An Israeli company called NSO Group has created a spyware tool called Pegasus that gives its users an extraordinary ability to surveil and steal secrets from anyone who carries a smartphone. Investigative reports and advertising materials from NSO reveal that Pegasus can listen to phone calls and voicemails, track the phone owner’s movement and current location, steal passwords, and collect emails, videos and browsing history. It can even activate cameras or microphones on the target’s phone to capture new images and make new recordings.
The phone can be infected without its owner touching it, and even the Apple security protections built into newest-generation iPhones can’t always catch it, according to a report from The Washington Post, Amnesty International and other watchdog groups.
The software is supposed to be targeted at criminals, terrorists and other potential menaces to society. But an investigation led by Amnesty and Forbidden Stories, a Paris-based nonprofit organization, has found that government clients of NSO have used Pegasus to hack at least 37 phones belonging to journalists and activists over the past five years. NSO’s head Shalev Hulio has said he’s upset that his firm’s clients would do such a thing, though he denies the charge that NSO is connected to a list of 50,000 potential targets listed in the Forbidden Stories/Amnesty report. NSO acknowledges that it has 60 government customers in 40 countries.
Several of these countries already face political fallout. Not surprisingly, Israel’s government faces reputational damage. NSO Group is not part of its state security services, but the group was founded by former Israeli government hackers who moved into the private sector, and its ongoing relationships with the country’s security services are a source of embarrassment. Many US tech companies face pressure from their own employees to refuse cooperation and contracts with firms that abuse personal privacy and the governments that allow them to operate.
The government of Saudi Arabia faces charges that it used NSO spyware to surveil people close to murdered Saudi journalist Jamal Khashoggi and the official Turkish state investigation of the crime in Istanbul. This Pegasus news puts that story back on front pages even as Crown Prince Mohammed bin Salman, who is suspected of sanctioning the murder, tries to improve relations with Israel. The Saudi government also stands accused of using Pegasus to target Saudi activists who live and work in other countries.
In India, a deadly surge of Covid-19 has already damaged Prime Minister Narendra Modi’s once-sturdy political standing, and charges that India’s government has used Pegasus to spy on opposition leaders, business leaders, reporters and foreign diplomats will only make matters worse. As India recovers economically and jobs are created, Modi will succeed in limiting the political damage, but mistrust among the government, opposition and local leaders has rarely been higher.
In Mexico, the Pegasus controversy feeds a cynicism that the government will violate the privacy of opposition politicians and journalists whenever it thinks it can get away with it. The administration of the previous president, Enrique Pena Nieto, was accused of spying on reporters administration between 2012 and 2018. It now appears that Mexico’s current president, Andres Manuel Lopez Obrador, was also surveilled during that period, a charge that could boost his popularity at a time when he threatens to become a lame duck. (He’s now in the second half of the single term he’s allowed under Mexico’s constitution.)
But the significance of this story extends beyond the fallout in these individual countries. We can’t be surprised that Pegasus and future, even-more-sophisticated, versions of it, can be targeted at people that most of us would not consider risks to public safety. (Threat, like beauty, is in the eye of the beholder.) But the speed at which tech companies become independent actors in international politics should have our attention. The only interests these companies have are their own and those of their shareholders.
The true threat is not simply that dictatorships can spy on journalists and potential political enemies. That’s a very old story. It’s that, as the tech tools become more effective, they can become an ordinary part of the daily grind of politics. With the powers of intimidation they provide, they can be used not just to protect autocrats, but to advance new rules and regulations that restrict freedom and opportunity in ways at first too mundane for most of us to notice or care about.
That’s why we should worry that the spyware – and its incremental effects on our lives and politics – continue to fly under the radar.
Ian Bremmer is the president of Eurasia Group and GZERO Media and author of “Us vs Them: The Failure of Globalism.”