EU Chief Condemns Israeli Software Allegedly Used For Spying On Journalists

European Commission President Ursula von der Leyen condemned spyware software licensed to Israeli company NSO Group on Sunday after allegations that the software is being used to hack smartphones belonging to activists, journalists, and government officials worldwide. An investigation that was published on 18 July by 17 media organizations and led by non-profit journalism organization Forbidden Stories found that a malware program formerly known as Pegasus was successful in spying on targeted individuals  through their cell phones. The report comes only months after the FBI released information on their investigation into NSO Group for potential hacks on American residents, businesses, and suspected government intelligence agencies.

Von der Leyen told reporters during her visit to Prague that “What we could read so far – and this has to be verified, but if it is the case it is completely unacceptable. Against any kind of rules we have in the European Union,” adding that “Freedom of media, free press is one of the core values of the EU. It is completely unacceptable if this hacking were to be the case.” The Guardian reports that the breach contains a list of over 50,000 phone numbers that have been identified as people of interest by NSO clients since 2016. If confirmed, this could be one of the biggest-known abuses of individual privacy worldwide, specifically by authoritarian governments weaponizing the surveillance software. Secretary-General of Amnesty International Agnes Callamard told Forbidden Stories that “The numbers vividly show the abuse is widespread, placing journalists’ lives, those of their families and associates in danger, undermining freedom of the press and shutting down critical media. It is about controlling the public narrative, resisting scrutiny, suppressing any dissenting voice.”

The story broke after Amnesty International’s Security Lab partnered with Forbidden Stories to lead a forensic analysis which found that the highly sophisticated spyware tool had given clients entry to the entire content of devices, including access to the camera and microphone. According to their publication “Pegasus: The New Global Weapon For Silencing Journalists”, Forbidden Stories and their partners found that 67 phones had been infected through a security flaw in iPhones as recently as this month. Amnesty International identified possible NSO clients in states such as Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the U.A.E. They also found evidence that the family and associates of Jamal Khashoggi, the late Saudi journalist, were targeted by Pegasus before and after his death in Istanbul in 2018.

Although the identities of the persons have not been released yet, the investigators claim that the victims include hundreds of executives, religious leaders, academics, NGO employees, and union and government officials including cabinet members, presidents, and prime ministers. The Guardian also reported that more than 180 journalists had been affected by the breach, including employees of Financial Times, CNN, The New York Times, France 24, the Economist, the Associated Press and Reuters.

NSO has since denied all allegations, stating on their website that “We would like to emphasize that NSO sells its technologies solely to law enforcement and intelligence agencies of vetted governments for the sole purpose of saving lives through preventing crime and terror acts. NSO does not operate the system and has no visibility to the data.” The company also insists that their technology is used to combat pedophilia rings, sex and drug trafficking, and locating missing persons. They claim that the Forbidden Stories report is exaggerated and lacks evidence.

Pegasus demonstrates how easily spyware can be crafted to violate and threaten individuals’ freedom and privacy. For coercive governments, this surveillance is an effective method to censor human rights activists and journalists. Although appearing to be a legitimate technology that would aid in security, the company has facilitated a system of abuse for governments that wish to crush opposition and partake in human rights violations. Agnes Callamard says that “Clearly, their actions pose larger questions about the wholesale lack of regulation that has created a wild west of rampant abusive targeting of activists and journalists. Until this company and the industry as a whole can show it is capable of respecting human rights, there must be an immediate moratorium on the export, sale, transfer, and use of surveillance technology.” Governments should consider a moratorium to investigate whether there are other potential breaches and to ensure the safety of the technology. Pressure from the European Union to hold states accountable to standards of transparency with regard to surveillance tools is urgently needed to ensure that individuals, are they are guaranteed by international law, have the right to privacy and freedom of expression, and rights to association and assembly.

Jillian Mulloy