WEF spyware

As the WEF meets, pressure is on the world’s powerbrokers to shut down the spyware industry

In 2022, there is no business case for spyware technology. Its abuse is tainting the entire tech sector. If the industry’s big players do not step up and take a bold stand on surveillance now, it’s not only the human rights of millions of people at risk, it’s their own futures. 

The finance world’s powerbrokers are meeting at the World Economic Forum in Davos this week, and they must seize this opportunity to shut down an unchecked industry that’s bad for their reputations, and disastrous for human rights. We need a moratorium limiting the sale, transfer, and use of these cyber weapons until people’s rights are safeguarded under international human rights law backed by Davos leaders.

The surveillance tech industry has long facilitated gross violations of human rights in darkness — no accountability, no checks and balances. But in recent years, as civil society systematically shone a light on the sector’s harmful impact, companies are facing a colossal blowback. With each new revelation of invasive, warrantless spying — on everyone from journalists and activists, to public health advocates, to heads of state — the surveillance industry’s malpractice is thrust into the public realm. This may be just the start of the industry’s end. 

Civil society calls for a spyware moratorium at the WEF meeting at Davos, 2022: Brett Solomon, Executive Director at Access Now; Peggy Hicks, Director, Thematic Engagement, Special Procedures, and Right to Development Division, Office of the High Commissioner for Human Rights; Agnes Callamard, Secretary General at Amnesty International; Kenneth Roth, Executive Director at Human Rights Watch; Stéphane Duguin, Chief Executive Officer at CyberPeace Institute; and Timothy Noonan, Director, Campaigns and Communications at International Trade Union Confederation.
The financial and reputational consequences of ignoring human rights 

Activists, journalists, and human rights defenders, often the first targets of regimes equipped by spyware firms, are gaining traction in the battle to hold their persecutors to account. Their actions are snowballing damage to these companies’ statuses, and, no doubt, catalyzing irreparable harm to their bottom lines. We saw NGOs convince the European Ombudsman to open an investigation into the EU’s role in developing surveillance capabilities outside of its borders. Civil society pushed for stronger EU dual use export rules, and pressured the U.S. to add NSO Group and Candiru to its blocked Entity List. The Biden administration responded by launching the multilateral Export Controls and Human Rights Initiative with allies, while  U.S. lawmakers are calling for targeted sanctions. Who will be spyware’s future customers if the industry is being edged out of the biggest markets in the world?

These actions follow calls by U.N. human rights experts — echoed by Costa Rica — for a global moratorium on the sale, transfer, and use of private surveillance technologies until human rights-compliant laws and regulatory frameworks are in place.

Not even the tech industry wants surveillance tech in its ranks, and companies that are impacted by spyware are reacting.  WhatsApp and Apple are suing NSO Group in separate cases, Amazon shut down infrastructure and accounts linked to NSO Group, and Meta removed seven “surveillance-for-hire” operations that targeted over 50,000 Facebook users. Google spoke up, dropping a meticulous report on a recent NSO Group attack.

Companies are feeling the burn, with infamous German spyware trader FinFisher going belly-up, closing its offices amid a criminal investigation, while NSO Group is reportedly on the brink of financial collapse, considering shutting down Pegasus and selling the company.

NSO Group’s clear disregard for human rights has undoubtedly increased public animus and distrust toward the tech sector. Its downfall should serve as a warning to the industry as a whole: it’s time to get your act together. Our message? What’s bad for human rights is bad for business. If you don’t listen to civil society and center people within your corporate practices, your profits will not survive.

Tech industry: step up your game

Tech sector leaders should not wait for a moratorium to take action. Davos is a face-to-face opportunity to solidify actions, and implement change. They can join those companies already standing up against spyware abuse, and work to integrate human rights-based principles and practices in their own businesses. 

For example, companies can take immediate steps such as terminating any direct contractual relationships with spyware vendors, and implement concrete measures to avoid directly or indirectly supporting spyware tools and related technologies — and ensure investors, suppliers, clients, and customers do the same — through robust pre-contractual due diligence and monitoring.

Civil society wants a public pledge, jointly as through the corporate Tech Accord, to sweep the spyware sector off your platforms, your vendor and client lists, and your investment portfolios, implemented through binding agreements. At the same time, you should embed human rights protections in your missions, and develop, monitor, and regularly update human rights policies and practices, with teeth, via cross-functional and empowered human rights teams. It’s also time to protect strong encryption and deploy end-to-end encrypted services wherever possible. Bug bounties and responsiveness to independent security researchers can help drain the swamp of cyber vulnerabilities.

Importantly, engage stakeholders from civil society and human rights sectors.

If the tech industry fails to take the spyware threat seriously, we will see human rights and democratic principles curbed around the world.  This instability benefits no one. Taking a stand against spyware is not only a moral imperative, it will enable a healthy tech sector and business environment. For your own sake and ours, listen up and set forth.