Picture: 123RF/GLEBSTOCK
Picture: 123RF/GLEBSTOCK

“The private surveillance industry is a free-for-all.”

So wrote David Kaye, a UN special rapporteur on freedom of expression, in a 2019 report detailing how governments were using spyware developed and supported by companies to eavesdrop on journalists, activists, opposition figures and manifold individuals exercising their right to free speech, often leading to arbitrary arrests, torture and sometimes extrajudicial killings.

That same year, Apple launched an advertising campaign promoting the impenetrability of its flagship iPhone product: “If privacy matters in your life, it should matter to the phone your life is on. Privacy. That’s iPhone.”

No such luck.  

A striking example of how the unrestrained private surveillance industry is thriving burst into the open in recent days as we read in shock how it collaborates with tyrannical governments in the spread of technology that is causing  immediate and regular harm to individuals and organisations that are essential to democratic life.

The reporting by 17 media partners, as well as Amnesty International, revealed shocking allegations that military-grade spyware licensed by Israel’s NSO Group to governments around the world may have been used to hack the phones of reporters, activists, politicians and many more, including President Cyril Ramaphosa.  

Researchers at Amnesty, whose work was reviewed by the Citizen Lab at the University of Toronto, found that NSO can deliver the spyware, called Pegasus, by sending a victim a malicious link via an SMS or e-mail, which when opened covertly infects the phone.

Most people do not fall for such spear-phishing tricks any more, and NSO’s sales pitch would have fallen flat. However, the latest version of the program uses a much more sophisticated and dangerous method of attack called a “zero-click” exploit, which takes advantage of vulnerabilities in the iPhone’s software. 

As the name suggests, the attack does not require any action by the targeted phone’s user. With a simple missed call on WhatsApp, the Pegasus software can remotely penetrate any device, including an iPhone. 

Saudi Arabia was named as one of the  governments that signed up to use the software, the possibilities of which are frighteningly vast. The spyware reveals the darkest secrets of a smartphone, to be mirrored on a computer screen elsewhere, turning it into a powerful surveillance device that covertly copies e-mails, instant messages and photos.

A 2015 technical document from NSO lays out the capabilities of the Pegasus spyware program. It is able to monitor the smallest details of a target’s life, throwing up alerts if the target enters a certain area or if two targets meet, or if a certain phone number is called.

The document, made public as part of a lawsuit against NSO by WhatsApp, which occupies a ubiquitous status across the world,  shows how keystrokes can be logged and phone calls intercepted, while a feature dubbed “room tap” uses a phone’s microphone to soak up ambient sound wherever the device happens to be.

Put simply, Pegasus is a dangerous weapon. 

Like all weapons, it can be misused. Few can dispute the justification of a spy agency to hack a phone of the boss of a criminal network or indeed an unidentified group hell-bent on stoking social turmoil like we saw last week in KwaZulu-Natal and Gauteng.

It would be naive to think only autocratic leaders such as those in Saudi Arabia — which, according to reports, bugged the phones of relatives of murdered journalist Jamal Khashoggi in 2018 —  find this software a handy tool to advance their repressive regimes. 

As SA’s government tries to pin down the face of what Ramaphosa has described as an insurrection when crowds went on a looting frenzy, it might be tempting for some government officials to experiment with technology that violates human rights.  

The revelations should not only be a deterrent for would-be politicians to infringe on citizens’ rights to privacy, they should instil a sense of urgency for governments across the world to adopt safeguards to protect individuals from unlawful surveillance.

subscribe

Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.