For over a decade, manufacturers of government-grade spyware have responded to criticism by asserting that their surveillance tech is meant solely for use against dangerous criminals and terrorists, and only in specific, limited circumstances.
However, the evidence derived from numerous documented instances of spyware misuse worldwide indicates that neither of these claims holds true.
Time and again, journalists, human rights defenders, and politicians have been targeted in both authoritarian states and democratic nations. A recent case involves an Italian political consultant working with left-leaning politicians, now confirmed as the latest victim of Paragon spyware within the country.
This latest event underscores that spyware is extending far beyond what we’ve traditionally understood as “rare” or “limited” attacks aimed at just a few individuals.
“I believe there’s a fundamental misunderstanding in narratives surrounding who becomes a target of this type of government spyware, which assumes that if targeted, one must be Public Enemy Number One,” Eva Galperin, cybersecurity director at the Electronic Frontier Foundation and a long-time spyware researcher, told TechCrunch.
“In reality, due to the ease of targeting, governments have been observed using surveillance malware to monitor a wide spectrum of individuals, including relatively insignificant political rivals, activists, and journalists,” Galperin stated.
Several factors contribute to why spyware often ends up on devices of individuals who, theoretically, shouldn’t be targeted.
The primary reason is the way spyware systems operate. Typically, when an intelligence or law enforcement body procures spyware from a surveillance vendor — such as NSO Group, Paragon, among others — the government client pays an initial sum to obtain the technology, followed by smaller recurring fees for updates and technical assistance.
The initial fee is usually determined by the number of targets the government body can simultaneously monitor. A higher target capacity equates to a higher price. Previously leaked documents from the now-defunct Hacking Team reveal that some of its law enforcement and government clients could target anywhere from a small number of individuals to an unlimited number of devices concurrently.
While some democratic nations typically had fewer targets that they could monitor at any given time, it was common to observe nations with questionable human rights records possessing a very high number of simultaneous spyware targets.
Granting such a significant number of concurrent targets to nations with such strong desires for surveillance virtually guaranteed that these governments would target far more individuals beyond just criminals and terrorists.
Contact Us
Do you have more information about government spyware? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Over the years, Morocco, the United Arab Emirates (twice), and Saudi Arabia (multiple times), have been caught targeting journalists and activists. Security researcher Runa Sandvik, who aids activists and journalists vulnerable to hacking, maintains a constantly updated list of spyware abuse cases globally.
Another reason for the high incidence of abuse, especially in recent years, is that spyware — like NSO’s Pegasus or Paragon’s Graphite — makes it remarkably simple for government clients to successfully target whomever they choose. In essence, these systems act as consoles where police or government officials input a phone number, and the rest unfolds automatically.
John Scott-Railton, a senior researcher at The Citizen Lab who has investigated spyware firms and their abuses for a decade, noted that government spyware presents a “significant temptation for abuse” for government clients.
Scott-Railton asserted that spyware “must be regarded as the threat to democracy and elections that it truly is.”
The overall lack of transparency and accountability has also played a role in governments boldly employing this sophisticated surveillance technology without fear of repercussions.
“The fact that we’ve witnessed the targeting of relatively insignificant individuals is particularly alarming, as it reflects the government’s perceived impunity in deploying this exceptionally invasive spyware against opponents,” Galperin told TechCrunch.
Regarding victims obtaining justice, there’s some encouraging news.
Paragon made a very public declaration of severing ties with the Italian government earlier in the year, citing the country’s authorities’ refusal to accept assistance from the company in investigating alleged abuses involving its spyware.
NSO Group previously disclosed in court that it terminated contracts with 10 government clients in recent years due to misuse of its spyware technology, though it declined to specify which countries. It remains unclear if these include Mexico or Saudi Arabia, where numerous documented instances of abuse have occurred.
On the customer end, countries such as Greece and Poland have initiated investigations into spyware abuses. The United States, under the Biden administration, has targeted certain spyware manufacturers like Cytrox, Intellexa, and NSO Group by imposing sanctions on the companies — and their executives — and adding them to economic blocklists. Additionally, a coalition of primarily Western nations, led by the U.K. and France, are attempting to use diplomacy to curb the spyware market.
Whether these efforts will curtail or limit what is now a global multi-billion-dollar market remains to be seen, with companies more than willing to supply advanced spyware to governments with a seemingly insatiable desire to spy on virtually anyone they choose.
