When the Guardian revealed what is now called Catalangate, the largest digital espionage affair to date, they propelled the war on spyware to a whole new level. Like Mexican journalists, Thai pro-democracy activists, or Palestinian human rights defenders, several of Catalonia’s pro-independence supporters were infected with the infamous Pegasus (created by the Israeli company NSO) and Candiru programs for seemingly political purposes. Amongst the 65 targeted politicians later identified by Citizen Lab and The New Yorker magazine in a follow-up investigation are Roger Torrent (the speaker of the Catalan regional parliament), Anna Gabriel (a former regional MP who recently returned to Spain after her exile in Geneva ), and Jordi Domingo (an activist). The Spanish government behind the illegal surveillance that took place between 2017 and 2020 claimed their actions were justified by the need to monitor what it considered to be a seditious movement.
“Just like with weapons and conflict minerals, import and export laws also need to regulate the circulation of malware, intrusion software, and remote monitoring tools.”
A CALL FOR GLOBAL REGULATIONS
The surge in political hacking and its threat to democracies has become a major topic of attention for human rights defenders. A report published during the 51st session of the Human Rights Council identified the many safeguards and remedies needed to put an end to the issue, followed by digital rights NGO Access Now’s call for The Geneva Declaration on Targeted Surveillance and Human Rights: a plea for more regulation in the industry, supported by the Government of Catalonia, the private sector, and civil society. “For starters, States need to cut ties with the bad actors—such as NSO—identified in the industry, and companies that develop digital technology need to patch the codes that have been broken by surveillance devices,” says Peter Micek, General Counsel at Access Now. “Just like with weapons and conflict minerals, import and export laws also need to regulate the circulation of malware, intrusion software, and remote monitoring tools. Actions can also be taken by the private sector. WhatsApp and Apple, for instance, are currently suing NSO and protecting their users against Pegasus.” Once a person’s device is infected, “there is no limit to the data, information, and control that spyware enables remote attackers to enjoy over the targeted devices. Photos, videos, and other information stored on the device, location data, contact lists, calendars, social and email accounts, and much more become available to attackers,” adds Micek.
CITIZEN LAB'S SUPPORT
Isn’t it too late to act? Surveillance technology comes in many forms and has infiltrated society on a global scale. “I trust that singular actors like NSO will meet their reckoning,” insists Micek. “Italian company Hacking Team had its demise. Others can be brought down as well. Indeed, the more significant issue of developing cyber weapons is not easy to solve, but we’re all in this together.” Siena Anstis, who is a Senior Legal Advisor at Citizen Lab, agrees that the initiative carries hope: “Putting these commitments in writing is a helpful step that is being complemented by continued research and reporting on the deployment of these technologies against civil society, journalists, and human rights defenders. The Declaration has to be matched with a clear and specific action to address this proliferation. In particular, we urgently need to see targeted and robust regulatory action by governments concerning the sale, import/export, and use of digital surveillance technologies.”