The leak about the extent of surveillance of journalists, dissidents and even leaders, confirms what we already knew about the threat democracy is under. That’s the elephant in the room, the real story is not what we found out, but what we are prepared to do about these revelations.
The Guardian and its coalition of newspapers have uncovered a database of phone numbers, which may or may not have been targets of murky surveillance by authoritarian state governments. This included dozens of journalists, activists, dissidents and politicians.
Sadly, however, the news was not new at all. Anyone working in fields of cybersecurity, digital rights, human rights, or diplomacy could tell you that smartphones could be hacked quite easily by companies such as NSO.
Indeed, NSO and Pegasus have grabbed the headlines before, and those working in protection of human rights defenders at risk (this author included) were well aware of the threat they posed. Phones would be left outside meetings, or put in magnetic bags. Diplomats working on sensitive issues, especially linked with undemocratic governments would say “if you have any information that is truly very sensitive, write it down on paper, and slide it across a table in a noisy café, that’s the only way to be sure these days.” We’re back to 1950s Cold War methods. Is there a way back to some kind of future we would like to live in?
It’s easy to look at all of these victims of oppressive governments, journalists, human rights defenders, opposition leaders, be appalled and think “how brave they are, what threats they face.” But the much larger story is not about “them” as such, it’s about us.
NSO is a company started by three Israelis, Nir, Shalev and Omri that were able to deploy technology, Pegasus, to hack phones and make a business out of it. Once the genie is out, it won’t be put back. What NSO does, enabling these human rights violations, including apparently murders of innocent people, is morally repugnant. Having said that, smartphones are hackable, and if they are, someone was always going to hack them. NSO just happens to be the company that made it big first, apparently.
Every smartphone is a vortex of data about its user: locations, calls, videos, recording every single word you say, all day, every day, and in bed at night. NSO and others might be able to hack your phone, but there are those that operate your phone, and hundreds of apps, that have access to your data all the time. Google, Amazon, Facebook and Apple control all of the data in your life. Uber, Airbnb, Tinder, and thousands of others regularly ask you to authorise access to your life. Do you know what they record or what they track? As long as the information stream continues, saving all of our lives into giant data centres, none of us will have any privacy. Our data may be manipulated for commercial or political means beyond our grasp.
Those who hold the data hold absolute power, and it is very hard to imagine that absolute power won’t be abused. Of course dictatorships and corrupt governments go after their critics and rivals first, and they do so forcefully and violently. We should be asking who’s next and how. While these people on the front lines of democracy were hacked personally, the rest of us are targeted collectively by political ads and disinformation, based on our personal data trail. There are many shades of manipulation and abuse.
As all the Pegasus scandal unfolded, the head of Europol, Catherine de Bolle, and Cyrcus Vance, district attorney of New York, came out with a statement calling for the end of end-to-end encryption. Put simply, this would in effect end any kind of guarantee privacy we may still have on our devices. Civil society organisations, including Alliance4Europe, responded forcefully calling this out for the bad idea it is.
We need international regulation on sellers of cyber-weapons like NSO.
Corporations can be encouraged to develop responsible practices, but that must go hand in hand with laws that protect rights. Digital products need to be designed so that data collection can be easy for the user to cut off at the click of a button. Apple’s recent decision to enable such a feature Is a step in the right direction. Mass surveillance or targeted hacks are unacceptable , and if we do not put a stop to it now, it will continue to shape our lives in the coming decades.
This is why EU legislation on digital technologies currently being drafted is so essential, and why public civil society pressure and leadership in the field is so essential. When we think of Pegasus and journalists being hacked, we need to know that it’s all about us.
Omri Preiss is a co-founder and Managing Director of Alliance4Europe, working for a more democratic and sustainable Europe.