Conflict Alerts # 412, 21 July 2021
In the news
On 18 July, a document of the investigation by Paris-based Forbidden Stories, Amnesty International and a consortium of international news outlets was published. The study was based on a list with thousands of phone numbers of over 1000 prominent persons from over 50 countries across the globe. It was called the Pegasus Project. According to the reports, the majority of the numbers were based on countries like Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia and the United Arab Emirates. This brings to the fore the ethical questions of spying and its usage by governments. While NSO and some of the governments have released statements denying any wrongdoing, it is unclear where the list of phone numbers was leaked from.
Issues at large
First, the idea of Pegasus. Early records of the issues with Pegasus dates back to 2015 when it was revealed that human rights workers, journalists, lawyers' politicians, and researchers were allegedly under surveillance by the Mexican authorities. Over the years, it has evolved to be seen as the most sophisticated hacking tool in the world, where it does not require the user to click on any exploitative links to activate them. Amnesty International, in 2019 submitted a petition to Israeli courts, in an attempt to force the Israeli ministry of Defence to revoke NSO's security exports licence.
The Pegasus spyware is popularly known to be used against criminals and terrorists and made available for use only for intelligence agencies, law enforcement, and military in countries with a good human rights track record. NSO is an Israel-based technology firm, founded in 2010. It is known to provide security services to governments. The media report reveals that there have been over 50,000 phone numbers in their database, of which over 600 politicians, government officials, security officers, diplomats, business executives, several members of the Arab royal family, and up to 200 journalists and human rights activists. Pegasus is a software that enables remote surveillance of smartphones with a "zero-click" attack that makes it hard to detect.
Second, the State involvement. Though NSO has denied the accusations, it argues that it can't be held responsible if governments misuse the technology, it sells them. While NSO is in legal battles with Amnesty International, WhatsApp, Facebook, the group in late June released a document called, "Transparency and Accountability Report," where it revealed that it has 60 clients from 40 countries. Officials from the company have revealed to The Independent that they cannot be sure exactly who is targeted by their software once it is handed over to the clients, and that they do not remotely operate it. The governments that purchase the spyware are asked to sign a contract in agreement to not transfer the systems to any third party. However, with the increasing activities on the internet, there is significant demand for these services.
Third, victims and their privacy rights: it is still unclear if all the devices of the numbers in the list have been infected. However, it can be considered a gross violation of the basic human right to privacy. For example, it has been revealed that the spyware was known to be installed in the phone of Jamal Khashoggi's fiancé days after his murder. These actions pose larger ethical questions on the legitimacy of the surveillance industry as a whole. How does a private firm from Israel be able to decide which client is allowed to access their software? Who is a fair client and who isn't?
In perspective
The report exposes the infrastructure of the Pegasus software. However, the sheer efficiency of the software will retain the demand for its use. The Pegasus software brings to us a modern version of private detectives, but detectives who remain at one of the closest to the personal space of an individual. The fact that the company uses the tracking of criminals and terrorists as a legitimizing factor can be seen as problematic. Governments and private companies like NSO must work towards the accountability of such services.