“The suit also alleges that Al-Ahmed's Arabic-language Twitter account was suspended in 2018 and has not been reinstated despite multiple attempts at appeal, and accuses the company of keeping Al-Ahmed's account offline because of its interest in maintaining users in Saudi Arabia. "While Twitter may wish to play the victim of state-sponsored espionage, Twitter's conduct in punishing the victims of this intrigue, including Mr. Al-Ahmed, tells a far different story: one of ratification, complicity, and/or adoption tailored to appease a neigh beneficial owner and preserve access to a key market, the KSA," Randy Kleinman, the attorney for Al-Ahmed, wrote in the complaint.“
* do some companies have good enough insider risk controls to make it expensive or risky to access particular kinds of sensitive data?
* not all nation state actors are equally well-resourced (and not all of them have equally large populations of computer science grads from which to recruit potential spies): is there a difference between what (say) KSA or Iran could get, vs US/UK/China/Russia?
If you can't get to data handlers then you can go after developers and the software supply chain. You have to understand, people can cooperate with threat actors without implicating themselves by getting paid or coerced to allow an intrustion (fall for a phish link or email, install seemingly legit software, insert a USB drivr they found in the parking lot,etc..). Worst case they get fired.
Your phone number is the same as your home address, because it is linked to same in a million databases.
Twitter’s CEO is on the record being cozy with deep pocketed Saudi investors in Twitter. It was certainly not the fear of discrimination lawsuits that permitted Saudi agents gaining access to Twitter’s systems.
For spies to exist at all, they need to fool whatever supervision is in place. For missing them to be negligence, it would have to be easy to prevent spying from happening.
When a warbler feeds a cuckoo chick and lets his own chicks starve, is that because he's a bad parent who could be fixed with a lawsuit, or is it just a fact about the ecosystem?
As for the rest, it is just a matter of checking funding from inqtel and associated groups
The UK has information warfare agents on Twitter as well [2]
None of this is a disputed topic, back on the 70s with operation mockingbird US intelligence agencies bragged that they had an agent/asset on every important editorial board on the country [3] which all goes back to the church committee
[1] https://medium.com/insurge-intelligence/how-the-cia-made-goo...
[2] www.businessinsider.com/twitter-chief-also-works-for-the-british-armys-information-unit-2019-10
[3] https://schoolhistory.co.uk/notes/operation-mockingbird/
Now take a look at how many ex-intelligence run tech companies (may i remind you that former NSA head is on Amazon board?) and how many tech companies happily collaborate with intelligence services (Microsoft, Amazon, Palantir).
Has anyone seen this use of neigh before? Is it a legal term? What does it mean?
Even then, "nigh beneficial owner" and "near beneficial owner" are awkward constructions that would have broken the continuity of my reading comprehension.
But surely one is or is not a "beneficial owner". Being nearly a beneficial owner is the same as not being a beneficial owner at all.
That is the most awkward phrasing I've seen in a long time. I'm not even sure it's grammatically correct. I would've expected "beneficial nigh-owner" or something like that.
I found a couple of usages in academic publications, but they don’t give me any more context as to meaning. That leads me to believe that it’s not a legal term.
I can’t find any meaning other than the “sound a horse makes” in any dictionary, either.
ETA: Apparently, the old English “nēah” meant “near”. That seems to be the the root of the work “neighbor”.
Interestingly, it looks like “neigh” (like a horse) and “neighbor” both came into use in English in the 12th Century. Perhaps coincidental.
> "While Twitter may wish to play the victim of state-sponsored espionage, Twitter's conduct in punishing the victims of this intrigue, including Mr. Al-Ahmed, tells a far different story: one of ratification, complicity, and/or adoption tailored to appease a neigh beneficial owner and preserve access to a key market, the KSA," Randy Kleinman, the attorney for Al-Ahmed, wrote in the complaint.
I have no idea if their allegations are correct, but the argument you're dismissing is explicitly not what they're saying.
Note that the quoted allegation does not even allege any misconduct on Twitter's part! The only purpose is to ask you to draw an adverse inference about what Twitter was thinking when they became the victim of espionage.
If Twitter could assess a huge penalty on the plaintiff for filing a frivolous lawsuit, maybe.
Otherwise, no. We already know that Twitter specifically tried to deal with one of these spies when he came to their attention, shortly before he escaped. There is no reason to believe that Twitter did anything wrong, and excellent reason to believe they didn't.
Lawsuits aren't cost-free; the off-chance that, against all expectations, you might find something that almost definitely isn't there is not a good reason to entertain one.
The question at hand is whether Twitter belongs in that group. In the general case, I tend to believe no. Twitter has no deterministic means to tell whether a candidate is a risk or not, and they cannot be held liable for actions they couldn't know were illegal.
I do believe they can be held responsible for espionage in the event that they knowingly hired a spy, which seems to be the case here.
If the government believes it is important to national security to prevent Twitter from even unknowingly hiring spies, I think the onus is on the government to nationalize whatever parts need protecting. In this case, they could probably just nationalize the background check portion via security clearances. It doesn't sound like we're at that point, though.
I have a suggestion. In the future, keep the analogies to yourself and talk about facts.
> The claim filed Thursday in California alleges [among other things] that Twitter should have known that these two men were unfit employees
Well it is! Tech companies should not act as surveillance/intelligence companies: stop gathering personal info on people, and suddenly you've raised the bar considerably for spies to harm your users.
Sure, an insider spy could probably still setup a special-cased JS payload to infect a specific user, but that's more convoluted and more easily detected during review, compared to simply accessing one of the many troves of data companies keep on their users.
mayyybe they went amateur hour with the negligence angle, but maybe they didn't
With all due respect, this is the second ignorant thing you’ve said on this article. You don’t have a fucking clue what you’re talking about. Please stop…
“If Twitter could assess a huge penalty on the plaintiff for filing a frivolous lawsuit, maybe.”
If Twitter could assess a huge penalty, it would violate absolutely every single tenet of both the western justice system and all principles of natural justice. Companies don’t get to assess penalties when they think they’ve been wrong. Companies can sue for damages and Twitter has the right to do that here. However, companies don’t assess damages - JUDGES DO!
This is so simple that I can’t believe I just had to explain it on Hacker News. Tune in next time, when we do “Hello world” in Python.
Why do they ask for personal information in the first place? Why are DM messages not e2e-encrypted? That's plenty of wrong already.
If you're building a public/global microblogging platform, enable nicknames for all and never ask for any personal information. If you're building a private messenger, enable e2e encryption (or at least at-rest inbox encryption).
If you're building both, and ignoring all security best practices, and encouraging people to give away their phone numbers, i would hold you responsible to any harm that comes their way because of this.
Let's say this guy's Twitter account was shut down because Mohammed bin Salman personally called Jack Dorsey and asked for a favor. That would be complicity, in shutting down the Twitter account. It would not be complicity in espionage.
I'm not sure why you're spending so much time to emphasize that the quote in the article doesn't allege espionage by Twitter when nobody is claiming it does, but indeed we are in full agreement that it doesn't. (Having not read the legal complaint itself, I express no opinion on what that alleges.)
Oh, you were trying to make some sort of sinister innuendo based upon your complete lack of understanding of the telecom industry in the original dot-com era and the existing long-haul infrastructure at the time? Ok.
Yeah, that’s what I said. You could have just upvoted the comment ;)
That claim is incorrect. Your quote does not state a cause of action against Twitter. Its only purpose, in the lawsuit, is to support, through innuendo, the claim that Twitter was complicit in an espionage "attack" against themselves. The complaint is based only on the espionage incident.
The quote is mostly irrelevant, which is the type of support you'd expect this complaint to be able to muster.
That's what I'm saying.
The espionage is something Twitter was unaware of, as was the status of the spies at Twitter. Nobody is saying that Twitter committed espionage. But if they knew that the employees were doing or enabling something severely shady (without knowing specifics) in a way that they should have investigated or mitigated more than they did, but chose not to investigate or mitigate for an inappropriate reason like wanting good commercial outcomes from Saudi Arabia, they're choosing to be negligent in stopping the thing from happening. This is easily described in a press statement as complicity in something, even if they didn't know the something is espionage. In other words they negligently facilitated a bad thing that to their surprise turned out to be espionage.
So if I understand how this quote fits into the allegations: according to the plaintiff, the plaintiff was a victim of the espionage by the spies and not by Twitter, but Twitter's negligence enabled the espionage and they should have known something wrong was facilitated by their choices, therefore Twitter indirectly contributed to the espionage against plaintiff without having committed espionage themselves. Since Twitter made the situation worse and met the bar of negligence regardless of knowing that the specifics involved espionage, they allegedly should be liable. (I am not citing laws here because, again, I have not read the complaint and don't know the specific relevant laws.)
So, yes, it's based on the espionage incident, and yes Twitter was probably a victim of the espionage as well. But the plaintiff's argument doesn't depend on Twitter's status as victim of the espionage.
I've already stayed up far later than I should tonight to reply to lots of rapid-fire text from you, so this is my last one for now and hopefully for this subthread at all. Good night and be well.
Should a tech company silo its data and operations so each country has its own independent unit? No, too infeasible and defeats the purpose for a lot of their services.
It is always a mistake to use nationality as a proxy for trustworthiness.
Being a US person, personally I'm much more concerned with the negative impacts of US spies spying in the US than foreign spies spying in the US.
Foreign governments don't regularly go around mass murdering and torturing Americans the way the US government does.
Americans have a lot more to lose from CIA spying than they do from Saudi intelligence agency spying.
ok, just kidding, now serious take:
US population: 330kk
Rest of the World: 8kkk
Delta (8kkk-330kk)
Even if we assume that distribution of highly skilled people is not uniform (lack of decent higher edu places, harder access to computers/internet)
then you still lose shitton of outliers
edit.
ops I misread.
afaik it's pretty common within gaming communities
e.g
1k - 1 000 (of gold)
1kk - 1 000 000 (of gold)
1kkk - 1 000 000 000 (of gold)
>I can't say I would recommend the practice.
Oh, I just realized that somebody may think about other kkk...
damn, but with number in front of it it's just like yet another unit - I guess?
The justice system frequently does make a mockery of the justice system by assessing penalties, such as when someone is arrested, proves to have been someone other than the target, and then gets charged for the time they spent in jail.
If a failed frivolous lawsuit against Twitter automatically gave Twitter a claim on the plaintiff's assets, that would in fact not violate every tenet of the western justice system, nor would it violate all principles of natural justice. It is a system that has obtained elsewhere and that people frequently advocate for.
Absent a contract, there is, and even with a contract there are limits.
> Your bank does it all the time.
Within a contractual relation and governed by the contract, sure. But that's not what you are talking about.
> It does not make a mockery of the justice system.
Outside of the bounds of contract, it would, as it would amount to private parties making and adjudicating public law.
> If a failed frivolous lawsuit against Twitter automatically gave Twitter a claim on the plaintiff's assets, that would in fact not violate every tenet of the western justice system,
Yes, it would. Now, if merely a failed lawsuit did, it might not, as the failure itself is the conclusion of an adjudication, leaving no private determination to be made.
> It is a system that has obtained elsewhere and that people frequently advocate for.
No, its not, nor is it Twitter assessing a penalty. Loser pays is civil lawsuits is a thing, but it involves the court, not the offended party, assessing the penalty.
Loser pays for frivolous lawsuits only (but not all failed lawsuits) is also a thing, and is common in US jurisdictions, but requires a separate court determination that the claim was frivolous as well as the court assessing damages.
> Loser pays for frivolous lawsuits only (but not all failed lawsuits) is also a thing, and is common in US jurisdictions, but requires a separate court determination
Requiring a separate court determination is a coincidence of the American system, not a logical necessity.
No. One party being a front for another party suggests that the two are indistinguishable actors on everything but the surface level, or more accurately that any action taken by the first party might be better viewed as being "really" taken by the second party, that any information given to the first party is also being given to the second party, etc. It does not suggest that fronting for the second party is the only thing the first party does, or that the first party was created to serve the purposes of the second party.
Taking an example out of the dictionary, it would be unusual to claim that a massage parlor serving as a front for prostitution is obviously, by its nature as a "front", unwilling to provide massages.
> It does not suggest that fronting for the second party is the only thing the first party does
to
> Netflix’s chaos monkey program is ackthuallee an intelligence scam to attack your distributed systems from within?
You're trying to interpret me as saying literally the opposite of the plain text of my comment. Work on your reading comprehension.
But yes, when Google releases its 13th chat app, there are good reasons to view that as being a CIA chat app with Google branding.
No, its a logical necessity. “Frivolous” is a separate facr feom “losing”.
Why not use use m for million and b for billion? That’s the standard that everyone understands.
The repeating k scale is better than m, b, t, etc because it still preserves a sense of scale. 2m does not look 1/1000000th the size of 2t. 2kk does look a lot smaller than 2kkkk. You can also still easily convert to real number by substituting each k with 3 0s.
And lastly, I don't know the letters going all the way up to 10^47th. That's nearly enough to wrap the alphabet twice, and it's not even that high for that style of game.
The scale is fine, it's just the letter that's unfortunate. M is the Roman Numeral for 1,000; they could just use that. The worst thing I can associate with any number of M's is someone enjoying their food entirely too much once you hit like 7 of them.
>The Year 2000 problem, also known as the Y2K problem, Millennium bug, Y2K bug, Y2K glitch or Y2K error,
- https://en.wikipedia.org/wiki/Year_2000_problem
https://ell.stackexchange.com/questions/39370/what-does-k-me...
We really should use more of SI units like Mg and Gg... Even Tg...
Ah okay.
> Oh, I just realized that somebody may think about other kkk...
Well more just because (I thought) it is unusual it'd be hard to understand in a context where you hadn't made it obvious. Maybe I'm just out of touch!
your comment was basically contradictory. As is this new one - google meet and google duo is a “CIA chat app”? Why?
What does that mean? Is someone previously on the Google Duo team a CIA officer? Is the leader of the team an asset? What design decisions are CIA adjacent? Where is this happening
> What does that mean?
It means that the app may be used to advance CIA goals. It means that the CIA has control of the app along any dimension you're worried about. This is the nature of obfuscated relationships. If you're worried about something, and it's likely to be true, you need to assume that it is true. In this case, the assumption is justified. If you're not worried about something, you don't need to make the assumption that it's true. Since it doesn't matter, you can afford not to have a position on it.
> May be used to advance CIA goals
What does this mean? Can CIA add a voice and video chat feature if the deputy director of it wants it? Can the CIA freely access internal communications? How? Who does this? Does Larry know? How do you know?
> cia has control over the app along any dimension
This is an excessively strong claim. Can the CIA delete the app and end the project if they feel like it today? Can they see what I’m typing before I post it? Again, why? Who knows about this? How do they do it?