Each week, we review the week’s news, offering analysis about the most important developments in the tech industry.
Hello, Davey Alba here. I’m a fairly new member of the tech reporting team, and I cover online disinformation and the harm it does around the world.
I’m here to give you the tech news highlights of the week, starting with Kashmir Hill’s tour de force of a story on a facial recognition app used by law enforcement agencies across the country.
The app, Clearview AI, has been used to solve identity theft, credit card fraud, shoplifting and murder cases. It’s used by agencies like local police in Florida as well as the F.B.I. and the Department of Homeland Security. And it has more than three billion images in its database, scraped from places like Facebook, LinkedIn and Venmo, according to the company.
The article is a pretty astonishing feat of reporting. A piece in BuzzFeed News soon followed, questioning Clearview’s marketing practices and noting that the company’s founders had previous connections to the far right.
I asked Kashmir what she thought the most important implication of her story was.
“I was shocked by how easy it is for law enforcement to just start using a tech tool in criminal investigations that was not vetted or independently tested in any way,” she told me. “It ties back into all that flawed science they used to use: blood spatter, hair analysis, etc., that was completely junk science. Now it could happen with tech.”
For more, read Kashmir’s take on how she nailed the story.
Remember those Bezos photos?
On Tuesday evening, The Guardian and The Financial Times reported that a forensic analysis of a phone belonging Amazon’s bajillionaire chief executive, Jeff Bezos, had concluded that the phone was hacked after Mr. Bezos received a video from a WhatsApp account belonging to Crown Prince Mohammed bin Salman of Saudi Arabia. (I believe “bajillionaire” is the technical term for a man with a net worth of well over $100 billion.) In response, the Saudi Embassy in Washington said the idea that the kingdom had hacked Mr. Bezos’ cellphone was “absurd.”
Our reporters unearthed more details. The forensic analysis report included two examples in which the crown prince appeared to send Mr. Bezos messages that suggested he could read the tech executive’s private communications. We also had a timeline of the events and more analysis from cybersecurity experts.
I talked with some of our reporters about the article. This is an edited version of those conversations.
What did you think when this story broke?
SHEERA FRENKEL: Last year started off with The National Enquirer publishing photos and texts from Mr. Bezos’ phone. It seemed like history repeating itself.
My first reaction was to get the forensic report. I wanted to see exactly what the investigators had found and why they seemed so confident in their assertion that the Saudi crown prince had personally been involved in the hacking.
MATTHEW ROSENBERG: That the malware came straight from M.B.S.’s WhatsApp account blew me away. It’s one thing to say the Saudis hacked a phone — intel services around the world hack phones. Lord knows the Americans do it all the time.
But it’s a whole other thing to say that the crown prince was personally involved. It’s amazing. He meets Mr. Bezos on a visit to the United States. They strike up a casual conversation over WhatsApp — and then he uses the “in” to plant spyware!
It really challenges the idea that the elite are a group apart. Until now, it’s always looked like the elite left it to their minions to battle it out in business or politics or espionage or whatever while they met up in places like Davos and, you know, kept it on the level with one another. I guess Mohammed bin Salman really does play by his own rules.
The exchange of the texts themselves happened in 2018. Why is this all coming out now?
KAREN WEISE: There is a documentary screening at the Sundance Film Festival on Friday about the Washington Post journalist Jamal Khashoggi’s murder. According to The Post, one of the United Nations experts is on camera connecting M.B.S. to the hack of Mr. Bezos’ phone. Best I can tell, the United Nations experts wanted to make their statements public before the film screened.
So were Jeff Bezos and M.B.S. just intense texting pals?
FRENKEL: Not really. The communication seemed mostly one-sided and sporadic. When Mr. Bezos got some of those suspicious texts from M.B.S., it had been months since the two had spoken, and the report notes that Mr. Bezos thought it strange that M.B.S. was sending him seemingly random messages.
WEISE: Amazon was pursuing a major deal to build cloud-computing data centers in the kingdom, so they had reasons to be in touch. They had also met several times. The deal fell apart after Mr. Khashoggi’s murder.
Do you think the crown prince of Saudi Arabia is texting other high-profile public figures in the same way?
ROSENBERG: We know he has used WhatsApp with other high-profile pals. Jared Kushner was one of them. What did they text and how often? That we don’t know.
What is the implication, if any, of these texts being exchanged before we learned of the killing of Mr. Khashoggi?
WEISE: The U.N. experts painted the alleged hack as part of a pattern of “Saudi targeting of dissidents and perceived opponents,” which they say included Mr. Khashoggi. They pointed out that at the time M.B.S. sent Mr. Bezos the video, Mr. Khashoggi’s columns at The Post “increasingly raised concerns about the crown prince’s rule.”
Do you have any advice for our readers on how to practice good tech hygiene? Like, if you get a text from a foreign prince, be wary?
ROSENBERG: Definitely be wary of Saudi princes bearing GIFs. But I’d take it another step. If anyone sends you a link or a video or a file that you are not expecting and does not have a recognizable URL, ask them before you click on it. And by anyone, I mean your mother, your father, your husband, your wife. Anyone’s account can be compromised and used to get at you.
FRENKEL: It’s important for people to take basic steps to protect themselves. Use a password manager. Enable two-step verification. Don’t click on suspicious links you get in emails or in text messages.
The truth is that most of us aren’t Jeff Bezos. A Saudi crown prince is not going to hire a private cybersecurity company to use extremely rare and expensive malware to hack our phones. That’s not something that should keep people up at night.
But maybe the biggest takeaway from this is that anyone, anywhere, can be hacked if the person carrying out the attack has enough time, money and patience.