valley.
You can find a graph showing the relationships between investors and entities here: https://staging--atlantic-council-spyware.netlify.app/
The headline can't be taken at face value. "Largest" is based on the number of investing entities (including individuals), not something more objective like dollars invested. Also, the US is not making these decisions as the headline implies.
Aka enterprise security solutions
Enterprises are generally not customers of serious CNE vendors.
Cloud-based Enterprise Security Solution, thats important! ;-)
Centralized, Single-pane-of-glass, Cloud-based Enterprise Security Solution.
...is there an option that you add Blockchain somehow?
:-D
Charlie, I think we have our audit-log solution…
This is a big step beyond just enterprise EDR/MDM
Hacking personal devices goes way beyond enterprise security. It is cybercriminal behavior.
The former number one, and current number two, is anyone's guess.
My home country does not have formal diplomatic ties with them, yet we purchased and deployed surveillance tech from this country.
We live in a truly dystopian nightmare.
According to ars.
Google and FB are commercial spyware.
Microsoft Teams and O365 suite are as well.
I see multiple ex-employers listed at https://staging--atlantic-council-spyware.netlify.app/ | https://mythicalbeasts.dfrlab.org/. I strongly advise avoiding all prospective employers that use these services as they're practically guaranteed to hack your phone.
Report: https://www.atlanticcouncil.org/in-depth-research-reports/re...
Dataset: https://github.com/ac-csi/mythical-beasts
It is illegal for an employer to hack your phone.
It is why the employer contracts the hacking firm to do it all for them. Meanwhile, the employer has deniability. The employer receives reports of your data and activities as accessed by the firm. That is the whole point. It's a legal gray area. Being naive about it doesn't help.
No, that is also illegal.
Sounds made up.
“Freedomware”
[flagged]
Investment in these firms does not equate to improved national security. Existing US government programs exceed the capabilities of these firms. A purpose for contracting with these firms is to evade the significant legal oversight present in the NSA, CIA, and FBI computer network exploitation programs.
US and Israel are the the global cyber threat.
What about China? Salt typhoon was just one among many actual attacks, not just threats, connected back to the Chinese state.
What attacks from the US have you heard of?
Does microsoft windows count?
Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too.
That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places.
Stuxnet?
Yes, but with rare exceptions, China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. Meanwhile, the US and Israel are well known to target individuals both domestically and around the world irrespective of their affiliation.
What is power? Like legally? China definitely has international policing outposts that are meant to cast their power outside their borders.
https://www.nytimes.com/2023/01/12/world/europe/china-outpos...
> China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China.
I am not certain that is necessarily true. At least, not if one is originally from China.
https://www.publicsafety.gc.ca/cnt/trnsprnc/brfng-mtrls/prlm...
Telling someone their family is going to get it if they keep doing what they do is quite some distance away from... straight up bombing them.
I am not sure I am following you. Who are you implying are the bombers and during what time period?
As for China not bombing anyone, while true, I believe it's merely a matter of time. While I hope I am wrong, Taiwan seems awfully worried to be located about 80 miles away from their peaceful and loving neighbor for some reason.
And you think China won't bomb foreign adversaries if they can? Or any country for that matter.
The answer is don't place yourself in the crosshairs of great powers in the first place, which then puts into the degree you can align yourself with their interests.
And anybody who happens to be nearby.
It's also important to keep in mind that China has less than a quarter of the per capita prison population as the US. If you're talking about who's a police state, the US and China just aren't in the same universe.
Or from another direction, China has 4x the population of the US, and still has fewer people in prison.
1. That is under the assumption that the Chinese government is releasing accurate data. I assume international entities are not granted access to Chinese prison facilities directly, but I could be wrong.
2. There are 'alternative' ways of dealing with suspects and criminals other than prison sentences. And on that note, if China has a lower per capita prison population than the US, then it makes China having the highest rate of capital punishments even worse.
That's more on an indictment of multiculturalism as opposed to cultural homogenization though, which I imagine many here would furiously oppose the latter.
They have the power to arrest people in China. Any Chinese outside of China could have their family still in China arrested.
According to https://www.ox.ac.uk/news/2024-04-10-world-first-cybercrime-..., Russia (58), Ukraine (36), China (27) and then USA (25) top the list, with Israel (2.51) at a measly rank 16.
So no, and I'm not sure why OP decided to single out Israel here given it is a order of magnitude less than the others and there are so many other nations, unless if they have a specific agenda to push here.
Gotta love the good old US of A. I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. An amazing world we live in.
I suspect that in the very near future, the latter will dramatically decrease and the former dramatically increase. I wonder how that tradeoff will be perceived.
As surveillance increases the definition of crime will expand.
Consider the incentives. Surveillance is costly. The only way to justify increasing surveillance costs is to demonstrate increasing intervention in criminal activity. If traditional crime is reduced, new crimes need to be introduced.
Once all the enemies of the state have been eliminated, it becomes mandatory to introduce new enemies of the state so they, too, can be rounded up. Eventually there will be no one left to come for and the surveillance technology will go unmonitored.
Don't worry, the crime wont' actually decrease either.
Maybe. If we use our powers too capriciously then they'll deter behaviors other than criminal behaviors. Like that boat of alleged drug traffickers we recently blew up -- that looks more likely to discourage boating within 1000 miles of the US than any particular crime.
What do you mean? What would lead to government surveillance decreasing?
No he means crime will dramatically decrease and surveillance will increase. I’d be inclined to agree.
The increase in crime is purely political problem emerging from the demands of a certain segment of middle and upper middle classes, not the government or working class.
> I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still.
One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former.
The problem is that when laws no longer apply to certain individuals in our government, we no longer have rule of law at all, because a law is inherently universal. The US is rotting from the head.
At least you have freedom… in some sense.
[dead]
Good. I want my tax dollars allocated to penetrating every and any system my country's adversaries may use to undermine our interests or threaten our people. And, I want maximum penalties, civil and criminal, for any person or company who misuses these systems for personal or political gain. Also, I'd like to see mandatory statutory civil damages for any vendor creating and/or selling/providing these systems who does so in a negligent or malicious manner, same as we provide for other high risk products and services.
Well, you're definitely not going to get the latter two, and the only guarantee about the first one is that they will definitely be used against enemies of the state.
Whether there's any overlap between them and enemies of the people will heavily depend on the latter's ability to steer towards good governance. The track record for the past few decades hasn't been great.
Nailed it - well said. Going to take some serious work for the populace to start steering the ship again, unfortunately.