It is difficult to know what is most shocking about this week’s revelations that the security services of many of the world’s governments might be using smartphone-based spyware to keep tabs on those they perceive to be enemies of the state. Despite the outrage expressed by various media outlets and opposition groups with political axes to grind, it can’t, surely, be the simple fact that it’s happening.
After all, in the wake of the September 11 attacks, the 2005 London attacks, the 2015 Paris attacks and the Bardo Museum killings in Tunisia the same year, the 2017 Manchester Arena bomb and numerous other terrorist outrages, including this week’s murder of at least 30 people in Baghdad, the real scandal would be if security forces everywhere weren’t doing everything in their power to head off such attacks.
Besides, like it or loathe it, we live in an age of mass surveillance. Each one of us is tracked and monitored every day, online and in the real world, by governments and companies alike. To express surprise at the existence and use of sophisticated smartphone spyware is simply disingenuous.
Perhaps, then, the shock lies in the revelation that many of the countries have used the software developed by Israeli firm NSO to target journalists. Journalists, we are told by journalists, should be exempt from this sort of snooping. But why?
Journalists are targeted because they are in contact with the very people on whom governments wish to keep tabs – dissidents and rebels make for good copy. What isn’t clear, however, is why journalists should cry “foul” when a government takes advantage of the backdoor into the world of dissent that many journalists carelessly leave wide open. Protecting a source has always meant refusing to disclose their identity, even in the face of official threats. In 2005, for example, US journalist Judith Miller served 85 days in jail after refusing to reveal her source for the story that so-called energy consultant Valerie Plame was a CIA analyst involved in investigating claims that Iraq was trying to develop a nuclear weapon.
Journalists have a duty to protect their sources, and today the only safe way to interview an at-risk subject is either in person, and in private, or by using a cheap mobile phone with a prepaid SIM card, fresh out of the box and straight into the bin when the call is over. Anyone who has ever watched a spy film knows this. To rely on governments to do the “decent thing” – and then complain later when it turns out that they didn’t – is both naive and a dereliction of that duty.
Predictably, much of the coverage in 17 selected Western media organizations that have been fed information about Pegasus by the Paris-based non-profit, Forbidden Stories, and Amnesty International has been targeted at Saudi Arabia and the UAE, the traditional bêtes noires of the virtue-signaling classes.
Strangely, however, the UK’s Guardian newspaper’s enthusiastic coverage of the supposed transgressions of the Gulf states appeared to be blighted by short-term memory loss. There was no mention of the fact that as far back as 2018 the University of Toronto’s Citizen Lab identified 45 countries that were using NSO’s Pegasus system, including the UK, Canada, France, the Netherlands and the US.
Small wonder, then, that NSO’s advisors have included Beacon Global Strategies, a Washington consulting firm run by a former CIA and Pentagon chief of staff and former staffers from the House intelligence committee and the US state department.
The political fallout whipped up by the revelations has been as noisy as it was predictable, and characterized chiefly by hypocrisy. In India, Narendra Modi’s government, which is suspected of having used Pegasus to spy on “several journalists, activists and an opposition election strategist,” has been accused of treason and “unforgivable sacrilege” by the political opposition.
Would the opposition have allowed the security services to take advantage of the technology were it in power? Certainly.
Would it accuse the government of having dropped the intelligence ball in the wake of a terrorist outrage? Of course.
Around the world, one of the benefits of being in opposition is that one can have it both ways.
But of all the sanctimonious coverage of the past week, it was the reliance on one Edward Snowden for commentary on just how awful the use of NSO technology by governments was that stank the most.
The source of the leak of the 50,000 telephone numbers has yet to emerge. But which country has the most to gain from the divisive fallout from the revelations? Could it be Russia, conspicuously absent from the list of countries supposedly implicated by the leak?
As evidenced by countless activities, including its interference in the US elections and attempted sabotage of the Nato alliance and the European Union, Russia is devoted to the disruption of international relationships, the better to extend its power.
So too, by association, is Edward Snowden, the former US national security agency intelligence consultant-turned-traitor who in 2013 fled to Russia, where he has been granted lifetime sanctuary. Snowden’s showboating revelations compromised national security in multiple countries, endangered the lives of countless agents and handed terrorists a training manual on how to avoid detection.
The journalists who disseminated the information Snowden leaked won multiple awards, as doubtless will those who are currently “exposing” the activities of governments seeking to protect their citizens in an extremely dangerous world. Launching its series on Pegasus earlier this week, the Guardian said, “We believe the public should know that NSO’s technology is being abused by the governments who license and operate its spyware.”
The citizens of those countries, however, might consider that the technology is being correctly used by their governments in an entirely justifiable attempt to protect them from harm – a thankless task, it seems, for which they will win no awards.
The Pegasus Project, a collaboration of 17 media organisations, released a report on July 18 detailing the potential hacking and illegal surveillance of 50,000 phone numbers, mostly in countries with authoritarian regimes, through the use of the Israeli-made spyware Pegasus. The targets of this alleged espionage include human rights defenders, activists, journalists, politicians, high-ranking public officials and business people.
What is Pegasus?
The Pegasus Project includes 80 journalists from 17 media organizations from 10 countries, with Paris-based media not-for-profit Forbidden Stories coordinating and the human rights not-for-profit Amnesty International overseeing forensic tests. Siddharth Varadarajan and M.K. Venu, the two founding editors of the Wire, an independent Indian media organisation that is assisting in the investigations, both had devices infected with Pegasus. One other editor from the Wire and three regular contributors also had their phone numbers on the list.
Amnesty’s Security Lab produced a detailed technical report after analyzing the leaked list. So far they have analysed 67 phones and found traces of Pegasus in 37 of them. Citizen Lab, an interdisciplinary research lab based at the University of Toronto, Canada has independently reviewed and approved Amnesty’s forensic examination methods.
While having a phone number on this list does not necessarily confirm that the phone has been infected with Pegasus, the users of these phones can theoretically be targetted by one of the NSO Group’s clients. The Amnesty Security Lab has also published the Mobile Verification Toolkit (MVT), an open-source mobile forensic tool to simplify the process of gathering and analysing data from potentially compromised Android and iOS devices.