SpywarePegasus Project Shows the Need for Real Device Security, Accountability and Redress for those Facing State-Sponsored Malware

By Cindy Cohn

Published 22 July 2021

It is no surprise that people around the world are angry to learn that surveillance software sold by NSO Group to governments has been found on cellphones worldwide. People all around the world deserve the right to have a private conversation. Communication privacy is a human right, a civil liberty, and one of the centerpieces of a free society. And while we all deserve basic communications privacy, the journalists, NGO workers, and human rights and democracy activists among us are especially at risk, since they are often at odds with powerful governments.

People all around the world deserve the right to have a private conversation. Communication privacy is a human right, a civil liberty, and one of the centerpieces of a free society. And while we all deserve basic communications privacy, the journalists, NGO workers, and human rights and democracy activists among us are especially at risk, since they are often at odds with powerful governments. 

So it is no surprise that people around the world are angry to learn that surveillance software sold by NSO Group to governments has been found on cellphones worldwide. Thousands of NGOs, human rights and democracy activists, along with government employees and many others have been targeted and spied upon. We agree and we are thankful for the work done by Amnesty International, the countless journalists at Forbidden Stories, along with Citizen Lab, to bring this awful situation to light.

Like many others, EFF has warned for years of the danger of the misuse of powerful state-sponsored malware. Yet the stories just keep coming about malware being used to surveil and track journalists and human rights defenders who are then murdered —including the murders of Jamal Khashoggi or Cecilio Pineda-Birto. Yet we have failed to ensure real accountability for the governments and companies responsible. 

What can be done to prevent this? How do we create accountability and ensure redress? It’s heartening that both South Africa and Germany have recently banned dragnet communications surveillance, in part because there was no way to protect the essential private communications of journalists and privileged communications of lawyers. All of us deserve privacy, but lawyers, journalists, and human rights defenders are at special risk because of their often adversarial relationship with powerful governments. Of course, the dual-use nature of targeted surveillance like the malware that NSO sells is trickier, since it is allowable under human rights law when it is deployed under proper “necessary and proportionate” limits. But that doesn’t mean we are helpless. In fact, we have suggestions on both prevention and accountability.