Pegasus: Human rights-compliant laws needed to regulate spyware
The UN human rights chief on Monday said the apparent widespread use of Pegasus spy software to illegally undermine the rights of those under surveillance, including journalists and politicians, was “extremely alarming” and confirmed “some of the worst fears” surrounding the potential misuse of such technology.
July 21, 2021
By UN News
“Various parts of the UN Human Rights system, including my own Office, have repeatedly raised serious concerns about the dangers of authorities using surveillance tools from a variety of sources supposed to promote public safety in order to hack the phones and computers of people conducting legitimate journalistic activities, monitoring human rights or expressing dissent or political opposition”, said High Commissioner Michelle Bachelet in a statement.
According to reports, the Pegasus data leak allegations which surfaced through a consortium of media organisations over the weekend, suggests widespread and continuing abuse of the software, which the manufacturers insist, is only intended for use against criminals and terrorists.
The Pegasus malware infects electronic devices, enabling operators of the tool to obtain messages, photos and emails, record calls, and even activate microphones, according to the consortium’s reporting. The leak contains a list of more than 50,000 phone numbers which reportedly belong to those identified as people of interest, by clients of the company behind Pegasus, including some governments.
Surveillance software has been linked to the arrest, intimidation and even killing of journalists and human rights defenders, according to the senior UN official.
Reports of surveillance also trigger fear and cause people to censor themselves.
“Journalists and human rights defenders play an indispensable role in our societies, and when they are silenced, we all suffer”, she said, reminding all States that surveillance measures can only be justified in narrowly defined circumstances when necessary and proportional to a legitimate goal.
Given that Pegasus spyware, “as well as that created by Candiru and others, enable extremely deep intrusions into people’s devices, resulting in insights into all aspects of their lives”, the UN rights chief underscored, “their use can only ever be justified in the context of investigations into serious crimes and grave security threats.”
If recent allegations about the use of Pegasus are even partly true, she maintained that the “red line has been crossed again and again with total impunity”.
Companies developing and distributing surveillance technologies are responsible for avoiding human rights abuses, she said, and they must take immediate steps to mitigate and remedy the damage their products are causing, or contributing to, and carry out “human rights due diligence” to ensure that they no longer play a part in “such disastrous consequences” now, or in the future.
States also have a duty to protect individuals from privacy rights abuses by companies, she added.
One key step in this direction is for States to require by law that the businesses meet their human rights responsibilities by becoming more transparent in their design and use of products and by putting in place effective accountability mechanisms.
Better regulation key
Reports also confirm “the urgent need to better regulate the sale, transfer and use of surveillance technologies and ensure strict oversight and authorization.”
Governments should not only immediately stop using surveillance technologies in ways that violate human rights, but also “take concrete actions” to protect against such invasions of privacy by “regulating the distribution, use and export of surveillance technology created by others”, the High Commissioner said.
Without human rights-compliant regulatory frameworks, Ms. Bachelet upheld that there are “simply too many risks” that the tools could be used to intimidate critics and silence dissent.