Spyware — powerful software that can be used by authorities to catch bad guys by monitoring their internet traffic, can also be grossly abused by authoritarian governments and other bad actors.
In the former case, spyware was used to catch and convict notorious Mexican drug lord “El Chapo” in the latter, it was used to track, capture, and eventually brutally murder Washington Post columnist Jamal Khashoggi.
The two instances had one thing in common — a formidable spyware program developed by the Israelis known as “Pegasus.”
Spyware such as Pegasus is a double-edged sword — it can be a powerful national security tool but also a way for authoritarians to abuse and violate privacy and civil rights across the globe.
However, cyber experts say that the Biden administration has done little or nothing to stop such abuses and any discussion of spyware was conspicuously absent from President Biden’s agenda during his recent trip to Israel, a key player in the cyber- surveillance ecosystem.
Surveillance software is common in the spy-on-spy games that states play in cyberspace. But it’s also routinely used to surveil journalists, human rights activists, and political opposition and dissidents. Researchers at Citizen Lab have linked the NSO Group’s Pegasus spyware alone to numerous civil and human rights violations. For example, similar to how Saudi Arabia tracked Khashoggi, the United Arab Emirates used the Pegasus software to hack the phone of civil rights activist and government critic Ahmed Mansoor. Prior to being jailed by the regime, Mansoor had his phone and email accounts infiltrated, his location monitored, and his passport taken from him.
And if you think it is just the autocrats that are guilty of using such programs to spy on their own citizens, think again!
Democracies also have engaged in digital “Orwellian” practices using spyware. Democratic backsliders such as Poland and Hungary have utilized Pegasus to spy on journalists and domestic political opposition. But they’re not the only ones to use Pegasus spyware for non-democratic ends; governments in Greece, Mexico, and Panama have been suspected of using the software to surveil political opponents and members of the media. Even in Spain, a consolidated democracy, forensic researchers cannot determine whether Moroccan actors or the Spanish government itself deployed Pegasus to spy on the Basque and Catalan political figures and civil society groups.
The experts say that the White Houses’ current method of trying to curtail abuse of Pegasus — blacklisting companies as the need arises and relying on US tech giants to police themselves and shape the market with lawsuits is neither sustainable nor strategic. It is reactive, domestically focused, and does nothing to project American values or security interests internationally.
The Biden administration must be more proactive towards firms like NSO Group, DarkMatter in the United Arab Emirates, and European companies like Nexa Technologies and Trovicor, all of which distribute Pegasus and related spyware to aspiring and established authoritarians. Russia and China are also more than happy to export digital surveillance tools to countries that cannot develop their own.
Worse yet, the Biden administration lacks a formal national cybersecurity strategy. In the absence of defining ends and means for combating spyware abuse, the Biden administration will continue to let authoritarian impulses shape an important digital market at the expense of democratic values and US security interests.