Pegasus, Pandemics, and the Normalization of Surveillance
Pegasus, Pandemics, and the Normalization of Surveillance
It’s been over a week since major media outlets broke the story of Pegasus – a hacking spyware manufactured by NSO Group, an Israel-based spyware giant, used to target the cell phones of journalists, human rights activists, leaders, and their families and friends – and the public reaction from every day people has been an unsurprising mix of ‘so what?’ to ‘why should I care?’ to ‘I’m not surprised.’ World leaders, on the other hand, are finally realizing the limits to their own godly immunity. If there’s anything to be gleaned from the leak, it’s this: state leaders are as equally susceptible to the tyranny of surveillance as the rest of us. Of all the things that pose a threat to national security, this one is right up there.
Pegasus spyware is a special kind of menace because it uses zero-click attacks to break into cell phones, meaning the spyware can infect a device without any interaction required by the target. This is what makes zero-click attacks particularly insidious, and deliciously appealing for customers who want to surreptitiously collect information. Apple’s iMessage has been the most vulnerable to such attacks because of its extensions and integrations with third-party apps, which increases its vulnerabilities.
NSO Group is one of many Israeli-based surveillance companies that exclusively sells spyware to governments. This has been well-documented – but not widely reported. Indeed, Israel, the “Middle East’s ‘miracle’ democracy,” is paradoxically home to the largest number of surveillance companies (a 2016 Privacy International report counted 27 at the time), outnumbering even the US and the UK. The Privacy International report found that these companies have long been supplying authoritarian regimes with tools to spy on dissidents and journalists.
Privacy watchdogs, including Toronto-based research group Citizen Lab, have been warning us about these companies – including NSO Group, for years. In 2018, Citizen Lab published a ground breaking report detailing NSO Group’s spyware operations between August 2016 and August 2018. It found that Pegasus spyware was used in 45 countries – at least six of those countries have poor human rights records, including Bahrain, Mexico, United Arab Emirates, Saudi Arabia, Kazakhstan, and Morocco.
Two years later, Citizen Lab published a follow-up report detailing how Pegasus spyware was used to hack 36 mobile phones of journalists, anchors, and executives at Al Jazeera, including investigative journalist Tamer Almisshal and London-based journalist Rania Dridi.
An NSO spokesperson denied current claims, and maintains Pegasus spyware is only used by “vetted governments” to surveil terrorists and criminals. NSO claims it does not know what its customers do, who they hack, or what information their customers have. The company has since posted an update on their website titled ‘Enough is enough!’ writing they will no longer be responding to media requests.
Despite Edward Snowden’s attempts to boost this story, tweeting ‘This leak is going to be the story of the year,’ this story, too, received a lukewarm response. The public is over it.
When you consider the current climate, it’s no surprise why people don’t care.
The ‘once-in-a-century’ pandemic successfully normalized invasive surveillance measures, which the public eagerly adopted if it meant being better protected against Covid-19.
Similar justification was used post-9/11 to bolster public support for widespread surveillance legislation (see: Patriot Act), which still exists in various iterations 20 years later.
The justification for instituting draconian surveillance measures may be the same, i.e. under the guise of security, but the main difference today is the public response. Post 9/11, surveillance tools were deployed passively and largely without the public’s knowledge. The surveillance tools today require interaction from the user, i.e. downloading an app, which most people have been voluntarily doing. Never before have we seen this level of engagement of people voluntarily agreeing to be monitored.
After you go through something like this, the Pegasus leak barely registers in the collective psyche. And maybe that’s the point.
Some countries, like South Korea, are already feeling the social repercussions of surveillance. The South Korean government pulled information from credit card records, cell phones, CCTV, and combined it with personal interviews for contact tracing. The world praised South Korea for ‘crushing’ Covid-19, ‘cracking the code,’ and the ‘innovative’ ways the country curbed the spread. Initially, South Koreans were also widely supportive of their government’s response to the outbreak. Months later, there was a noticeable downturn in support as less than half of respondents viewed the government response positively. This coincided with the uptick in social stigma experienced by South Koreans as a result of these invasive surveillance tools. A research team at Seoul National University’s Graduate School of Public Health found that more South Koreans were fearful of social ostracization than of getting the virus.
In the West, there is more widespread agreeability and compliance. An Ipsos poll found that the majority of Canadians are in favour of using vaccine passports to travel, attend university, go to a concert, theatres, and museums. The majority of Canadians also support mandatory vaccinations. Seven out of 10 would take the vaccine without hesitation.
Elsewhere, digital apps are being used as a way to control movement.
In Britain, nightclubs and other venues will require patrons to present proof of full vaccinations. Patrons must download the NHS Covid Pass app to show vaccination status. In Greece, only those vaccinated can enter bars, restaurants, theatres, and other closed spaces. Visitors must download the government app COVID FREE GR to prove they are vaccinated, though Greece insists these are not ‘passports’ but ‘certificates.’
All around the world, digital tools are being used in various ways to monitor data and control access. Privacy experts have long warned that these digital tools are not easily reversible; they are often repackaged, and repurposed for other means. As always, their calls have been ignored.
By the time this leak was published, we’ve been already primed to accept the new normal of vaccine passports, QR codes, apps, biometric tracing, and other digital tools to monitor, categorize, and restrict our movements. The few who raise privacy and ethical concerns (Who can see our data? How long is it stored for? What will it be used for?) are socially stigmatized and labeled as a ‘conspiracy theorist’ – the new buzzword faux progressives dole out when anyone expresses the ability to think critically.
We’ve had over a year and a half of these measures, with very little consideration about how these technologies may exacerbate inequality, disproportionately target marginalized groups, normalize every day surveillance, and undermine personal autonomy and freedom of movement.
David Lyon’s 2003 book Surveillance after September 11 provides a comprehensive account of surveillance measures hastily passed after 9/11. In it, Lyon writes, “[…]The next step is to ask whether technology is serving democratically defined goals or undermining them. Or are technologies simply being removed from public oversight? Who is actually accountable for surveillance systems, and what are the democratic processes that establish this?”
Lyon prophesied that 9/11 would foment a culture of fear and suspicion, and that technology would be used to prey on these fears. Similar concerns arise today, and these concerns should not be hand waved away. The pandemic gives us an opportunity to reflect on the role of digital technology (Does it liberate us, or does it reduce us to a series of data points? Can we protect our privacy while also protecting our health?), our fragile fundamental rights (How will proof of vaccination affect those who cannot get vaccinated? What will a two-tiered society look like?), and so on. But these questions are not being asked nearly enough – and when they are, the person asking them is often dismissed, discredited, and their reputations are tarnished.
If things persist as they are, we will soon enter what Professor Reicher of the University of St. Andrews calls ‘social apartheid.’ The culture of fear and suspicion, amplified by the media, politicians, and professional opinion havers irresponsibly encourage us to be reactionary and distrustful of anyone who doesn’t toe the Covid-19 party line. Governments no longer need to establish measures to curb dissent, we do the work for them. This is the hallmark of a truly authoritarian society – and this should concern us all.
Please consider joining our Patreon community if you haven’t already! Patreon subscriptions and direct donations are our sole source of revenue.