Your private smartphone conversations are not private. In 2022 we must defeat spyware.
Monday, Israel's security minister announced that it was setting up a national inquiry after a newspaper reported the use of spyware, Pegasus, against those close to former Prime Minister Benjamin Netanyahu and other public figures.
After a year that brought a landslide of evidence of the grave threat that surveillance technology poses to human rights worldwide, the U.S. National Counterintelligence and Security Center began 2022 by issuing a stark warning to the general public. Spyware presents a grave security threat in what is a widely unregulated, and underground, global spyware market.
There are multiple ways that spyware can be used to access people’s devices, even if a person takes all known digital security precautions. Hackers can record audio (including phone calls), track a phone’s location and access text messages, files, chats, contacts and browsing history.
NSO Group violates public trust
Last July, more than 80 journalists from 17 media organizations in 10 countries came together to reveal the shocking scale of human rights violations facilitated by NSO Group, which claims its software is used only by governments to combat crime and terrorism. The Pegasus Project revealed 11 countries that were potential clients of the NSO Group, from Azerbaijan to the United Arab Emirates.
More global opinion analysis:Syrian torture victims told me their stories. Finally, courts are giving them justice.
U.S. citizens aren't safe, either. Reuters reported in December that Pegasus was used to hack the iPhones of at least nine U.S. State Department officials either based in Uganda or focused on matters concerning the East African country. Robert Malley, the Biden administration’s envoy to Iran, was also reportedly targeted – although there is no evidence of anyone using a U.S. phone number being hacked, something NSO Groups says is “technically impossible.”
Pegasus was also used to hack the wife of Washington Post columnist Jamal Khashoggi shortly before he was murdered in 2018, New York Times journalist Ben Hubbard while he was reporting on Saudi Arabia as well as Carine Kanimba, the daughter of Paul Rusesabagina, a jailed Rwandan activist who inspired the film "Hotel Rwanda."
This year, as legal challenges against spyware companies go forward in various jurisdictions, it may be the first time that this industry is forced to reveal itself in courts.
The future of spying is handheld
The disclosures led the U.S. Department of Commerce to place NSO Group on its entity list for malicious cyber activity, while Apple has filed a lawsuit against the firm and its parent company for targeting its users.
Civil society organizations have also called on the European Union to impose targeted sanctions against NSO Group.
The company’s future is now uncertain, but it is not the only firm to have faced scrutiny. Citizen Lab has revealed that spyware tools from companies like Candiru and Cytrox have also been used for unlawful surveillance.
Spying on Americans? We've seen this CIA movie before.
If 2022 is to be a year of reckoning for the wider spyware industry, then governments must prioritize strengthening domestic laws against surveillance and accountability mechanisms and revamp procurement and export controls.
The U.S. government recently announced a joint initiative with Australia, Denmark and Norway to limit exports of surveillance tools and other technologies that governments can use to suppress human rights, but much more comprehensive action is needed to solve this global problem.
Investors must also take stock of the risks and human rights considerations of bank-rolling and profiting from investments in these companies. Pension funds in the United Kingdom and United States who have invested in NSO Group – and are directly linked to human rights violations and even crimes under international law through their stake in the company – must break their silence and engage with civil society experts in a transparent manner.
Human rights abuse is a feature, not a bug, of this industry.
Spyware is not only a threat to freedom of expression and social movements, but also to the mental health and wellbeing of activists and victims of human rights violations. With civic freedoms and protests being increasingly restricted across the planet, technology in general – and spyware in particular – have become potent weapons for governments to silence criticism. While the world appears to have woken up to the threat of unregulated cybersurveillance, we cannot afford to be complacent. Inaction will only embolden the industry and allow it to further evade accountability.
While not everyone may be a primary target of cybersurveillance, we all suffer from its impact. No one will be safe from the risks posed by spyware until all of us are safe.
Erika Guevara-Rosas is the Americas director at Amnesty International.