Sep 12, 2019

Spyware's human rights dilemma

Illustration: Aïda Amer/Axios

An announcement this week by a major spyware vendor that it aims to embrace human rights is forcing the industry, governments and civil society groups to consider whether the concepts of "human rights" and "spyware" can ever be reconciled.

The big picture: Government-grade spyware has always been abused. In June, David Kaye, the UN special rapporteur on freedom of opinion and expression, determined that commercial spyware had become so vast a problem that the world needs a moratorium on it, for companies and governments to figure out how to protect human rights.

  • Spyware from NSO Group, the Israel-based firm that announced the human rights initiative, was allegedly used by Saudi Arabia to spy on U.S.-based reporter Jamal Khashoggi, who was later killed by Saudi agents. Mexico also used NSO spyware to surveil government employees and researchers who backed a tax on soda.
  • But even well before NSO group became a major spyware player, other products — including Gamma's FinFisher and Hacking Team's Da Vinci and Galileo products — have been embroiled in human rights debates. Ethiopia allegedly used spyware to surveil journalists, Uganda allegedly targeted opposition political figures, and Morocco allegedly targeted activists.
  • Many other clients of spyware vendors have poor human rights records, including Azerbaijan, Venezuela, Uzbekistan and Sudan.

Yes, but: It's tough to prevent abuse without oversight. Spyware vendors are loath to surveil their own clients, meaning that reporting about potential human rights abuses either comes from victims lucky enough to figure out they were being watched or from the countries themselves.

  • "If they don't have a mechanism of looking over governments’ shoulders, I don’t see how this has any teeth," John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, which has done much of the research on NSO's alleged human rights abuses, told Axios.
  • Without that oversight, Scott-Railton isn't confident that any spyware could be safe for human rights. "If the question is, 'Is it possible to sell cyber weapons and assure they won’t be used for abuse,' I think it’s a contradiction in terms," he said.

Amnesty International has been a persistent thorn in NSO's side, even assisting a lawsuit to force Israel to ban NSO from exporting products. But Amnesty deputy program director Danna Ingleton is optimistic that there is a way for spyware companies to align with human rights.

  • "I think it must be possible," she said.
  • That doesn't mean NSO's current plan passed Ingleton's muster, yet (see item 2). But through due diligence before making sales to regimes, honest accounting of past actions, export rules that are more transparent and engagement with civil society groups, she believes a company like NSO could get ahead of the human rights issue.
  • NSO would have to be more open about its internal capabilities to flag human rights abuses as they happen. And governments would need to take an active role in restricting sales to dangerous countries.
  • "The onus is on the companies. If they can't protect human rights, they need to enact safeguards," she said. "And if it's an industry that can never be in line with human rights, it's up to the state to do what it needs to do."

The bottom line: The commercial spyware industry is not going to vanish — it's too ingrained in global intelligence and law enforcement. That might mean the only way to protect human rights is to adopt rules like those NSO has announced and make them work.

Go deeper

U.S. coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Andrew Witherspoon/Axios. This graphic includes "probable deaths" that New York City began reporting on April 14.

More than 62,300 U.S. health care workers have tested positive for the novel coronavirus and at least 291 have died from the virus, the Centers for Disease Control and Prevention reported on Tuesday. COVID-19 had infected about 9,300 health professionals when the CDC gave its last update on April 17.

By the numbers: More than 98,900 people have died from COVID-19 and over 1.6 million have tested positive in the U.S. Over 384,900 Americans have recovered and more than 14.9 million tests have been conducted.

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 11:00 p.m. ET: 5,589,626 — Total deaths: 350,453 — Total recoveries — 2,286,956Map.
  2. U.S.: Total confirmed cases as of 11:00 p.m. ET: 1,680,913 — Total deaths: 98,913 — Total recoveries: 384,902 — Total tested: 14,907,041Map.
  3. Federal response: DOJ investigates meatpacking industry over soaring beef pricesMike Pence's press secretary returns to work.
  4. Congress: House Republicans to sue Nancy Pelosi in effort to block proxy voting.
  5. Business: How the new workplace could leave parents behind.
  6. Tech: Twitter fact-checks Trump's tweets about mail-in voting for first timeGoogle to open offices July 6 for 10% of workers.
  7. Public health: Coronavirus antibodies could give "short-term immunity," CDC says, but more data is neededCDC releases guidance on when you can be around others after contracting the virus.
  8. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  9. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Updated 14 mins ago - Politics & Policy

World coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Axios Visuals

There are no COVID-19 patients in hospital in New Zealand, which reported just 21 active cases after days of zero new infections. A top NZ health official said Tuesday he's "confident we have broken the chain of domestic transmission."

By the numbers: Almost 5.5 million people have tested positive for the novel coronavirus as of Tuesday, and more than 2.2 million have recovered. The U.S. has reported the most cases in the world (over 1.6 million from 14.9 million tests).