How NSO Group’s Pegasus Spyware Threatens Human Rights
THE INVASIVE SPYWARE, BILLED AS A WAY TO FIGHT TERRORIST ACTIVITY, HAS BEEN USED BY GOVERNMENTS TO UNLAWFULLY SURVEIL ACTIVISTS, JOURNALISTS, AND OTHER PERCEIVED THREATS TO STIFLE DISSENT.
As the Pegasus Project continues to unveil the lengths governments will go to unlawfully monitor activists, journalists, and other perceived threats, Robert F. Kennedy Human Rights has written a briefing paper and FAQ below describing how the use of this spyware violates fundamental human rights and could have untold damage on civic space.
What is Pegasus?
Pegasus is a powerful type of mobile spyware that is nearly undetectable and doesn’t require the phone owner to click or interact with it to infect the device. Once on your phone, it can access your data, potentially including emails, text messages, photos, calls, location records, passwords, searches, videos, and social media.
Developed by Israeli company NSO Group, the Pegasus spyware has been billed as a way for governments to proactively fight terrorist and other criminal activity—and is supposed to only be used for this purpose. But an investigation by the Pegasus Project, a global media initiative, has identified at least 180 journalists and numerous other human rights defenders who were selected for possible targeting with Pegasus spyware.
How does this mass surveillance affect human rights, particularly civic space?
Governments using such spyware on individuals not only implicates their right to privacy but also their rights to freedom of expression and association. These rights are enshrined in international law by the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, UN Human Rights Committee documents, and the UN Guiding Principles on Business and Human Rights, as well as regional instruments that similarly oblige States to protect individuals from targeted surveillance such as the African Commission on Human and Peoples’ Rights and the Inter-American human rights system.
As the Office of the UN High Commissioner for Human Rights explained in a report, “the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association.”
Especially considering how Pegasus has now been associated with attacks on key targets, including the family members of murdered Saudi journalist Jamal Khashoggi and kidnapped and detained political activist Paul Rusesabagina, the threat of such pervasive surveillance software has become more alarming than ever.
What can be done to address this unlawful surveillance?
Most immediately, there should be independent oversight for both state and government surveillance activities, remedies for victims of unlawful surveillance, and greater transparency in the industry as a whole. We’ve already seen groups like Access Now, a leading voice in protecting and advancing digital rights, calling for these measures in India following news that the country was using Pegasus spyware. These demands aren’t new—human rights advocates have been calling for these measures for years. Former UN Special Rapporteur David Kaye recommended as early as 2019 establishing a public mechanism to oversee and approve surveillance technologies, recognizing the threat they posed.
However, as the news surrounding Pegasus and other spyware, such as Candiru, continue to reveal systematic human rights abuses, the recommendations of Kaye and others are becoming more urgent. RFK Human Rights will continue to join calls from Amnesty International and dozens of other human rights organizations for an immediate end to the sale and use of unlawful spyware as well as a thorough, independent investigation into cases of targeted surveillance.