https://www.accessnow.org:443/victims-nso-group-malware-attacks-deserve-silence-complicity/

Victims of NSO Group malware attacks deserve more than silence and complicity

Governments around the world are buying surveillance technology from private companies, and using it to track the movements of journalists and monitor the contacts of activists. In the worst cases, victims become subject to detention, torture, and even death.

We have been watching Israeli spyware company NSO Group ever since discovering that its technology enables human rights violations in Mexico, the United Arab Emirates, and across the globe. We are supporting the efforts of Citizen Lab and Business & Human Rights Resource Centre to get answers from The Blackstone Group, a financial firm that is reportedly in negotiations to invest in NSO, and has leverage to stop the violations from happening.  

On Thursday, a public relations firm representing NSO Group responded to questions from BHRRC. But as we explained in our press statement on Friday, the company’s response is wholly inadequate. It shows that NSO may be willing to mouth platitudes, but won’t detail for the public what steps it is actually taking to prevent human rights abuse. Meanwhile, Blackstone has remained silent. These companies are failing to demonstrate respect for human rights. Meanwhile, human rights experts at the United Nations have already taken action on the situation in Mexico, urging the Mexican government to undertake an impartial investigation of the abuse.

The most recent news from Mexico adds to NSO Group’s appalling record of dealings with foreign governments. Earlier this month Citizen Lab released the sixth entry in its ongoing coverage of NSO, entitled Lawyers for Murdered Mexican Women’s Families Targeted with NSO Spyware. The report details how NSO malware is being used against the lawyers defending the families of the victims of the Navarte killings.

The 2015 murders are an extremely controversial political issue in Mexico. Government complainant Nadia Vera and photojournalist Rubén Espinosa were found having been tortured, sexually assaulted, and murdered in Vera’s apartment, along with the three other women who lived there. In the interviews they gave in the months leading up to their deaths, Vera and Espinosa claimed that they were being followed by government agents because they had reported on Veracruz Governor Javier Duarte. Duarte’s administration was encumbered with corruption allegations, and he is now facing trial in Mexico.

Duarte is a disgraced member of the reigning political party, the PRI. But during his tenure, he and Peña Nieto were considered close allies, and both have significant histories of conflicts with the press. Since Peña Nieto’s election in 2012, Mexico has become the most lethal country in the world for journalists, with 25 killed and 589 currently under protection after threats on their lives.

Surveillance and tracking complement and facilitate threats, torture, and murder. In 2017, reports on the targeting of journalists’ communications with federally owned spyware appear to have increased. Now it looks like those who defend them are also under attack.

Citizen Lab’s report reveals that attorneys David Peña and Karla Micheel Salas both received text messages on their phones with links that when clicked would have allowed NSO to gain access to their personal details and monitor all of their communications. The links used a domain and social engineering tactic consistent with previous attacks on Mexican citizens using “Pegasus” malware, a product that NSO claims it sells only to federal authorities.

Businesses have the responsibility to respect human rights. This means understanding how their products and services interfere with rights, and taking measures to prevent future violations. This responsibility goes beyond legal duties, which is why companies must engage with affected communities to “know and show” they respect human rights. To date, however, NSO Group and Blackstone have failed to engage meaningfully, despite continuous outreach from civil society.

Enough is enough. We can be sure that Citizen Lab has revealed only the tip of the iceberg of surveillance and abuse that is taking place. It’s time for NSO to share details about how it will prevent use of its products to violate human rights, and for Blackstone to respond to our petition, living up to its own promises of transparency and commitment to respect human rights.

Help keep the internet open and secure

Subscribe to our action alerts and weekly newsletter

Your info is secure with us.