International groups reject Mexican government surveillance of public health advocates

On February 11, the technology and human rights research center Citizen Lab published a report finding that attackers were using state-level malware to compromise the accounts of public health advocates in Mexico. A coalition of civil society groups has issued an open letter (below) condemning the dangerous violation of privacy.

The alert that public health advocates in Mexico were receiving strange notifications came through Access Now’s Digital Security Helpline. Our team worked to assist the Mexican digital rights organizations R3D and SocialTic, who gathered evidence about the odd messages and provided legal and technical support to the victims on the ground.

These organizations then sent the evidence to Citizen Lab, which found that the victims  – all of them high profile advocates for Mexico’s soda tax – had been targeted with malware created by NSO Group, a software company based in Israel that supplies spying tools to law enforcement officials. It claims to sell its products only to government customers.

The Citizen Lab report provides details suggesting that individuals related to the Mexican government may have been behind these illegal hacking attempts. This builds on the worrying precedent of revelations about the Italian company Hacking Team, which exposed Mexico as the top purchaser of government hacking tools in Latin America. The government used the Hacking Team tools not just in criminal cases but also to spy on journalists and political opponents.

There are serious human rights implications in the use of government hacking tools for political persecution in Mexico. The civil society organizations reject those practices in an open letter and demand answers from the Mexican government.

Please share this post and the letter to amplify the voices against this type of hacking.

To follow up developments on this issue, you can monitor the hashtag #BitterSweetMx on Twitter and Facebook.


On July 11, an investigation by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the New York Times revealed evidence that Dr. Simon Barquera, researcher at Mexico’s Public Health National Institute, Alejandro Calvillo, Director at El Poder del Consumidor, and Luis Manuel Encarnación, Coordinator of ContraPESO Coalition received targeted attacks with the objective of infecting their mobile devices with surveillance malware exclusively sold to governments by the company NSO Group.

According to the evidence, the attacks are related to the target’s activities in defense of public health, particularly advocating for a soda-tax and criticizing deficient food labeling regulation.

In the light of these revelations, the signatory national and international civil society organizations:

  1. Condemn the illegal surveillance revealed and show our solidarity and stand with the academic institutions and civil society organizations targeted with these attacks.
  2. Express our concern about the Mexican government’s use of highly intrusive software such as the Pegasus malware commercialized by the NSO Group, particularly against researchers and civil society organizations. This type of surveillance malware that exploits unknown security vulnerabilities (zero-day) in commercial software and products to obtain an absolute control of a device, severely compromises the right to privacy, especially when there is no legal controls or democratic oversight of state surveillance.
  3. Demand the government of Mexico to stop the threats and surveillance against researchers and civil society organizations and call for an immediate investigation to identify and punish the officials responsible for illegal surveillance in Mexico.
  4. Call international organizations, governments around the world and the international community as a whole, to investigate the activities of the NSO Group and other companies that sell surveillance capabilities to Mexico, a country with a record of human rights abuses.
  5. Express our special concern regarding this new instance of harassment against researchers and health activists that affect the interests of the food and beverage industries. We call the industry to clarify its involvement or knowledge of the revealed surveillance and to publicly reject any act of intimidation against human rights defenders.

Access Now

Asociación Nacional de la Prensa de Bolivia (ANP)

Asociación para el Progreso de las Comunicaciones (APC)

Asociación por los Derechos Civiles (ADC)

Association of Caribbean Media Workers


Australian Privacy Foundation


Centro Nacional de Comunicación Social AC (Cencos)

Centro de Estudios Constitucionales y en Derechos Humanos de Rosario Centro Horizontal

Centro de Reportes Informativos Sobre Guatemala (CERIGUA)

Comisión Mexicana de Defensa y Promoción de los Derechos Humanos, A.C. (CMPDH)

Contingente MX


Datos Protegidos

Derechos Digitales

Electronic Frontier Foundation (EFF)

Enjambre Digital

Espacio Público, Venezuela

Fundación Karisma

Fundación para la Libertad de Prensa (FLIP)

Fundamedios, Ecuador

Fundar, Centro de Análisis e Investigación

Hiperderecho, Perú

Intercambio Internacional por la Libertad de Expresión (IFEX-ALC)

Instituto de Liderazgo Simone de Beauvoir (ILSB)

Instituto de Prensa y Libertad de Expresión (IPLEX)

Instituto Prensa y Sociedad (IPYS)

Katarzyna Szymielewicz

Organización Fraternal Negra Hondureña (OFRANEH)

Panoptykon Foundation

Patient Privacy Rights

Privacy International

Public Knowledge

Red en Defensa de los Derechos Digitales (R3D)

Renata Aquino Ribeiro, Researcher E.I. Collective

Reporteros Sin Fronteras


SonTusDatos Artículo 12, A.C.

Sursiendo, Comunicación y Cultura Digital (Chiapas, MX)

TEDIC, Paraguay

Usuarios Digitales, Ecuador

Washington Office on Latin America (WOLA)