Former DHS/NSA Official Stewart Baker Decides He Can Help NSO Group Turn A Profit
NSO Group used to have everything going for it. It had plenty of customers and plenty of leeway to sell to some of the worst governments in the world.
Then everything changed. A leaked list of malware targets made it clear most of NSO's customers weren't trying to secure nations or solve horrible crimes. Instead, they were spying on journalists, activists, human rights advocates, opposition leaders, and anyone else who might make things mildly uncomfortable for extremely powerful people.
After months of negative press, the Israeli government - the same government that helped broker deals between NSO and autocrats - decided to place limits on who NSO could sell to. The US Commerce Department struck another blow against NSO's fortunes by placing it (and one of its competitors) on an export blacklist.
Suddenly finding itself floundering, NSO Group considered divesting itself of its malware operations and trying to use its powers for good. Investors, however, considered floundering and altruism to be equally unprofitable, and sought to rid themselves of this toxic asset.
NSO has remained about as viable as a directionless flounder can ever be. It lives on, but without any promises about its future.
Enter none other than former DHS undersecretary Stewart Baker. Baker spent much of his time post-Snowden leaks defending broad surveillance programs against such hideous villains as civil libertarians and right advocates.
In Baker's view, the problem was the people complaining about warrantless surveillance. In short: the more the government knows, the safer we'll be. Government knows best. And the less we question our government, the more secure we'll be.
Baker, an occasional contributor to Volokh Conspiracy, was also responsible for one of the most unintentionally hilarious think-pieces ever written about the TSA. Here's how Ken White titled his post about Baker's TSA post:
The Volokh Conspiracy Turned Into A TSA Porn Site So Gradually, I Hardly Noticed
Ken White (Popehat) wasn't kidding. Here's a direct quote from Stewart Baker about his interactions with TSA security:
It may not make sense. But I'm willing to bet that a lot of the men reading this have similarly choreographed plans for the security line.
I know I do. And if I'm honest with myself, the rituals of the screening line aren't really about speed. They're about performance. I feel a kind of competitive pressure to keep the line moving. I'm not happy to see more than about six inches of distance between my luggage and the bags in front of me on the belt. Every delay in pulling out my laptop or my liquids, every last minute bit of change I have to throw haphazard into the bin, every stutterstep as I realize it's a whole-body scanner, not a metal detector, so belt and watch have to come off too -- all detracts from the performance.
Every once in a while, though, everything goes right, and I feel great. I'm Michael Chertoff, baby, all smooth competence, no wasted motions, no hesitation, no gaps on the conveyor belt.
OK, that's a little embarrassing to admit. But it gets worse when I ask myself why I care. If you're the kind of guy who can't throw away a piece of paper without wadding it up and arcing it into a basket across the room, you already know.
In part we do it to keep our place in the hierarchy of guys. But in the end, what we're really hoping for is an Alice Munro moment - that our easy concentration and economical movements will set up in someone a procession of sparks and chills," followed a few pages later by, well, what we deserve for all that demonstrated competence.
Stewart Baker has never shown us on the doll where the TSA touched him because, unlike most people who've never been the DHS second-in-command, Baker truly enjoys this homecooked, post-9/11 blend of paranoia and officiousness that generally tends to include a government employee running their hands over the length of your body.
Baker is no longer a public servant. And he's only a very occasional contributor to the Volokh Conspiracy. He's just one of us, except that he isn't. He has since returned to law firm Steptoe and Johnson, where he continues to practice whatever it is that Baker practices.
While we may not be privy to Baker's actions for this law firm since his return in 2009, we're extremely privy to his most recent move, which appears to be lobbying for NSO Group while using this law firm's letterhead. Dell Cameron's post at Bluesky breaks the unfortunate news:
Cameron says what needs to be said: Stewart Baker is now a lobbyist working for a company that sold its products to human rights abusers in Saudi Arabia and the United Arab Emirates that used this tech to spy on journalist/dissident Jamal Khashoggi and his wife - acts of surveillance that ultimately led to Khashoggi being lured to the Saudi consulate in Turkey so Saudi security officers could kill him and dismember his body.
This recent filing with the House of Representatives makes it official: Baker, along with his employer Steptoe and Johnson, will now be seeking to advance the interests of an Israeli company linked to abusive surveillance all over the world. In it, Stewart Baker is listed as the primary lobbyist.
This is the same Stewart Baker who responded to the Commerce Department blacklist of NSO by saying it wouldn't matter because authoritarians could always buy spyware from... say.... China:
There are countries who need these tools or think they need these tools are going to go looking for them. The Chinese have plenty of people, plenty of companies that would be glad to fill any gap that is created in the market by Western companies getting out.
Nice. In other words, Baker believes autocrats should buy from Western" firms because, if they don't, they'll just buy their malware from China. I'm not sure what Baker's point is here, but I can only assume he thinks Western" firms should make hay while the sun shines, even if that means selling powerful tech to human rights abusers.
That would definitely align with NSO's view of the malware market. And that makes Baker the perfect proponent for its worst impulses.
Driving that point home is another quote from Stewart Baker on NSO's multi-year run of negative press coverage, this time delivered to the Associated Press:
Stewart Baker, a cybersecurity lawyer and former general counsel at the National Security Agency, said it remains to be seen how big an impact Wednesday's announcement will have on the NSO Group's long-term health. He said the Commerce Department will have significant discretion in how it handles licensing requests related to the NSO Group, and could face pressure from U.S. exporters and the Israeli government.
We could see a situation in which the sanction has been granted and it has a great symbolic significance and some practical significance for NSO, but certainly isn't a death penalty and may over time just be really aggravating," he said.
Ah. An inconvenience at most, mostly of the political variety. That explains Baker's insertion into the NSO Group narrative. Obviously, his efforts will be aimed at moving this blacklisting more towards the symbolic" end of the scale and further away from the practical" side, making it easier for NSO to return to its previous level of profitability.
But it's more than that. The better Baker does clearing NSO's tarnished name, the sooner it and its competitors can return to doing the things that got them in trouble in the first place. Once NSO is considered somewhat acceptable, it can go back to doing the things that made it the most money: i.e., hawking powerful phone exploits to human rights abusers. But this time, NSO has a former US government official in its back pocket. And not just any former government official but one who spent months telling US citizens who were horrified by the implications of the Snowden leaks that they were wrong for being alarmed about bulk surveillance.
NSO Group couldn't ask for a better advocate: a government official who still firmly believes governments should be able to do whatever they want without being hassled by the proles for overstepping their bounds.