Pegasus and Penalties

Pegasus is a horse that has bolted because there was no stable door to close in the first place.

The spyware, which can be used to record and extract information from smartphones and other devices undetected and without penalty, is a critical threat to progressive politics around the world. We can’t rely on nation-states to contain the threat, because national governments are one of the key drivers of surveillance techniques, which are nearly always eventually used against their own citizens in order that the government of the day maintains power. Do not fool yourself that the major powers, democratic or otherwise, will not obtain illicit information gathered by Pegasus, covertly or secondhand from oppressive regimes, and misuse it for political purposes.

If the Internet community of commercial interests and general users, which comprises nearly all of us, can’t penalise and shut down Pegasus, we all ultimately lose. Privacy of communications is one of the core values of the internet, and Pegasus is the latest formidable challenge. It comes at a time when climate change activists and progressive politicians are fighting a desperate battle against climate change, time, and populist politicians. If they, and the journalists who report their actions, are outmanoeuvred or intimidated, jailed or murdered, the course of human history is changed for the worse. It is not a stretch to say that political will to create global climate change policy, for example, is dependent on secure electronic communications. But so is secure internet facilitated commerce. And this gives internet-based commerce the right to support international human rights policy on the right to privacy of communications that already exist, by acting against Pegasus and its owner Israeli firm NSO Group, to shut down use of the spyware.

This is a problem that requires immediate action and penalties – the argument that the spy software has been sold for legitimate uses to intelligence agencies, law enforcement agencies, and military, in vetted government bodies, has been exposed as a cover-up for purchasers doing whatever they want.

Challenges to privacy of communications are as old as the internet itself. In 1996, a Paper titled Government, Cryptography and the Right to Privacy, written by Peter Gutmann and myself, was the first publication to address the issue of challenges to privacy online. It was a time when governments sought to have access to encrypted communications, a battle which continues today. In that paper, we laid out evidence that governments have always sought to spy upon and thus control their citizens. We argued that unfettered use of cryptography was the only way to protect commerce, political freedom, and the right to privacy of individuals.

The background of this conflict of interest by national governments feeds into the likelihood that Pegasus, and hacking software like it, will continue to be used in the background, rather than be vigorously investigated and outlawed. It appears that Pegasus has been developed legally more or less in plain sight. It is hacking software developed by an Israeli surveillance firm, which has sold it on the basis that it will be used to catch terrorists and criminals. The software can be used to extract to extract messages, photos, and emails, record calls and secretly activate microphones from smartphones. The Pegasus Project has revealed that repressive governments have used the the software to target human rights activists, journalists, lawyers, and government leaders including French president Emanuel Macron.

Macron has been reduced to asking the Israeli government to properly investigate the allegations that he and his Cabinet have been targeted by Morocco’s security services, using Pegasus.

These intrusions will be just the start, if urgent action is not taken.

Comment from Ilia Siatitsa, Acting Legal Director, Privacy International:

NSO Group and the rest of this pernicious surveillance industry are leaving activists terrified of speaking out for fear the government is watching their every move. Governments in Israel, Europe and the United States need to stop shirking responsibility and implement a moratorium on the sale and transfer of surveillance equipment until a proper human rights regulatory framework is put in place.

The chances of this happening are slim. The fact that a human rights regulatory framework is not already in place speaks volumes. The internet community, which is us, needs to protect its core values.