The business of state surveillance


Casablanca, 2019. A well-known Moroccan activist meets a journalist. He’s a friend of hers, they have to catch up on several things that have happened since their last meeting. One of these is the disinfestation of the activist’s phone: he had discovered that he had been “infected” by a powerful spyware created by an Israeli company and had to resort to a methodical and professional “cleaning” of his smartphone. Except that during the meeting they did not know that the journalist’s telephone was also “monitored”. An online search was enough for his smartphone to be infected, putting it completely in the hands of those who, on the other hand, were able to observe, listen and take note of everything present in the journalist’s cell phone.

The spyware is called Pegasus and to produce it is an Israeli company, the Nso. Both have long been under the light of Amnesty, Forbidden Story (which produced a dense report on the Moroccan affair), Citizen Lab and many other organizations that have long denounced the danger of Pegasus and the complete lack of rules to limit its export from part of Israel. In the last two weeks Pegasus has become known to all the media, thanks to a journalistic investigation that has revealed how spyware is used by many countries (mostly authoritarian, such as Azerbaijan, Bahrain, Kazakhstan, Morocco, Rwanda, Saudi Arabia, but there is no shortage of democracies, albeit not exactly clear, such as India, Hungary and Mexico) to take complete control of the smartphone and therefore of the information of journalists and activists.

According to the documentation released by various newspapers, at least 50 thousand people are potentially affected by spyware. In some cases, as happened to the Saudi journalist Jamal Khashoggi, from “control” we have passed to murder. In others, spyware has become a real stimulus for an experimentation with very high numbers, such as in Mexico where, according to data released by the Guardian, one of the leading publications in the latest revelations on Israeli software, “the extraordinary number of numbers Mexicans in leaked data, including phones belonging to priests, victims of state-sponsored crimes and children of high-profile personalities, seriously undermines Nso’s claims that its software is only used by its customers to fight serious crime and terrorism. Despite the scandals of recent years, for example the one revealed by Snowden on the NSA, the attention with respect to data control and hoarding activities has often been focused on “platforms”, forgetting that a massive part of surveillance today takes place mainly through State “security” activities. The Pegasus affair, only the latest of its kind, is there to demonstrate that not only “everyone does so” but that the use of these tools is spreading like wildfire, financing economies and regimes and bringing back requests from NGOs and associations for regulation of the phenomenon.
The most serious problems highlighted by recent investigations are of two types: first, spyware is able to create a “zero click exploit”, that is, “enter” the smartphone without the victim having to do anything (or respond to a mail, nor to a message). The software “holes” the operating systems through some flaws: as they are repaired (since we have been talking about the power of spyware for some time) the software also updates itself, thus remaining dangerous (you can use tools to find out if you are been infected, but minimal technical knowledge is required). Secondly, Pegasus is one of the biggest fish in an ocean in which spyware is an immense market: Italy is also part of it with some products that over the years have been at the center of media attention and scandals. The issues are many and involve the producers and the missing rules capable of regulating or completely prohibiting the export of this software, a sector that Edward Snowden recently defined as “an industry that shouldn’t exist”.


The power of spyware confirms the “myth” of the place it comes from, namely the Nso, an Israeli company born from “Unit 8200”, an intelligence division in Tel Aviv that has launched into the commercial sector. It was then Israeli Prime Minister Benjiamin Netanyahu himself who underlined the reasons for this outlet: “it’s to make a lot of money,” he said several times at a conference on technology in Israel. And it was the current Prime Minister Bennet, when he was Minister of Defense, who gave the green light to the sale of spyware in the world. In Tel Aviv, in fact, they know Pegasus as well as Nso. Already in 2018, a survey conducted by Haaretz, based on around 100 sources in 15 countries, had shown that “the Israeli industry has not hesitated to sell offensive capabilities to many countries without a strong democratic tradition, even when they have no way of ascertain whether the items sold were used to violate civilian rights. The testimonies show that Israeli equipment was used to locate and detain human rights activists, persecute members of the LGBT community, silence citizens who were critical of their government, and even fabricate cases of blasphemy against the Islam in Muslim countries that do not maintain formal relations with Israel ”. Speaking of Nso, Antonella Napolitano, Policy officer at Privacy International, told us that “two months ago we published a joint report with Amnesty International and the Center for Research on Multinational Corporations, analyzing the labyrinthine structure of the Nso Group that provided ‘company legal and regulatory benefits in various jurisdictions to facilitate investment, operation and growth. Nso’s resistance to disclosing essential details about its operations, including sales and human rights impact, has provided the surveillance industry with a model for how to avoid transparency. Nso Group and the rest of this surveillance industry target journalists and activists around the world, causing them to be arrested or terrorized with the risk that the government is watching their every move. The governments involved can no longer shirk their responsibilities and must implement a moratorium on the sale and transfer of surveillance equipment until an adequate regulatory framework based on respect for human rights is put in place ”.


Today Israel, along with China, is probably the country with the strongest know-how in surveillance systems, both for internal use and for commercial purposes. The control over the Palestinians, denounced several times and whose dramatic consequences were recounted in the 2013 film “Omar” by director Hany Abu-Assad, and some unscrupulous uses of tracking systems during Covid-19 led Haaretz to raise doubts and reporting how Israel is “following China on surveillance”, through cell phone monitoring and the constant attempt “to intrude even more into our lives via our phones. And once he’s in, it’s hard to believe he’ll ever get out again. ‘ Eitay Mack, an Israeli human rights lawyer who has been trying for years to have the NSO export license canceled, told the Financial Times that “since the 1950s, Israel has used its arms sales for diplomatic gain, l ‘the only thing that changes are the names of the countries ”.
On the subject, namely how to manage the export of these products, Antonella Napolitano specifies that «after ten years of negotiations, the European regulation on dual-use technologies was approved in May 2021, introducing certain safeguards and responsibilities. This is an important step but the result could have been more ambitious. With some other NGOs such as Human Rights Watch, Amnesty International, Access Now, we have analyzed the regulation, which is really a minimal basis. There are positive aspects, such as the obligation for EU authorities to publicly provide detailed information on which export licenses have been approved or denied and the risks to human rights, but the agreement does not provide explicit guidance and strict conditions for authorities and exporters of the Member States’.


As has emerged over the last few years, Italy also has its role: in 2019 a Wired investigation based on the reconstruction of the investigative journalism center Irpi revealed Exodus, a malware “that has jeopardized millions of bytes of secret and sensitive data, intercepting at least 393 telephones ”, developed by E-Surv, a company from Catanzaro. And even earlier, in 2016, the Privacy International report entitled The Global Surveillance Industry had identified 18 Italian companies, including some such as Hacking Team and Area that have become known to the media over time. In 2017, for example, Mise revoked Area’s export license to Egypt also following pressure from various Italian NGOs (Area is also mentioned together with the NSO in an Al Jazeera documentary entitled “Spy Merchants “). The market is also thriving in Italy, as well as throughout the world, considering that not everything has “emerged”. This is why it is even more complicated to meet international obligations to protect human rights: «There is still a lot to do in terms of broadening the definitions of cyber-surveillance. In short, this is a minimal basis “, explains Antonella Napolitano,” and a lot of responsibility goes to the member states in terms of implementation. Unfortunately, many of them have prioritized the interests of the surveillance industry even in the negotiation phase. Italy has historically been not very transparent on this issue. Investigations like this make the urgency of certain measures even more evident ».


Source: L'Espresso – News, inchieste e approfondimenti Espresso by espresso.repubblica.it.

*The article has been translated based on the content of L'Espresso – News, inchieste e approfondimenti Espresso by espresso.repubblica.it. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!