Unsafe and unchecked: government use of spyware raging around the world

In light of damning new reports of state-sponsored human rights abuses facilitated by NSO Group, Candiru, and Cellebrite, Access Now is calling for urgent action to hold the surveillance industry and governments accountable.

Yesterday, July 18, Amnesty International and Forbidden Stories’ breaking investigation, the Pegasus Project, revealed that more than 180 journalists in 21 countries — including India, Mexico, Saudi Arabia, France, Morocco, Hungary, and Azerbaijan — were targeted by at least 12 of NSO Group’s clients. It analyzed more than 50,000 records of phone numbers that NSO clients identified for surveillance, and uncovered multiple infected devices

“These shocking exposés of privacy invasion, technology misuse, and human rights abuse facilitated by NSO Group, Cellebrite, and Candiru, are just more examples of why we urgently need to lift the curtain on this questionable industry, and hold these spyware firms and the governments to account,” said Natalia Krapiva, Tech Legal Counsel at Access Now. “The industry has shown that it is incapable of policing itself, while governments — including democratic states — are hiding behind national security to whitewash these surveillance abuses. We need regulation, transparency, and accountability now.”

Among the shocking findings, it was revealed that several members of Jamal Khashoggi’s immediate family were targeted by NSO’s Pegasus, with confirmation that the phone of his fiancée, Hatice Cengiz, was infected. The company has repeatedly denied involvement in Khashoggi’s murder, and continues selling spyware to the Saudi regime despite international concern over the government’s abuses. Amnesty International and Forbidden Stories also reported that the phone of Cecilio Pineda Birto, a journalist from Mexico, was selected as a Pegasus target before his execution in March of 2017. 

“Spyware is proving time and time again to be incompatible with human rights,” said Raman Jit Singh Chima, Global Cybersecurity Lead at Access Now. “No matter where it’s deployed, there are always opportunities for exploitation, and its rampant misuse is making global digital communications insecure.”

The Pegasus Project comes just days after an investigation by Citizen Lab and Microsoft on another Israeli surveillance tech company, Candiru, whose spyware was used to target at least 100 civil society actors — from Singapore to Palestine — including human rights defenders, journalists, and activists. Furthermore, the Committee to Protect Journalists revealed that Cellebrite technology was instrumental in the Botswana police’s search of a journalist’s phone, while Vietnam was outed on a long list of customers with a history of human rights violations against journalists and activists. 

Human rights should not be the afterthought of profit-driven corporations. Access Now has continually called for accountability and transparency in the surveillance industry, and again pushes all actors — from companies, to investors, to governments — to take urgent action to end the surveillance of human rights defenders, journalists, and all civil society actors.