The right to maintain privacy and own your data is one of today’s most urgent topics among legislators. Mark Zuckerberg could sure tell you about some uncomfortable Senate hearings. However, the recent Pegasus scandal reiterates what everyone from cynics to Edward Snowden said: our privacy rights are in danger.
Spyware by NSO Group, an Israeli technology company. Around 40 governments allegedly use it worldwide to spy on criminals, pedophiles, and terrorists. NSO’s founder, Shalev Hulio, claims that their tools have prevented more than 15 terror attacks, sent more than 100 pedophiles across Europe to jail, and uncovered numerous masterminds behind cyber attacks.
Once Pegasus infiltrates someone’s phone, it has full access to all data, including messages, e-mails, and photos. It can also take screenshots and record sounds. While its purpose is to fight crime and terrorism, the investigation suggests that’s not always the case. It looks like authoritarian regimes routinely invade the privacy of anyone they deem inconvenient. Be it human rights activists, journalists, or politicians. The rumored targets include the French president Emmanuel Macron, the South African president Cyril Ramaphosa, and the Pakistani prime minister Imran Khan.
The first doubts
The reports about spyware misuse are nothing new. In August 2016, human rights activist Ahmed Mansoor received a text message that included a link promising unveiling secrets about torture in UAE prisons. However, Mansoor had the link investigated and had he clicked it, his phone would have been compromised. Since then, Pegasus has appeared in the news here and there.
Past investigations found the connection to NSO software on numerous occasions. It seems to have been used to spy on people close to Jamal Khashoggi, among others. The Saudi Arabian journalist and dissident was assassinated, while his murder is linked to the Saudi Royal family. Pegasus may have also been the tool of choice for the Spanish government spying on the politicians in the Catalan independence movement.
Why so much outrage now?
This time, French media nonprofit Forbidden Stories teamed up with Amnesty International, seventeen media outlets, and 80 journalists for a “Pegasus Project”. The massive investigation launched after a leak of over 50.000 phone numbers – alleged targets of NSO clients – and lasted for months. NSO denies that the list represents (potential) targets.
However, The Guardian reports that 37 out of 67 analyzed phones either contained traces of Pegasus or at least a sign of a break-in attempt. The news has prompted the French president Emmanuel Macron to change his phone, and the country is already investigating whether Morocco spied on several French journalists.
“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists, and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary-General of Amnesty International. The investigation identified potential NSO clients in eleven countries including Bahrain, Hungary, India, Mexico, Saudi Arabia, Togo, and the UAE.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology. While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy while profiting from widespread human rights violations,” she added.
Despite these conclusions, NSO’s Hulio vehemently denies any involvement, claiming that they can’t control what governments do with their products. However, if any problematic behavior is revealed, the company can stop them. “We will shut them down. We have done it before and will continue to do so. . . . But we cannot be blamed on the misuse that the government did,” he said for Forbes.
How does it work?
Over the years, it has become even easier for Pegasus to infiltrate any phone. All it takes is an unanswered WhatsApp phone call or an unopened iMessage exploiting vulnerabilities in the phone’s operating system. Nobody is safe when a phone can turn into a terrifyingly effective weapon of mass surveillance. The eavesdropping by tech giants who want to sell ads suddenly sounds innocent in comparison.
“It’s a weapon,” says Snowden about Pegasus
Theoretically, spyware could attack anyone, not only influential people. In an interview about the Pegasus, the famous whistleblower Edward Snowden paints a dire picture of a heavily surveilled future. “If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect,” he said for The Guardian.
Snowden sees a way out: not allowing companies to make a profit on tools like Pegasus. “There are certain industries, certain sectors, from which there is no protection, and that’s why we try to limit the proliferation of these technologies. We don’t allow a commercial market in nuclear weapons,” he concluded.
Such brutal violation of privacy is indeed a weapon, threatening human rights and democracy as a system. The very people whose job is to uncover such crimes were the victims, which confirms what advanced democracies already know. Thriving journalism and activism is the basis of a democratic, transparent society. And if we don’t want to wake up in an Orwellian future, weapons like the Pegasus simply can’t end up in the wrong hands.