Cyberattack on rights

Published July 24, 2021

A COLLABORATIVE investigation into a data leak of software sold by the Israeli surveillance company NSO Group has led to some hair-raising revelations. The company has sold Pegasus, malware that is used to conduct cyber surveillance, to authoritarian governments who want to spy on journalists, activists, politicians and government officials.

The software can infiltrate iPhones and Androids, enabling the operator to record calls, retrieve photos, messages, and emails without the knowledge of the phone user. Though the company claims it only sells its software to those who want to use it against terrorists and criminals, a massive data leak from its records shows its clients may have used it against targets who fall into neither of those categories. The leak contains the phone numbers of 50,000 individuals, and a forensic analysis of some devices has shown traces of the Pegasus malware.

Pegasus spyware: how does it work?

At least 10 governments are believed to be NSO clients, including Saudi Arabia, India and the UAE. The phone numbers in the leak span 45 countries — including Pakistan, where a number once used by Prime Minister Imran Khan was targeted for potential surveillance. The government is now investigating whether Mr Khan’s device was in fact infiltrated.

Read: PM Imran's number among those targeted for surveillance by India using Israeli spyware

Spyware like Pegasus facilitates human rights violations, especially when in the hands of authoritarian regimes. A government or intelligence agency can use the software to spy on dissidents and critics — a dangerous and worrying reality in countries where privacy and human rights are routinely flouted. It can also be used by hostile countries to spy on rivals in a new era of cyberespionage. The fact that the list of phone numbers in the data leak is linked to individuals who evidently do not have criminal or terror links speaks volumes for how this spyware is being abused. It is also a test for phone manufacturers and app developers to come up with improved protection. Although it is virtually impossible for any device to be totally bug-free or hacker-proof, both iOS and Android developers should invest in research to improve security.

It is important that the international community come together to regulate the use of such tools and curb the violation of human rights. Governments must pressure global rights bodies to monitor countries that develop and sell this software. The export of such surveillance technology should either be stopped or heavily regulated to prevent abuse. One step towards this is the consortium itself. Much like the Panama Papers investigation, a group of journalists shed light on Pegasus’ clients and their requests. This story gives hope that countries can work together on the basis of a similar template to stop the abuse of fundamental rights when it comes to digital surveillance and cyberespionage. Until such companies can demonstrate that they can respect human rights and limit abuse of their software, their widespread sale should be restricted.

Published in Dawn, July 24th, 2021

Opinion

Editorial

Crisis conference
Updated 04 Feb, 2023

Crisis conference

PTI's refusal to engage with the govt in such testing times will only be seen as sign of ideological bankruptcy.
Revenge politics
04 Feb, 2023

Revenge politics

A SENSE of déjà-vu prevails as cases pile up against PTI politicians, many of whom, along with their allies and...
Inappropriate remarks
04 Feb, 2023

Inappropriate remarks

OFFICIALS of the state, especially when representing the country at international forums, need to choose their words...
Delay in the offing?
Updated 03 Feb, 2023

Delay in the offing?

Govt must realise that political stability in the country cannot be achieved by extra-constitutional actions.
Divisions in PML-N
03 Feb, 2023

Divisions in PML-N

DISCORD and drama in PML-N ranks escalated this week when Shahid Khaqan Abbasi revealed he no longer holds a party...
Wikipedia ‘downgrade’
03 Feb, 2023

Wikipedia ‘downgrade’

ATTEMPTS to police the internet by states, often by giving opaque justifications for the action, are never a good...