Spyware like Pegasus is a threat to press freedom

“Technological developments like spyware must be accompanied by laws and policies that restrict its use so authoritarian leaders and repressive governments cannot use surveillance software to further enable attacks on independent media and journalists who are doing their job,” says Line Grove Hermansen, IMS Head of Communications.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones. The Israeli company behind the software, NSO group, insists that the Pegasus software is only intended for use against criminals and terrorist. Yet at least 180 journalists are believed to be possible targets, which could in consequence provide direct access to sources, investigations and confidential discussions for those seeking to obstruct the freedom of the press.

The fact that a journalist appears on the list does not confirm that the person has been or will be under surveillance. However, forensics analysis confirms that more than half of the numbers on the list, which has been examined so far showed traces of the Pegasus spyware. Until now, only a small number of phones have been analysed, but other strong indicatives of misuse and surveillance are the accounts by journalists and human rights defenders who have experienced that information from confidential conversations were suddenly available to government officials or that they were physically followed at times when no one outside their closest circles knew their location.  

“Even though much is still under investigation in the Pegasus case, it should be a global wake-up call. It is deeply worrying that governments known for targeting journalists and free media can buy access to this type of unregulated tools. It is crucial for the safety of journalists as well as for the protection of basic human rights like freedom of expression and access to information that sale, transfer and use of surveillance technology is controlled by a human rights-compliant regulatory framework,” underlines Line Grove Hermansen.

The data leak findings reveal links to the Hungarian government of Viktor Orbán’s so-called war on media, surveillance of close associates of the murdered Washington Post journalist JamalKhashoggi in the months following his death by Saudia Arabia and the UAE and the Mexican investigative journalist Cecilio Pineda Birto, who was murdered in 2017.

The leak contained lists of more than 50.000 phone numbers from more than 45 countries over four continents. These numbers are suspected to be possible surveillance targets of the Pegasus spyware, which at least 10 governments are suspected of purchasing and adding numbers to: Azerbaijan, Kazakhstan, Bahrain, Mexico, Morocco, Rwanda, Saudi Arabic, Hungary, India and the United Arab Emirates (UAE).

Investigations of the Pegasus data leak have been conducted by a reporting consortium, The Pegasus Project, consisting of Amnesty International, Forbidden Stories, The Guardian and 16 other media outlets – among other IMS partner Daraj. Read co-founder and CEO of Daraj Alia Ibrahim’s reflections on the work here.

“The Pegasus Project in itself is underlining the importance of independent media. The critical work of the Pegasus Project consortium has brought the story to light, connected the dots and revealed violations that could otherwise have been kept secret from the public. Good journalism can change laws, protect human rights and provide the basis of well-functioning democracies,” says Line Grove Hermansen.

Please find an overview of the ongoing investigations here.

Please find a list of recommendations for government and companies by CPJ here.