Imagine a government with the power to spy on any critic, reporter or activist. A state with the capacity to extort or silence by tracking not just a person’s movements, but their conversations, contacts, photographs, notes and e-mails — the entire content of one’s digital life.
This might sound like something from dystopian fiction, but such targeted surveillance is a grim reality of the digital age. It is increasingly a tool of repressive governments to stifle debate, criticism and journalism.
Over and over, researchers and journalists have been uncovering evidence of governments, with the help of private companies, inserting malware through surreptitious means into the smartphones, laptops and other devices belonging to people they are seeking to suppress: people who play essential roles in democratic life, facilitating the public’s right to information.
It does not end there — sometimes surveillance ends with the targets in detention, under physical assault or even murdered.
Just last month WhatsApp sued an Israeli surveillance company, the NSO Group, in a US court. The case alleges that the messaging platform was compromised by NSO technology, specifically to insert its signature product — spyware known as Pegasus — onto at least 1,400 devices, which enabled government surveillance.
The NSO Group has rejected the allegation.
With Pegasus in their hands, governments have access to the seemingly endless amount of personal data in people’s pockets.
The University of Toronto’s CitzenLab has found that the Pegasus spyware is used in 45 countries.
The global surveillance industry — in which the NSO Group is just one of many dozens, if not hundreds, of companies — appears to be out of control, unaccountable and unconstrained in providing governments with relatively low-cost access to the sorts of spying tools that only the most advanced state intelligence services were previously able to use.
The industry and its defenders say this is a price to pay for confronting terrorism.
Some liberty must be sacrificed to protect people from another attack such as was seen on Sept. 11, 2001, they say.
As one well-placed person claimed to me, such surveillance is “mandatory,” and what is more, it is “complicated, to protect privacy and human rights.”
All I can say is: Give me a break.
The companies hardly seem to be trying — and, more importantly, neither are the governments that could do something about it.
Governments have been happy to have these companies help them carry out this dirty work.
This is not a question of governments using tools for lawful purposes and incidentally or inadvertently sweeping up some illegitimate targets. This is using spyware technology to target vulnerable yet vital people whom healthy democracies need to protect.
On the surface, it seems that constraining the global spyware industry could be impossible. The companies operate in an environment that brings together the shadowy worlds of intelligence and counter-terrorism, which are notoriously difficult for outsiders to penetrate or regulate.
Many say that constraining exports of such software would be folly, since Chinese surveillance companies would step in where Western companies bow out.
These are obstacles, but they are not arguments to avoid what has to be done to protect human rights. The push toward genuine reform must begin now, it must be global and it should involve the following steps.
First, governments must control the export of spyware. There are already existing frameworks to restrict the export of technology that has military as well as commercial use. The most relevant, the Wassenaar Arrangement, should be updated to go beyond “dual-use” technology, and cover spyware that is used to attack human rights.
In turn, all governments would have to commit to implement globally agreed export controls.
For now, there is only one effective response in the face of such rampant abuse: Stop all sales and transfers of the technology.
In a report I presented to the UN in June, I called for an immediate moratorium on the transfer of spyware until viable international controls are in place. It is time for a genuine campaign to end unaccountable surveillance.
Second, companies must implement effective controls on their own technologies. The NSO Group, to its credit, has committed to observing the UN guidelines for businesses and human rights, but effective control means more than self-regulating policies. It means disclosure of clients and uses of technology, strict rules against misuse to violate human rights, regular monitoring and kill switches where rights are violated.
It also requires commitments from the companies not to transfer their technology to persistent human rights offenders nor to countries that lack rule-of-law controls on surveillance — and a refusal to support the use of the spyware for illegitimate purposes. These controls should be backed up by government sanctions for misuse.
Third, it is exceedingly difficult for the victims of spyware to hold governments, or the complicit companies, accountable for abuse and misuse.
Governments should make such legal actions possible, changing their laws to enable claims against companies or governments that are responsible for illegal surveillance — a kind of universal jurisdiction for lawsuits to control the spread of this pernicious technology.
There are few better examples of the dark side of the digital age than the private surveillance industry and its tools of repression. It is well past time to bring it under control.
David Kaye is a law professor at the University of California, Irvine, and the UN special rapporteur on freedom of expression.
Chinese state-owned companies COSCO Shipping Corporation and China Merchants have a 30 percent stake in Kaohsiung Port’s Kao Ming Container Terminal (Terminal No. 6) and COSCO leases Berths 65 and 66. It is extremely dangerous to allow Chinese companies or state-owned companies to operate critical infrastructure. Deterrence theorists are familiar with the concepts of deterrence “by punishment” and “by denial.” Deterrence by punishment threatens an aggressor with prohibitive costs (like retaliation or sanctions) that outweigh the benefits of their action, while deterrence by denial aims to make an attack so difficult that it becomes pointless. Elbridge Colby, currently serving as the Under
The Ministry of the Interior on Thursday last week said it ordered Internet service providers to block access to Chinese social media platform Xiaohongshu (小紅書, also known as RedNote in English) for a year, citing security risks and more than 1,700 alleged fraud cases on the platform since last year. The order took effect immediately, abruptly affecting more than 3 million users in Taiwan, and sparked discussions among politicians, online influencers and the public. The platform is often described as China’s version of Instagram or Pinterest, combining visual social media with e-commerce, and its users are predominantly young urban women,
Most Hong Kongers ignored the elections for its Legislative Council (LegCo) in 2021 and did so once again on Sunday. Unlike in 2021, moderate democrats who pledged their allegiance to Beijing were absent from the ballots this year. The electoral system overhaul is apparent revenge by Beijing for the democracy movement. On Sunday, the Hong Kong “patriots-only” election of the LegCo had a record-low turnout in the five geographical constituencies, with only 1.3 million people casting their ballots on the only seats that most Hong Kongers are eligible to vote for. Blank and invalid votes were up 50 percent from the previous
Japanese Prime Minister Sanae Takaichi lit a fuse the moment she declared that trouble for Taiwan means trouble for Japan. Beijing roared, Tokyo braced and like a plot twist nobody expected that early in the story, US President Donald Trump suddenly picked up the phone to talk to her. For a man who normally prefers to keep Asia guessing, the move itself was striking. What followed was even more intriguing. No one outside the room knows the exact phrasing, the tone or the diplomatic eyebrow raises exchanged, but the broad takeaway circulating among people familiar with the call was this: Trump did
RSS