Ali Al-Ahmed is the founder and director of the Institute for Gulf Affairs.
Dr. Matthew Hedges is a postdoctoral fellow at the University of Exeter.
the TechCrunch Global Affairs project explores the increasingly intertwined relationship between the technology sector and world politics.
Governments that buy spyware usually share a common excuse: the need to fight terrorists and other public safety threats. But we know that if autocratic regimes acquire state-of-the-art surveillance technology, they also want to use it against activists, Journalists, Academics, and other dissenting voices they see as a threat. Spyware programs – used to infect phones and other hardware without the owner’s knowledge, to track movement and steal information – are just as secure tools of repression as weapons.
There have been too many well-documented cases to ignore this basic 21st century reality. Yet companies continue to sell their spyware to despotic governments and, in some cases, claim not to know what will happen next. This trend has shaken the community of political dissidents around the world, placing them at greater and far worse risk of arrest.
We know because we used this technology. As naturalized Americans from Saudi Arabia and British academics, we count ourselves and many colleagues among the victims.
One of us, Ali Al-Ahmed, saw the Saudi government steal his personal data from Twitter in order to track down, imprison and torture his Twitter followers.
The other of us, Matthew Hedges, was a PhD student on a research trip to the United Arab Emirates when he discovered the authorities chopped his phone even before he got to the country. He was arrested in 2018, charged with espionage and initially sentenced to life imprisonment. He was finally held for six months handcuffed and fed debilitating drugs.
While these experiences continue to be painful for us, we live relatively safely in the United States and Great Britain. But our experiences are all too common. They highlight the ongoing, systemic abuse that authoritarian regimes inflict on people every day, in violation of international law and all principles of human rights.
By allowing despots to track citizens’ every move, spyware vendors make this type of ill-treatment possible. Dissidents around the world will have targets behind them until democratic governments crack down on companies that ignore this use of their goods.
It is time for democratic countries, including the United States, to act decisively to contain this abuse. Leading western democracies speak of the need to contain big tech. Yet, in the endless tug-of-war between government regulation and tech companies, “users have become the main victims,” like new report of Freedom House, a surveillance organization, put it. Too often, ordinary online citizens are vulnerable to being pirated by their own governments.
China and Russia get the lion’s share of the world’s public attention for government sponsored hacking and repression because of the sheer scale of their operations. But US allies like Saudi Arabia are often among the worst offenders.
For example, some of the most ruthless disagreement suppressors in the Middle East, including Saudi Arabia, the United Arab Emirates, and Bahrain, are buying spyware from Israel’s NSO Group. These governments have hacked into the phones of numerous human rights defenders and critics using NSO’s Pegasus software, often well beyond their own borders.
Sometimes the autocrats who run these regimes have purely personal motives, as in the case of Dubai’s ruler Sheikh Mohammed bin Rashid Al Maktoum. A British dish found that he used Pegasus to spy on his ex-wife and several of his children.
The public only learned of this because an officer from the NSO group called a prominent British lawyer late one evening to inform her of the surveillance. As dire as the Sheikh’s abuse of Pegasus was, more alarming is that the NSO Group knew he was using their technology for illegal purposes. In this instance, the executives felt exposed enough to whistle, but the company has not disclosed what it knows of other abuses by its customers.
The NSO Group is also not only known to sell spyware to police and intelligence agencies that violate human rights. The Israeli companies Candiru and Cyberbit are in the same business. Products of the German company Fin fisherman and the Italian company Hacking team (now renamed Memento Labs after a 2015 scandal) have also been linked to abuse.
NSO reportedly has its contracts with. quit Saudi Arabia and the United Arab Emiratessaid they abused Pegasus. But entrepreneurial self-assertion is not enough. Democratic governments must send a clear message to these companies: they face export bans and company executives face sanctions if their products are used to violate human rights.
Another important step would be for the US Department of Commerce and its counterparts in the UK, European Union and other democracies to expand the use of blacklists that restrict trade in companies that allow abuse. The Ministry of Commerce does contains NSO Group, Candiru, the Russian company Positive Technologies and the Singaporean company Computer Security Initiative Consultancy on its Entity List, which means that these companies cannot buy components from US sellers without a special license. But a broader global campaign of this kind could go further.
Finally, democratic countries should establish transparent, uniform rules for the use of spyware. Last week the White House hosted a virtual democracy summit of global leaders with the express aim of fighting authoritarianism and promoting human rights. If this coalition gets to work, spyware should be high on their agenda.
We have clearly entered a new era of electronic espionage and digital repression. Only through stronger regulatory and legal protection can democracies ensure their survival, free expression flourish, and protect the well-being of their citizens.
