Big Brother is watching: Spyware exports pose unprecedented threat to democratic leaders and human rights defenders

by Kerry Pearson, Universal Rights Group Asuntos contemporáneos y emergentes, Blog, Blog, Más allá del Consejo

‘Never has the human right to privacy been more important and more under siege,’ suggested the UN Special Rapporteur on Privacy, Joe Cannataci, when presenting his recent report on ‘artificial intelligence and privacy’ to the Human Rights Council’s 47th session (HRC47). His words seemed especially prescient this week as news broke that spyware developed by NSO Group, an Israeli surveillance company, called Pegasus, has been sold to some of the world’s most authoritarian governments to extract private data from citizens, including human rights defenders and elected officials, record calls and obtain personal messages, track internet searches, and monitor social media activity.

By selling this technology to States that routinely violate human rights, under the guise of ‘fighting crime and terrorism,’ NSO Group have, in effect, provided State security services with a powerful new means of snooping on activists and democratic leaders, infringing their right to privacy, putting lives at risk, and undermining democratic governments.

Perhaps those most at risk from the sale of Pegasus technology are human rights defenders, lawyers, and journalists – individuals who are perceived as challenging the absolute rule and control sought by authoritarian regimes. Reacting to this threat, on 19 July the UN High Commissioner for Human Rights, Michelle Bachelet, issued a statement highlighting the impacts of surveillance technology on these groups. Spyware like Pegasus, she said, heightens the risk that human rights defenders will face arbitrary arrest, intimidation, and extrajudicial killing. The spread of surveillance technology, she explained, would also have dire consequences for democracy. She therefore urged States to protect their citizens from the misuse of such technology, hold private companies like NSO Group accountable for their actions, and take steps to protect democracy from the misuse of digital technology.

COVID-19: a catalyst for enhanced State surveillance

According to the Economist, the projection of State power, control and coercion has expanded rapidly during the ongoing COVID-19 pandemic. This has often been done under the guise of protecting ‘public health’ and ‘safety.’ This trend was also recently recognised by the Human Rights Council (in its resolution A/HRC/47/L.12 on ‘New and emerging digital technologies and human rights.’ Through the resolution, adopted in early July, the Council drew particular attention to the challenges created by COVID-19 response measures, including internet shutdowns, censorships, and unlawful surveillance. Such behaviour, the Council asserted, is incompatible with States’ international human rights obligations.

In her statement, Bachelet reminded States that surveillance measures are only justified in ‘narrowly defined circumstances, with a legitimate goal,’ and while eradicating COVID-19 may be a legitimate goal, the sale and roll-out of technology like Pegasus has clearly gone beyond what is necessary for fighting the current pandemic. It is also important, she said, to question how temporary current surveillance measures are likely to be. Bachelet reserved particularly strong words for NSO Group, which, she said, is responsible for grave security crimes, and has clearly crossed a ‘red line,’ so far with ‘total impunity.’

Placing human rights defenders, politicians, and journalists in the crosshairs of authoritarian regimes

The Guardian, one of the newspapers that broke the NSO story, gave a number of examples of human rights defenders targeted with Pegasus software, including in Hungary, where journalists have been the target of the illegal ‘data mining,’ with their phone numbers and private data subsequently being leaked (putting their lives at risk). The devices of journalists at the Hungarian Pegasus project, as well as Szabolcs Panyi, a prestigious reporter on national security issues, were all infected with the spyware. The Guardian reported that for seven months in 2019, Panyi was repeatedly attacked by the government of Viktor Orban, using Pegasus.

The Guardian also explained how Pegasus has been used to snoop on foreign leaders, especially in democratic States.

For example, in Mexico, prior to the 2018 elections, private information belonging to 50 people closely linked to the now-President of Mexico, Andres Manuel Lopez Obrador (AMLO), including his wife, aides, children, and doctors, was discovered on NSO Group’s database.

According to Le Monde, the phone number of French President Emmanuel Macron was also among a list of 50,000 contacts believed to be targeted by clients of NSO Group, the creator of Pegasus, since 2016. He has since changed his phone and number. Le Monde reported that he and 14 French ministers were flagged for potential surveillance by Morocco (though Morocco has denied this).

Others political targets of Pegasus spyware, according to reports, include President Baram Salih of Iraq, South Africa’s Cyril Ramaphosa, and the current prime ministers of Pakistan, Egypt, and Morocco.

How to deal with a problem like Pegasus?

When presenting his report to HRC47, the Special Rapporteur on the right to privacy said that the only way to prevent attacks against privacy in the digital age is for all stakeholders – States, the private sector and civil society – to work together to identify and implement durable and practicable solutions.

The High Commissioner, in her recent statement on Pegasus, echoed this call, and placed particular emphasis on the responsibilities of private companies like NSO Group. In particular, she demanded that all private companies, as a matter of course, undertake human rights due diligence before exporting or selling technology that could be used to violate human rights, and that they should also provide remedy for the harms their products cause. (In 2019, the then UN Special Rapporteur on freedom of expression, David Kaye, went even further, calling for an ‘immediate moratorium’ on the transfer of such technologies.) Turning to States, Bachelet urged them to hold companies like NSO Group accountable for their actions. Finally, she urged all stakeholders to work together to monitor and regulate the ‘sale, transfer and use of surveillance technology.’

Share this Post