Spyware Technology: A Global Threat Top Democracy and Human Rights
Technology Policy Brief # 58 | By: Scout Burchill | July 29, 2021
Header photo taken from: Middle East Eye
Follow us on our social media platforms above
Browse more technology policy briefs here
Photo taken from: Human Rights Watch
Policy Summary
[SSB theme=”Official” align=”center” counter=”true” ]
A flurry of articles have recently been published on the Israeli based cyber-surveillance company NSO Group thanks to a recent leak exposed by Forbidden Stories, a collaborative non-profit journalist organization, which revealed a list of about 50,000 phone numbers alleged to have been targeted by the company’s Pegasus surveillance software.
Pegasus is an exceptionally powerful surveillance and spying software that targets phones and can be used to steal account passwords, call records, emails, text messages, audio recordings and photos from unsuspecting targets. It can also monitor a user’s activity, take screenshots, and enable the phone’s camera and microphone, turning it into a real-time surveillance bug and hidden camera. But wait, it gets worse. The malicious software can be installed on phones remotely by merely sending a text message. This zero-click method does not even require the user to interact with the message. NSO Group claims that Pegasus is sold only to governments and law enforcement agencies that agree to use it “appropriately.”
Even though this is far from the first time that NSO Group’s Pegasus spyware has made headlines, the leaked “surveillance list” once again suggests that Pegasus spyware is routinely used by authoritarian governments to target journalists, dissidents, activists, academics, and opposition politicians. The NSO Group’s spyware has already been implicated in Saudi Arabia’s monitoring of dissidents abroad and in the tracking of Jamal Kashoggi before his murder in Istanbul.
This new list, while not fully confirmed, includes: Roula Khalaf, the editor of the Financial Times, individuals and family close to Kashoggi, the assassinated Mexican reporter Cecilio Pineda Birto, a number of journalists from CNN, the AP, The Wall Street Journal, Bloomberg News and The New York Times, and perhaps most shockingly three sitting presidents, including French President Emanuel Macron, ten current and former prime ministers and the King of Morocco.
Furthermore, journalists from countries such as Azerbaijan, France, Hungary, India and Morocco are believed to have been hacked by Pegasus spyware, and a source familiar with NSO contracts has revealed that NSO software has been sold to the governments of Azerbaijan, Bahrain, India, Mexico, Morocco, Saudi Arabia and the United Arab Emirates. NSO Group strongly denies accusations of wrongdoing.
Policy Analysis
The NSO Group’s recently leaked surveillance list comes as no surprise to those who have followed the steady stream of alarming articles written about the company over the past few years. The story of NSO Group highlights a steady and worrying trend that has only picked up steam in the digital age: the privatization of security industries by unregulated firms driven by pure profit.
These industries have no qualms or ethical misgivings when it comes to empowering the most repressive and brutal regimes on earth and their business model seems to be working. The market for privatized spyware alone is estimated to be around $12 billion and is expected to continue to grow as more actors seek the services of these digital mercenaries.
Photo taken from: PBS
NSO Group is far from alone in this murky, global enterprise mired in secrecy. The firm’s success has inspired homegrown spin-offs like DarkMatter in the United Arab Emirates.
DarkMatter has hired and continues to employ a number of former NSA and CIA officers, offering them hundreds of thousands of dollars a year for their valuable experience. The opaque and mysterious nature of these firms allows governments to contract out responsibility, further shielding their actions from the light of transparency.
With the amount of money and interested actors in the private spyware business, it is no surprise that NSO Group has deep ties in Washington. Anita Dunn, Biden’s former campaign manager who now works as a senior advisor to the president, lobbied on behalf of the firm through her company SKDK as recently as 2019. NSO Group also paid Jeremy Bash, the former chief of staff of the CIA turned MSNBC analyst, through his consulting company Beacon Global Strategies until early 2020.
Photo taken from: The Guardian
Much like the global arms trade or the military contracting business, the global spyware market represents a lurid enterprise that must be faced head on. While it will not be easy to regulate, transparency and accountability are desperately needed. Beyond the horrific human cost exacted daily by these industries, the willingness of officials and representatives of democratic nations to transfer powerful technologies and tools of oppression to authoritarian regimes betrays an utter lack of principle and foresight.
As these most recent leaks prove, it is only a matter of time before these technologies are used against the same democratic nations that are now complicit in selling away their expertise as well as their values. A 2019 United Nations report called for a moratorium on the sales of all spyware until stricter human rights protections are put in place. Unfortunately, there has been little follow through and spyware technologies continue to be sold and developed for the purposes of repressing and debasing the rights of individuals all over the globe.
Engagement Resources
Click or tap on image to visit resource website.
Amnesty International
https://www.amnesty.org/en/latest/news/2021/07/pegasus-project-spyware-digital-surveillance-nso/
Access Now
https://www.accessnow.org/indian-government-nso-pegasus-spyware/
Reporters Without Borders
https://rsf.org/en/news/urgent-need-escape-surveillance-technology-jungle
Internet Freedom Foundation
Sources
Click or tap on image to visit resource website.
Forbidden Stories’ Pegasus Project
https://forbiddenstories.org/case/the-pegasus-project/
https://www.amnesty.org/en/latest/news/2021/07/pegasus-project-spyware-digital-surveillance-nso/
Relevant Reporting on NSO Group and Pegasus Software
https://news.un.org/en/story/2019/06/1041231
https://www.nytimes.com/2021/07/18/world/middleeast/israel-nso-pegasus-spyware.html
https://www.washingtonpost.com/investigations/interactive/2021/nso-spyware-pegasus-cellphones/
https://www.nytimes.com/2021/07/17/world/middleeast/israel-saudi-khashoggi-hacking-nso.html
https://www.nytimes.com/2019/11/09/technology/nso-group-spyware-india.html
https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html
https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones
NYT’s Kenneth Vogel on NSO Group ties to Washington
https://twitter.com/kenvogel/status/1416835845496180744
Private Digital Mercenary Industry
https://www.nytimes.com/2019/03/21/us/politics/government-hackers-nso-darkmatter.html
UN Report on Need for Spyware Moratorium
https://news.un.org/en/story/2019/06/1041231