Governments want access to people’s devices. But should they be able to do so?
An investigation by a consortium of global media outlets on Sunday revealed that countries across the world, including Hungary, Mexico and Saudi Arabia, are using military-grade spyware to hack the smartphones of dozens of journalists, lawyers and human rights activists.
The revelations — that technology designed by the Isreali firm NSO Group was used by the likes of Hungary’s Victor Orban to hack opponents’ phones — comes at an awkward time for the European Union.
Why? Because policymakers across the bloc are pushing for access to people’s encrypted messages.
In December, national capitals urged the EU to step up efforts to allow law enforcement to gain “lawful access” to encrypted communication, supposedly to catch criminals. The same month, the EU’s police force, Europol, launched a new platform to help national police authorities crack encryption for criminal investigations.
In the United Kingdom, the country’s Home Secretary Priti Patel linked arms with child protection groups to launch a new attack on end-to-end encryption, mirroring a push on the Continent to allow law enforcement access to online platforms to fight child sexual abuse. Similar pushes are also underway in the United States and Australia.
The push has pitched national governments against tech companies which argue that giving authorities access to their platforms via so-called backdoors undermines their users’ privacy.
The firms and privacy campaigners warn that if you allow some governments to access this encrypted information, it will open the door to let in authoritarian regimes and other actors with more nefarious motives.
Will Cathcart, head of Facebook’s WhatsApp messaging services, said the so-called Pegasus project revelations — named after the NSO Group software used to hack phones — is a “wake up call for the security of the internet.”
“To those who have proposed weakening end-to-end encryption: deliberately weakening security will have terrifying consequences for us all,” he said in a post on Twitter.
The scandal may mark a blow against governments’ arguments that they should be given backdoors into people’s devices to fight crime and terrorism. Critics have long said that such backdoors could be abused by authoritarian regimes or private security contractors by creating security weaknesses that could be exploited by bad actors.
“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology,” said Agnès Callamard, secretary general of Amnesty International, the non-profit organization that helped to make public the NSO Group’s surveillance.
“While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations,” she said.
Sunday’s revelations shed light on what those consequences could look like.
Among those targeted for hacking were two women connected to murdered Saudi journalist Jamal Khashoggi and Cecilio Pineda Birto, a Mexican journalist killed in 2017. The phone numbers on the devices targeted for hacking also included hundreds of world leaders, business executives, activists and other journalists. Thousands of other numbers were not immediately identified, with the largest number of those being for Mexican phones.
Most worrying for the EU were reports that Victor Orban’s government in Hungary used the Pegasus software to target investigative journalists and people close to one of the country’s last remaining independent media owners.
Pegasus enables the attacker to view all content on a phone, including messages from apps with end-to-end encryption, photographs and GPS location data. It can also turn the device into an audio or video recorder.
NSO group rejected the conclusions of the investigation. “Your sources have supplied you with information that has no factual basis, as evidenced by the lack of supporting documentation for many of the claims,” it said in a statement to the outlets that did the investigation.
201 total views, 2 views today