The Impact of Spyware
This report reveals how companies based in economically developed and largely democratic states are profiting from exporting highly invasive digital surveillance technologies to repressive regimes where its misuse is likely.
We analyzed almost 100 reports and articles published since 2015 to provide a comprehensive view of this largely unrestricted and highly secretive market for technology used to hack and spy on individuals’ personal devices. The findings demonstrate the need for meaningful regulation and increased transparency within the sector.
Our goal with this investigation was to try to quantify the impact of this intrusive technology in order to raise public awareness of the serious infringements of individuals’ digital privacy. Our hope is that democratic governments more tightly regulate these spyware companies operating under their jurisdiction.
We found that 74 governments around the world have purchased and/or used invasive spyware technology manufactured by 18 companies since 2015. Europe, the U.S., and Israel are home to 78% of these companies.
Their customers are predominantly repressive regimes looking for new ways to control the flow of digital information and stifle dissent. Less than 10% of suspected customers are considered full democracies by the Economist Intelligence Unit (EIU).
The technologies discussed in this report can all secretly monitor someone’s digital activity from afar. They range from highly sophisticated and expensive exploits such as NSO’s “zero-click attacks” to those that exploit widespread vulnerabilities in telecommunication protocols.
The impact of these tools on civil society is increasingly well known, with the likes of NSO Group becoming household names due to their alleged role selling invasive tech to repressive regimes that use them to track down and silence dissidents. Despite growing evidence, most of the companies named in this report have vehemently denied enabling human rights abuses.
The most recent revelation regarding NSO Group’s spyware unearthed over 50,000 individuals’ phone numbers that were allegedly identified as potential targets by NSO’s clients since 2016. The target list contained the phone numbers of politicians, journalists, activists, doctors and academics in countries including India, Hungary and Saudi Arabia.
“The private surveillance industry is a free-for-all… States and industry are collaborating in the spread of technology that is causing immediate and regular harm to individuals and organizations that are essential to democratic life” – David Kaye, former UN Special Rapporteur on Freedom of Expression
The true number of those impacted by spyware is almost impossible to determine, particularly given that many people will fall victim to the technology and not notice.
Our research reveals that at least 3,111 individuals that have been affected. While their precise identities are often concealed due to security concerns, many of those identified are prominent figures that play an important role in defending freedom of expression and promoting human rights.
Activists and dissidents were the most frequently targeted, followed by government officials and journalists. We also discovered that spyware had been used to hack the devices of individuals across nation state boundaries at least 85 times, including the targeting of Rwandan political figures based in Belgium.
This report shows that despite repeated criticisms and attempted regulation, the commercial spyware industry continues to grow unabated. Estimated to be worth $12 billion, it is clear more needs to be done to reign in the industry to protect human rights and safeguard freedom of expression.