Calls Grow for Moratorium on Private Spyware After Pegasus Revelations

Calls are growing for stricter regulations on the use of surveillance technology after revelations that countries have used the powerful Pegasus spyware against politicians, journalists and activists around the world. The Pegasus software, sold by the Israeli cybersecurity company NSO Group, can secretly infect a mobile phone and harvest its information. While the company touts Pegasus as intended for criminals and terrorists, leaked data suggests the tool is widely abused by governments to go after political opponents and dissidents, according to reporting from The Pegasus Project, an international consortium of 17 media organizations. We feature a PBS “Frontline” report on the shocking findings that the Israeli government allowed NSO to continue to do business with Saudi Arabia even after the Saudi journalist and dissident Jamal Khashoggi was assassinated in 2018 in the Saudi Consulate in Istanbul, and allegedly used Pegasus to surveil Khashoggi’s fiancée. “Contrary to what NSO is claiming, the spyware Pegasus is used to target people absolutely unrelated to criminal activities or terrorism,” says Agnès Callamard, secretary general of Amnesty International. She adds that The Pegasus Project has exposed that abuse of powerful surveillance technology “is systematic, and it is global.”

TRANSCRIPT

This is a rush transcript. Copy may not be in its final form.

AMY GOODMAN: We begin today’s show with the shocking findings of The Pegasus Project, an international collaboration of 17 media organizations that investigated the Israeli cybersurveillance company NSO Group. The NSO Group manufactures and sells advanced spyware to governments called Pegasus that can secretly infect a mobile phone and harvest its information. The company claims its spyware is meant to target terrorists and criminals, but data leaked to The Pegasus Project suggests several countries use the powerful cyberespionage tool to spy on activists, politicians, dissidents and journalists.

The consortium analyzed a leaked data set of 50,000 phone numbers that allegedly belong to persons of interest to NSO’s customers. A sample showed dozens of cases of successful and attempted Pegasus infections. The reporting also revealed a massive wave of attacks by NSO Group’s customers on iPhones, potentially affecting thousands of Apple users worldwide. In one of the most shocking findings, The Pegasus Project reported the Israeli government allowed NSO to continue to do business with Saudi Arabia, even after the Saudi journalist and dissident Jamal Khashoggi was assassinated in 2018 in the Saudi Consulate in Istanbul.

In a minute, we’ll speak with the secretary general of Amnesty International and one of the lead reporters on The Pegasus Project. But first, this is a PBS Frontline report that follows Washington Post reporter Dana Priest, one of the more than 80 journalists working on The Pegasus Project, as she traveled to Turkey and verify if Pegasus had been used to surveil Khashoggi’s fiancée, Hatice Cengiz. The report was coordinated by the journalism nonprofit Forbidden Stories, with technical support from Amnesty International’s Security Lab.

NARRATOR: On October 2nd, 2018, journalist Jamal Khashoggi walked into the Saudi Consulate in Turkey and never came back out. Around the time of his murder, a powerful spyware may have been used to surveil his family.

REPORTER: Activists, journalists, all are said to have been hacked by spyware developed by the Israeli company called the NSO Group.

NARRATOR: A consortium of news outlets from around the world, including Frontline, have been investigating the use of the spyware called Pegasus and the Israeli company NSO Group that sells it to foreign governments.

BILL MARCZAK: The government can see anything on the phone, including pictures, contacts, listening in to calls.

NARRATOR: As part of the investigation into Pegasus, Washington Post reporter Dana Priest traveled to Istanbul. Working with the journalism nonprofit Forbidden Stories, the reporters were given access to 50,000 phone numbers concentrated in countries known to be NSO clients. They included journalists, politicians, human rights activists and Jamal Khashoggi’s fiancée, Hatice Cengiz. Dana Priest and a producer working for Frontline and Forbidden Stories met with Hatice to verify if her phone had in fact been hacked.

PRODUCER: What I’m doing is basically a backup. And then, based on this backup, we will look if there is any trace of infection past occurred. What we’re looking for is traces of a software called Pegasus.

HATICE CENGIZ: I remember the first days after the murder, a lot of times they tried to hack my email. Hmm. And then Gmail was sending to me emails all the time: “Someone tried to open your account,” or something like that.

DANA PRIEST: The simple ones are like that message. The really sophisticated ones, they don’t need a message. They don’t need you to do anything.

HATICE CENGIZ: Really?

DANA PRIEST: Yeah.

HATICE CENGIZ: But why do people say the iPhone, they’re more safe to — no one can hack or —

DANA PRIEST: That’s what the iPhone says, the company. But it’s not true. So, the Pegasus software can, if it gets inside — I don’t know if it gets inside every time it tries, but if it gets inside, it can turn your microphone on, so that it can — whoever is doing it can listen to what you’re saying and what other people are saying. But it also can go into your email, your WhatsApp, your contacts, your pictures, your videos, and it can just steal them all, make a copy of everything. And then, you know, our thought is, if it’s doing that against people like you, who are not terrorists or criminals, then why? Part of what we want to show, and what we think we know, what we are discovering and what we’re researching, is, no, they use it against civilians. And why would they want to know what you’re doing?

HATICE CENGIZ: Yes, it’s my personal life. It’s my secret life. It is not enough to say, “Please, stop, after this murder. Please.” Yeah, it is — it’s horror.

NARRATOR: After getting backups of both Hatice’s new phone and the one she was using at the time of Khashoggi’s murder, Dana Priest sent them to Amnesty International’s Security Lab for analysis. A few hours later, while on the way back to the airport, she received a call with the results.

TECHNOLOGY EXPERT: I guess just pretty bad news is never-ending. So, I checked both the uploads. The new one seems clean to me. The old one, however, has some traces. It’s consistent with what we have seen.

DANA PRIEST: Oh.

TECHNOLOGY EXPERT: So, on the 6th of October of 2018 seems to have been a first — a first compromise, which was followed by some additional traces on the 9th and then on the 12th, which is obviously, as you know, pretty timely, within the context, obviously.

DANA PRIEST: Yeah. Wow. She has already been infected, so it’s already happened.

TECHNOLOGY EXPERT: Yeah.

DANA PRIEST: So it’s great that you’re finding it.

TECHNOLOGY EXPERT: Yeah, I don’t think the…

NARRATOR: There was now proof that Pegasus had been used to target one of the people closest to Jamal Khashoggi around the time of his death. In a statement, NSO Group said its technology was not associated in any way with Khashoggi’s murder. The company said it was on a lifesaving mission, preventing terror attacks and serious crimes. But in addition to Hatice, Frontline, Forbidden Stories and the partner news outlets are investigating the cases of journalists, human rights activists, politicians and others in more than 50 countries who may have been targeted for surveillance.

AMY GOODMAN: That video report part of an upcoming Frontline documentary, produced with Forbidden Stories, to air on PBS. And that last reporter voice, Dana Priest of The Washington Post, who went to visit Khashoggi’s fiancée in Turkey and found her phone infected.

For more, we go to London to speak with Dr. Agnès Callamard, the new secretary general of Amnesty International, previously the United Nations special rapporteur on extrajudicial, summary or arbitrary executions. As U.N. special rapporteur, she led an investigation into the murder of the Saudi journalist Jamal Khashoggi. She was also director of the Global Freedom of Expression Project at Columbia University.

Dr. Callamard, welcome to Democracy Now! Congratulations on your new position at Amnesty International. This is explosive information you are releasing right now, Amnesty working with the Forbidden Stories project. Let’s start with the example of Jamal Khashoggi and what this says about what to many may be the first time they’re hearing about this spyware produced by Israel.

AGNÈS CALLAMARD: Well, what it first shows is what you have highlighted, that contrary to what NSO is claiming, the spyware Pegasus is used to target people absolutely unrelated to criminal activities or terrorism. It is used to target individuals like Hatice, the family or friends of human rights defenders and journalists. It is used to target journalists and human rights defenders. In fact, according to Amnesty International, at least 180 journalists have been targeted.

I think what the project is showing is the breadth and the scale of the abuse. We already had an element of anecdotal evidence that the spyware had been used to target human rights defenders. What we have with Pegasus Project is actually the demonstration that the misuse of the spyware is systematic, and it is global.

JUAN GONZÁLEZ: And, Dr. Callamard, what do we know about the NSO Group, its relationship to the Israeli government? And does it just sell this software and then no longer has connection with it, or does it somehow maintain an ability to monitor what its clients are doing with the software?

AGNÈS CALLAMARD: OK. So, with regard to the first question, the intelligence industry is, for the government of Israel, a very important industry. It’s a strategic industry. It is also an industry that is supposedly regulated, in that every export by NSO is being licensed by the state of Israel. So, that’s the relationship. There is a relationship at the strategic level, and there is relationship at the regulatory level. So, I think the nature of the relationship is pretty close and pretty deep. So, when we talk about NSO’s failure to act with due diligence, we are also talking about the failure of the government of Israel to abide by its obligation under international law. That is the first issue.

With regard to NSO relationship to its client, it is actually a pretty close relationship, in that NSO has the capacity to close down, to shut down the spyware and any kind of system it is providing to the client. NSO is claiming that it does not have any oversight over the use of the spyware. And, you know, we don’t know that for sure, but that’s what they are claiming. But they do have a sufficient relationship that they can shut down the system, which is why we are calling on them now, given the evidence being provided, that they shut down every single system in place with all of the clients that have been listed by Amnesty and others over the last few days.

AMY GOODMAN: This is NSA whistleblower Ed Snowden speaking to The Guardian about spyware sales, he says, needing to be stopped.

EDWARD SNOWDEN: If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect. The way we do that is to halt the trade around this technology.

AMY GOODMAN: Dr. Agnès Callamard, would you go that far?

AGNÈS CALLAMARD: Absolutely, absolutely. So, Amnesty International, as well as, in fact, when I was a special rapporteur, I did the same, are calling for a moratorium over the use and the export of that intelligence spywares and that industry, more generally, that needs to be more heavily regulated. We are calling for a moratorium because we believe that in the current conditions and environment, it is impossible to properly monitor how it is going to be used, therefore the only option is for a moratorium over its sale and its export.

The other point I want to make, following on the journalist that you just interviewed, is that, indeed, that spyware is a weapon. This is the only way we need to look at it. It is a weapon against democracy. It is a weapon against human rights. It is a weapon against freedom of the press, against scrutiny of government. It is a weapon against the justice and fair trial, as we are seeing in Turkey. And it is used extraterritorially, meaning that the government of a country, such as Morocco, can use that spyware to target people on the territory of another country. That goes against every dimension of international law, and certainly against the U.N. Charter. So we are talking here about a pretty bad thing.

AMY GOODMAN: So, you mentioned Morocco, and I wanted to talk about the Moroccan court yesterday sentencing the independent journalist Omar Radi to six years in prison, arrested last year on what press freedom advocates called “retaliatory charges.” For years Omar has been targeted by Moroccan authorities for his reporting on corruption and human rights. And last year, your organization, Dr. Callamard, Amnesty International, revealed Moroccan authorities had hacked his phone using Pegasus spyware from the Israeli company NSO Group. I spoke to Radi last year, just weeks before he was arrested.

OMAR RADI: Pegasus is a quite silent program. You don’t feel it, actually. And it’s not a persistent program. It doesn’t stay in your phone or in your computer. It works using a network injection, so people need to be near you to make themselves pass as a relay antenna. And your phone is connected to a fake relay antenna, and then the network injection works, and then the program works, and they get — I don’t know. It has a lot of features. It can use your microphone, it can use your keyboard, it can use your screen, and get any information that is stored in your phone.

So, I don’t know the amount of information they’ve stolen from my phone. But I’m sure, in this pro-medias — pro-state medias, they published many information that I have exchanged even in Signal, which is known that is a very safe program. So I have evidence that my own conversations have been leaked to pro-state media, the same that are leaking also my bank information.

AMY GOODMAN: So, that’s Moroccan journalist Omar Radi, again, just yesterday, sentenced to six years in prison. Soon after we spoke last year, he was imprisoned. Dr. Agnès Callamard, if you can comment on this case?

AGNÈS CALLAMARD: You know, I mean, of course, what we are — what you are describing right now is an incredible miscarriage of justice. But it is also demonstrating how harmful — if we needed to, how harmful that spyware is. It is of course a violation of, let’s say, the right to privacy. But when it is being used, it is the beginning to — it has a domino effect on a range of other violations.

In the case of Omar Radi, that spying, through the spyware, led to his imprisonment, led to his arbitrary detention. In other cases, even though the causal relationship is of course difficult to establish — in other cases, there are someone such as the Mexican journalist Cecilio Pineda being compromised with his phone, and a couple of days later, he is being murdered. We cannot make the causal relationship between the compromise and the murder, but surely the suspicion is there, as it is in the case of Omar, that the spying and the use of the spyware led to his arbitrary detention, and that led to this unlawful imprisonment.

It is an extremely harmful tool at the hand of governments that will do anything to protect themselves — and not just, by the way, of the usual suspect. In the list of countries that have used the spyware, we found Hungary. We found India. Of course, we found Morocco, but we also found Azerbaijan, Mexico. Mexico, more than 20 journalists have been targeted through the spyware. India, more than 40 journalists have been targeted.

JUAN GONZÁLEZ: And, Dr. Callamard, I wanted to ask you about a remarkable coincidence, it seems. The very day that these revelations come forward from this international consortium, the United States government suddenly announces that it has found that China was hacking into Microsoft email, and they marshaled condemnation from other governments around the world — an investigation that was going on for months. And also, they suddenly unsealed indictments that occurred back in May of some Chinese hackers. As a result, last night in the national news, a lot of the attention was on China’s hacking, not so much on the revelations that your consortium has unearthed here. Your sense — how does this compare to some of the stuff that supposedly is happening that China is involved in?

AGNÈS CALLAMARD: Look, we have focused on the privatization of spying and intelligence through a focus on NSO. We know that the surveillance industry is very powerful, and it is completely unregulated. So, that is something that must remain on the international agenda. It does not mean that spying by government is not as crucially important. Of course it is. It may fall under a different form of regulation. I have not followed closely enough the allegations against China and Microsoft. I will say that the overall surveillance world is one that is out of control. It is the Far West. Whether it is powered by a government or powered by a private company, it is equally dangerous for — frankly, for global peace and for democracy. And it must be — it must be scrutinized, and it must be regulated. You know, I can’t comment really on the motivation of the U.S. government and whether they were trying to derail a little bit the focus on NSO. I don’t know whether they did it. My point is that there is an overall world here that we need to control and need to really regulate.

AMY GOODMAN: Dr. Agnès Callamard is our guest, secretary general of Amnesty International. We’re going to break, come back with her, and we’ll be joined by Nina Lakhani, senior reporter at The Guardian, one of the 17 media organizations who are part of The Pegasus Project. She specifically looked at the Mexican journalist Dr. Callamard just mentioned who was murdered, and also looks at others who are surveilled as targets for potential hacking by NSO’s clients. Stay with us.