The Pegasus Project — a collaborative investigation into the NSO Group’s surveillance software coordinated by the Forbidden Stories consortium and Amnesty International — has revealed that over 50,000 phone numbers were under illegal surveillance by various governments worldwide. The report has detailed that at least 180 journalists, human rights defenders, academics, businesspersons, lawyers, doctors, union leaders, diplomats, politicians and several heads of state have been targeted for surveillance by governments using the spyware known as Pegasus.
It has further revealed how the use of targeted surveillance technology by states has threatened individuals’ human rights, violated their right to privacy, and enabled “Big Brother is Watching You”-style Orwellian states all over the world. Therefore, it is worth examining what states hope to achieve by employing surveillance technology and the role democracies should play in limiting uncensored state surveillance.
How does Pegasus work as spyware?
In a 2016 article, The New York Times analysed the NSO Group’s proposal to governments. The NSO Group prices its “surveillance tools by the number of targets, starting with a flat $500,000 installation fee.”
The Group charges government agencies $650,000 to spy on 10 iPhone users, $650,000 for 10 Android users, and $500,000 for five BlackBerry users, plus installation charges.
Pegasus, as NSO claims, captures data from target individuals’ mobile devices suspected of being involved in serious crimes and terrorism. However, as reported, spyware is brazenly used by governments worldwide to spy on their civil society.
What are Zero-Click attacks?
Pegasus infections can be achieved through “zero-click” attacks, which do not require interaction from the device owner. These attacks exploit so-called “zero-day” vulnerabilities, flaws, or bugs in a device’s operating system that have not yet been discovered and cannot be patched.
The spyware can be deployed remotely on a smartphone without the owner’s knowledge. Once installed, the spyware enables its clients to completely control the device. It can read messages sent through encrypted messaging apps, such as WhatsApp and Signal.
It can also capture keystrokes, intercept communications, track the device, and turn on the microphone and camera to spy on the target. Amnesty International’s Security Lab has published a meticulously detailed technical paper on how they identified the Pegasus-targeted mobile phones.
They have also detailed how to use the Mobile Verification Toolkit (MVT) to see if their phones have been infected with spyware.
Who are the targets of Zero-Click attacks?
NSO Group, under the investigation’s radar, has asserted its rationale for existence to “provide technology to licensed government intelligence and law enforcement agencies to help fight terrorism and serious crime.”
But, for many years, this tool was used against civil society in many countries, violating international human rights.
The Washington Post report reveals that three sitting Presidents, France’s Emmanuel Macron, Iraq’s Barham Salih, and South Africa’s Cyril Ramaphosa; three current Prime Ministers, Pakistan’s Imran Khan, Egypt’s Mostafa Madbouly, and Morocco’s Saad-Eddine El Othmani; and one king, Morocco’s Mohammed VI were on the list of targets of NSO’s spyware.
Worldwide victims of Pegasus attacks
Members of the Arab royal family, politicians, journalists, corporate leaders, and human rights activists were among the targets of state surveillance. Mexico has reported a rampant abuse of Pegasus, with over 15,000 Mexican phone numbers being found on the list, including that of former president Felipe Calderon.
In India, the members of civil society, ranging from opposition leaders to human rights campaigners, journalists, academics, lawyers, retired judges, and student activists, have been the targets of Pegasus.
The list also includes the family members, friends and associates of Jamal Khashoggi, a journalist murdered by the Saudi regime in 2018.
The NSO Group’s spyware has enabled the states to target those critical of the establishment. Target’s most sensitive information — physical location, video content, individual contacts, personal photos, and private chats — has been captured and turned against them, with no option to challenge such state surveillance.
Amnesty’s report notes: “Pegasus software is designed to be an extraordinarily severe interference with the right to privacy.” Despite this, several cracks exist in the legal and regulatory frameworks that aim to keep state surveillance under control at both the national and international levels.
Big Brother is targeting you with Pegasus
The demand for surveillance technologies has increased as governments worldwide strive to control the “public sphere.”
Jürgen Habermas, a German philosopher, coined the term to describe how private individuals convened as a public and articulated the needs of society to the state. In this context, the public sphere refers to the ability of individuals to share their ideas and opinions, both publicly and privately.
Surveillance technologies have created a fear of expressing your opinions even in the private sphere. You cannot message someone something without the fear of being under the scrutiny of the state mechanism.
Foucault, disciplinary power and surveillance
The Foucauldian sense of disciplinary power — the panopticon, a system of design that enables the systematic ordering and control of human populations through subtle and often unseen forces — is evident in state surveillance.
In his 1975 work Discipline & Punish: The Birth of the Prison, Michel Foucault used the analogy of Jeremy Bentham’s Panopticon (a prison structure that enabled prisoners to be watched constantly) to show how the modern-day surveillance state works. He wrote:
Hence the major effect of the Panopticon: to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power. So arranging things that the surveillance is permanent in its effects, even if it is discontinuous in its action; that the perfect of power should render its actual exercise unnecessary; that this architectural apparatus should be a machine for creating and sustaining a power relation independent of the person who exercises it; in short, that the inmates should be caught up in a power situation of which they are themselves the bearers. To achieve this, it is at once too much and too little that the prisoner should be constantly over-served by an inspector: too little for what matters is that he knows himself to be observed; too much because he does not need in fact of being so.
(Foucault 1975)
Foucault adds, “The Panopticon is a machine for dissociating the see/being seen dyad: in the peripheral right, one is seen, without ever seeing; in the central tower, one sees everything without ever being seen.”
In Foucault’s opinion, the belief that surveillance mechanisms constantly observe our private conversations is enough to discipline us, our behaviours and our actions. Even as you read this, some government agency can be recording, storing, and processing your data somewhere. It is this fear that the governments instil within their civil society with surveillance technology.
Pegasus and the dystopian
The Pegasus project reveals that the governments that govern us may know everything about us, while we know nothing about them. George Orwell captures this subtle form of disciplinary power in his quote: “Big Brother is Watching You.”
The dystopian novel 1984, in most parts, offers an eloquent critique of present-day society, mired by surveillance and an authoritarian regime. Orwell writes: “You had to live — did live from habit that became instinct — in the assumption that every sound you made was overheard, and except in darkness, every moment scrutinised.”
In the late 1940s, Orwell discussed concepts such as doublethink, the memory hole, thoughtcrime, Newspeak, the Thought Police, Room 101, and Big Brother — as they would appear in the nightmares of future societies. Orwell once forewarned us about the world we live in today.
If you haven’t already, READ Orwell’s 1984!
Rise of illiberal democracies
The NSO Group, an Israeli cyber-surveillance firm, sells its flagship product, Pegasus, a spying software, to “vetted governments” worldwide.
Forbidden Stories has identified potential NSO clients in 11 countries: India, Azerbaijan, Bahrain, Hungary, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo and the United Arab Emirates (UAE).
We can classify these countries as either “not free” or “partly free” based on their political structures. (For the sake of this article, I’ve used Freedom in the World 2021 report on political rights and civil liberties published by Freedom House, a U.S.-based think-tank.)
Not so free countries and Pegasus
The countries considered “not free” lack a functioning democracy, restrict civil and political liberties, and/or oppress their citizens. The countries identified as “partly free” are slowly drifting towards less free societies, but are not quite there yet.
The countries that Freedom House has classed as “not free” are Azerbaijan, Bahrain, Kazakhstan, Saudi Arabia, Rwanda, and the United Arab Emirates. Azerbaijan and Kazakhstan were part of the erstwhile Soviet Union. The sudden disintegration of the Soviet Union between 1989 and 1991 resulted in the emergence of new autocrats in the region that Moscow’s communist elites had previously ruled.
Since 1993, both under the authoritarian rule of Heydar Aliyev and his son Ilham Aliyev, Azerbaijan has been marred by pervasive corruption, endangered civil liberties, rigged elections, and curtailed press freedom.
In Kazakhstan, President Nursultan Nazarbayev ruled the country from 1990 to 2019, significantly influencing the country’s politics. Kazakhstan’s elections are neither free nor fair, with most opposition leaders imprisoned and pro-government oligarchs controlling the media.
Bahrain, Saudi Arabia, and the United Arab Emirates, on the other hand, are motivated by the desire to surveil their population to repress any and all dissent towards their regimes.
These Sunni-led monarchies fear the emergence of democratic uprisings that could depose them, as happened during the Arab Spring in the early 2010s. While state surveillance is not new to the region, it has revamped this old autocratic impulse to suppress opposition and monitor civilians using technology.
Rwanda, a small landlocked country in East-Central Africa, operates as an authoritarian state with tightly centralised power. President Paul Kagame of Rwanda has used widespread surveillance, intimidation, torture, and alleged killings to stifle political dissent since 1994.
Given the political structures of these “not free” states, it is unsurprising that they would use surveillance to maintain power. However, what is most intriguing is why and how the “partly free” states justify their use of state surveillance.
Among the states classified by Freedom House as “partly free” are Hungary, India, Mexico, Morocco, and Togo. The most common characteristics of these “party-free” states are the loss of credibility in democratic institutions and the rising intolerance towards dissent. There is a growing rise of what I prefer to call “illiberal democracies.”
Illiberal democracies on the rise
The term “illiberal democracy” gained prominence in Fareed Zakaria’s 1997 article, “The Rise of Illiberal Democracy,” in Foreign Affairs. In brief, Zakaria argues that illiberal democracies are on the rise globally, thereby limiting the liberties of the people they represent.
Democracy has always been synonymous with a system that allows freedom of assembly and speech, inclusiveness, equality, the rule of law, consent, the right to life and minority rights.
Zakaria points out that countries adopting elections without protecting liberty give rise to “illiberal democracies.” They are neither ‘free’ nor ‘not free’, but are ‘probably free’, falling between democratic and nondemocratic regimes.
To discuss the nature of illiberal states, I will examine the cases of Hungary and India since 2010.
After rising to power in the 2010 elections, Prime Minister Viktor Orbán of Hungary openly advocated for “illiberalism” as a distinct state character, one that diverges from Western liberal democracy. In his speech in 2014, Orban declared his intention to build “an illiberal new state based on national values.”
The speech was intriguing for two reasons: first, it marked the first time a democratic state had openly embraced illiberalism; and second, it was the first time in the EU that a European country had rejected Western liberal democracy.
Since then, Orban has been pushing for constitutional and legislative changes that allow him to consolidate control over democratic institutions.
India’s Prime Minister Narendra Modi and his Hindu nationalist party, the BJP, have stoked rising religious violence, dissent suppression, and persecution of marginalised groups since 2014.
India is becoming an illiberal democracy under the leadership of Narendra Modi. The ruling elites have embraced illiberalism in both states to consolidate and sustain power.
These states sustain — and sustain on — pervasive surveillance, ethnoreligious violence, minority and gender-based discrimination, and exploitative laws.
Securitisation of surveillance
The political elites of these illiberal democracies perceive certain sections of civil society as threats to national security. They employ surveillance technology to monitor their citizens, citing “threat to national security” as justification. To understand this phenomenon, we need to revisit the securitisation theory of Ole Waever.
In his 1995 essay Securitisation and Desecuritization, Waever shows us that “security” is a speech act. By uttering the term “security,” a state representative moves a certain issue into the security sphere and claims special rights to do whatever it takes to resolve it.
Waever writes, “In naming a certain development a security problem, the ‘state’ can claim a special right, one that will, in the final instance, always be defined by the state and its elites.”
According to securitisation theory, states determine national security threats based on subjective rather than objective assessments of perceived danger. Therefore, those in power can always try to use the instrument of securitisation of an issue to gain control.
Securitisation and illiberalism
Using the security framework provided by the Copenhagen School of Security Studies, we can examine how political elites justify the use of surveillance technologies to measure national security. In Orban’s Hungary, civil society activists have been categorised as paid political activists trying to help foreign interests.
The Hungarian government securitises NGOs as “foreign agents” working against national interests. The Orban government has compelled NGOs receiving over 24,000 euros per year from foreign sources to re-register as “civic organisations funded from abroad,” adopt this label in all their public and media appearances, and disclose a list of foreign donors.
Pegasus investigations have also shown us that Orban’s government is suspected of having deployed spyware to hack the phones of investigative journalists and independent media owners.
In Modi’s India, from college students to journalists, intellectuals, politicians, and human rights advocates, everyone who dissents has been labelled as “anti-national.” Dissent against government policies has been securitised as an act against the state by Hindu nationalist political elites. In its bid to suppress this dissent, the Indian state is suspected of having resorted to surveillance.
Opposition politicians, students, journalists, academics, ministers, business executives, a Supreme Court judge who has not been named yet, and the woman who accused the then Chief Justice of India (CJI), Ranjan Gogoi, of sexual harassment are among those who the state surveillance has targeted. Its goal is to curtail all efforts at independent political mobilisation against the government.
The way forward in dealing with surveillance
Edward Snowden, barely in his 30s, had prophesied: “The technology cannot be rolled back, technology is not going anywhere… it is going to be cheaper, it is going to be more effective, it is going to be more available. If we do nothing, we will sleepwalk into a total surveillance state, where a superstate has unlimited capacity to apply force and unlimited ability to know and target individuals — and that is a very dangerous combination. This is the direction of the future.”
First, separating good technology from adverse technology is critical to solve the security surveillance paradox.
Here, I define adverse technology as anything that impedes humanity’s progress, aids in the curtailment of civil and political rights, and promotes fear in society.
According to this definition, Pegasus spyware is an adverse technology, as it meets all three criteria: governments have used it to curb press freedom and privacy, thereby threatening freedom of expression and association.
As David Kaye and Marietje Schaake suggest in their recent essay, “governments should implement a moratorium on the sale and transfer of spyware technology until a global export regime can identify and place these tools under global restraint.”
Using surveillance technologies on civilians must be accepted as a global security threat.
Second, anticipating coordinated international action against the misuse of surveillance technology is essentially unrealistic. This is also unthinkable in many circumstances, as many authoritarian regimes rely on espionage technologies to maintain their power and influence.
Therefore, like-minded democratic states must work together to establish norms that help in regulating adverse technologies. They must aim to blocklist corporations that manufacture such technologies as a norm-setting process.
On that note, Biden’s upcoming Summit for Democracy, which aims to galvanise support for combating authoritarianism and advancing human rights, must provide an important opportunity for participating democratic states to commit to not deploying or exporting surveillance technologies.
Third, there is an urgent need to establish an independent international agency to monitor and blocklist businesses that develop adverse technologies. This should further facilitate in adoption of a legal framework requiring transparency in the use and acquisition of surveillance technology. Targeted sanctions against individuals and entities responsible for selling surveillance technology to regimes likely to misuse it will ensure accountability among these entities and individuals.
Finally, individual countries must impose permanent restrictions on corporations that manufacture and sell surveillance equipment to authoritarian regimes. They must also implement policies and procedures that ensure more corporate accountability for product use and clear human rights due diligence. It is time for democracies to band together and set global norms to prevent the abuse of surveillance technologies. How these democracies respond to the challenges posed by surveillance technology will determine whether they will survive or perish.
Cover Photo by Matthew Henry on Unsplash