Protecting Dissidents from Spyware: A Call for Democratic Action

The Convergence of Technology and Global Politics

The TechCrunch Global Affairs Project investigates the growing connection between the technology industry and international political landscapes.

The Pretext of National Security

Governments procuring spyware consistently cite the necessity of combating terrorism and ensuring public safety as justification. However, it is well-established that when authoritarian governments obtain advanced surveillance technologies, their intent extends to targeting activists, journalists, and anyone expressing dissent.

These spyware programs, designed to infiltrate devices and extract data without user consent, function as instruments of repression, comparable in impact to conventional weaponry.

A Pattern of Abuse

Numerous documented instances confirm this reality of the 21st century. Despite this, companies persist in selling their spyware to oppressive regimes, sometimes claiming ignorance regarding its likely application.

This practice has significantly increased the vulnerability of political dissidents worldwide, exposing them to heightened risks of arrest and further harm.

Personal Experiences with Surveillance

We have firsthand knowledge of this technology’s misuse, as both victims ourselves. One of us, Ali Al-Ahmed, a naturalized American originally from Saudi Arabia, experienced the Saudi government accessing his Twitter data.

This stolen information was then utilized to identify, detain, and subject his Twitter followers to torture.

Matthew Hedges, a British academic, discovered his phone had been compromised by authorities even before his arrival in the United Arab Emirates during a research trip.

He was subsequently arrested in 2018, falsely accused of espionage, and initially sentenced to life imprisonment. After six months in custody, he was released, having endured handcuffing and the administration of debilitating medications.

Systemic Violations of Human Rights

While these experiences remain deeply impactful, we are now secure in the United States and Britain. However, our cases are representative of a widespread, systemic pattern of abuse perpetrated by authoritarian regimes against individuals daily, in direct violation of international law and fundamental human rights.

By empowering despots to monitor citizens’ activities, spyware vendors facilitate such mistreatment. Until democratic governments impose stricter regulations on companies that disregard the potential for abuse, dissidents globally will remain at risk.

The Need for Democratic Intervention

The moment demands decisive action from democratic nations, including the United States, to address this issue. Western democracies frequently discuss the need to regulate Big Tech.

However, in the ongoing debate between government oversight and technology companies, “users have become the main casualties,” as highlighted in a recent report by Freedom House.

Beyond China and Russia

China and Russia often receive the most attention for state-sponsored hacking and repression due to the scale of their operations. Yet, U.S. allies, such as Saudi Arabia, are frequently among the most egregious offenders.

For instance, Saudi Arabia, the United Arab Emirates, and Bahrain – some of the Middle East’s most repressive regimes – acquire spyware from the Israeli company NSO Group.

These governments have deployed NSO’s Pegasus software to hack the phones of numerous human rights advocates and critics, often extending beyond their national borders.

Personal and Illicit Uses of Spyware

In some instances, autocratic leaders have personal motivations, as exemplified by Sheikh Mohammed bin Rashid Al Maktoum, the ruler of Dubai.

A British court determined that he utilized Pegasus to surveil his ex-wife and children.

This information came to light when an NSO Group official alerted a British lawyer about the surveillance. While the sheikh’s misuse of Pegasus was concerning, the fact that NSO Group was aware of its illicit use is even more alarming.

Although senior managers within the firm felt compelled to report the abuse, the company has not disclosed its knowledge of other potential abuses by its clients.

A Network of Spyware Vendors

NSO Group is not the sole provider of spyware to entities with a history of human rights violations. Israeli firms Candiru and Cyberbit operate in the same market.

Products from German company Finfisher and the Italian firm Hacking Team (now Memento Labs) have also been implicated in abuses.

The Limits of Self-Regulation

NSO Group has reportedly terminated contracts with Saudi Arabia and the United Arab Emirates, citing misuse of Pegasus. However, self-regulation is insufficient.

Democratic governments must clearly communicate to these companies that they will face export restrictions and sanctions against senior staff if their products are used to violate human rights.

Expanding Trade Restrictions

Expanding the use of blacklists restricting trade with companies enabling abuse is another crucial step. The U.S. Commerce Department already includes NSO Group, Candiru, Positive Technologies, and Computer Security Initiative Consultancy on its “Entity List,” limiting their access to U.S. components without a license.

A broader global campaign of this nature could be even more effective.

A Global Agenda for Democracy

Democratic nations should also establish transparent, standardized regulations for spyware usage. The recent White House-hosted Summit for Democracy aimed to combat authoritarianism and promote human rights.

As this coalition moves forward, addressing the issue of spyware should be a top priority.

A New Era of Digital Repression

We have undeniably entered a new era of electronic espionage and digital repression. Only through stronger regulatory and legal safeguards can democracies ensure their survival, foster free speech, and protect the well-being of their citizens.