On February 11, the technology and human rights research center Citizen Lab published a report finding that attackers were using state-level malware to compromise the accounts of public health advocates in Mexico. A coalition of civil society groups has issued an open letter (below) condemning the dangerous violation of privacy.
The alert that public health advocates in Mexico were receiving strange notifications came through Access Now’s Digital Security Helpline. Our team worked to assist the Mexican digital rights organizations R3D and SocialTic, who gathered evidence about the odd messages and provided legal and technical support to the victims on the ground.
These organizations then sent the evidence to Citizen Lab, which found that the victims – all of them high profile advocates for Mexico’s soda tax – had been targeted with malware created by NSO Group, a software company based in Israel that supplies spying tools to law enforcement officials. It claims to sell its products only to government customers.
The Citizen Lab report provides details suggesting that individuals related to the Mexican government may have been behind these illegal hacking attempts. This builds on the worrying precedent of revelations about the Italian company Hacking Team, which exposed Mexico as the top purchaser of government hacking tools in Latin America. The government used the Hacking Team tools not just in criminal cases but also to spy on journalists and political opponents.
There are serious human rights implications in the use of government hacking tools for political persecution in Mexico. The civil society organizations reject those practices in an open letter and demand answers from the Mexican government.
Please share this post and the letter to amplify the voices against this type of hacking.
To follow up developments on this issue, you can monitor the hashtag #BitterSweetMx on Twitter and Facebook.
CIVIL SOCIETY ORGANIZATIONS REJECT GOVERNMENT’S SURVEILLANCE OF HUMAN RIGHTS DEFENDERS IN MEXICO
On July 11, an investigation by the Citizen Lab at the University of Toronto’s Munk School of Global Affairs and the New York Times revealed evidence that Dr. Simon Barquera, researcher at Mexico’s Public Health National Institute, Alejandro Calvillo, Director at El Poder del Consumidor, and Luis Manuel Encarnación, Coordinator of ContraPESO Coalition received targeted attacks with the objective of infecting their mobile devices with surveillance malware exclusively sold to governments by the company NSO Group.
According to the evidence, the attacks are related to the target’s activities in defense of public health, particularly advocating for a soda-tax and criticizing deficient food labeling regulation.
In the light of these revelations, the signatory national and international civil society organizations:
- Condemn the illegal surveillance revealed and show our solidarity and stand with the academic institutions and civil society organizations targeted with these attacks.
- Express our concern about the Mexican government’s use of highly intrusive software such as the Pegasus malware commercialized by the NSO Group, particularly against researchers and civil society organizations. This type of surveillance malware that exploits unknown security vulnerabilities (zero-day) in commercial software and products to obtain an absolute control of a device, severely compromises the right to privacy, especially when there is no legal controls or democratic oversight of state surveillance.
- Demand the government of Mexico to stop the threats and surveillance against researchers and civil society organizations and call for an immediate investigation to identify and punish the officials responsible for illegal surveillance in Mexico.
- Call international organizations, governments around the world and the international community as a whole, to investigate the activities of the NSO Group and other companies that sell surveillance capabilities to Mexico, a country with a record of human rights abuses.
- Express our special concern regarding this new instance of harassment against researchers and health activists that affect the interests of the food and beverage industries. We call the industry to clarify its involvement or knowledge of the revealed surveillance and to publicly reject any act of intimidation against human rights defenders.
Asociación Nacional de la Prensa de Bolivia (ANP)
Asociación para el Progreso de las Comunicaciones (APC)
Asociación por los Derechos Civiles (ADC)
Association of Caribbean Media Workers
Australian Privacy Foundation
Centro Nacional de Comunicación Social AC (Cencos)
Centro de Estudios Constitucionales y en Derechos Humanos de Rosario Centro Horizontal
Centro de Reportes Informativos Sobre Guatemala (CERIGUA)
Comisión Mexicana de Defensa y Promoción de los Derechos Humanos, A.C. (CMPDH)
Electronic Frontier Foundation (EFF)
Espacio Público, Venezuela
Fundación para la Libertad de Prensa (FLIP)
Fundar, Centro de Análisis e Investigación
Intercambio Internacional por la Libertad de Expresión (IFEX-ALC)
Instituto de Liderazgo Simone de Beauvoir (ILSB)
Instituto de Prensa y Libertad de Expresión (IPLEX)
Instituto Prensa y Sociedad (IPYS)
Organización Fraternal Negra Hondureña (OFRANEH)
Patient Privacy Rights
Red en Defensa de los Derechos Digitales (R3D)
Renata Aquino Ribeiro, Researcher E.I. Collective
Reporteros Sin Fronteras
SonTusDatos Artículo 12, A.C.
Sursiendo, Comunicación y Cultura Digital (Chiapas, MX)
Usuarios Digitales, Ecuador
Washington Office on Latin America (WOLA)