Subscribe to Here’s the Deal, our politics
newsletter for analysis you won’t find anywhere else.
Thank you. Please check your inbox to confirm.
Teresa Cebrian Aranda
Teresa Cebrian Aranda
Leave your feedback
The use of commercially developed spyware that allows governments to hack a phone and steal its data is booming. Earlier this year, the Biden administration banned federal agencies from using commercial spyware that poses risks to human rights and national security. But as Nick Schifrin reports, spyware is thriving and has already targeted journalists, dissidents and politicians around the world.
The use of commercially developed spyware that's allowed some governments to hack into phones is booming.
Earlier this year, the Biden administration banned federal agencies from using commercial spyware that the U.S. assesses poses human rights or national security risks.
But, as Nick Schifrin reports, some of the most powerful surveillance technology has already targeted journalists, dissidents and activists around the world.
The Saudi advocate who fought the government to gain a woman's right to drive, the Mexican journalist who reported on government corruption…
It can turn your microphone on.
… the fiancee of a murdered Saudi critic, and the reporter whose newsroom exposed El Salvador's drift into authoritarianism.
Roman Gressier, El Faro English:
I felt violated. It's a feeling that many around the world have expressed when they have been targeted with these tools.
Those tools are commercial spyware, including one named Pegasus from the Israeli firm NSO Group. They can secretly steal all of a phone's data, location, messages conversations, social media.
They have been installed on the phones of government officials, dissidents and journalists around the world, including Roman Gressier.
If gives you unfettered access to a device. There's no corner of your phone, there's no stone unturned for Pegasus. And this breaks through all of the security.
How was your phone infected with Pegasus?
I'm pretty convinced that I didn't click on a link. Somebody had access to even information on doctor's appointments. That was very challenging for me personally.
Gressier moved to El Salvador in January 2021 and reporter for El Faro English, an investigative news outlet.
They revealed President Nayib Bukele's consolidation of power, alleged corruption and a secret truce with criminal gangs. Bukele and his government disparaged the stories and attacked the storytellers. An investigation by the organizations Citizen Lab and Access Now concluded at least 35 individuals from media organizations and two independent journalists were hacked with Pegasus.
The investigation also said: "There is a range of circumstantial evidence pointing to a strong El Salvador government nexus."
I definitely agree with the opinion of El Faro's editorial board, which is that the Salvadoran government is, by any and all indicators, responsible.
Ronald Deibert Founder, Citizen Lab:
So this is, if you think about it, almost godlike powers that have been developed by these sophisticated surveillance firms and put into the hands of some of the most ruthless, despotic leaders around the world.
Ron Deibert is the founder and director of Citizen Lab, the Canadian cybersecurity research group that exposed the El Faro and other hacks.
U.S. officials say at least 50 U.S. government employees working overseas in at least 10 countries were targeted by commercial spyware. And a massive leak in 2021 revealed some 50,000 potential victims of Pegasus in 50 countries.
The use of spyware has really exploded over the last decade. One minute, you have the most up-to-date iPhone, it's clean, sitting on your bedside table, and then, the next minute, it's vacuuming up information and sending it over to some security agency on the other side of the planet.
Joe Biden, President of the United States: Earlier this week, I signed an executive order here.
But it's not only foreign governments. The Biden administration has launched guardrails around the use of commercial spyware by the United States.
U.S. taxpayer dollars should not, should not support companies that are willing to sell their products to abet human rights violations.
The March executive order bans U.S. federal agencies from using commercial spyware that's been employed against activists, used to track Americans, or sold to governments that systematically repress.
From the perspective of companies in this industry, the United States market is the pot of gold at the end of their rainbow. This executive order really deals a significant blow to some of these firms' aspirations.
But other experts aren't so sure.
Stewart Baker, Former General Counsel, National Security Agency:
That's not a problem that can be solved just by the U.S. or even by the U.S. and a few like-minded countries.
Stewart Baker is a former general counsel for the National Security Agency with three decades of intelligence community experience.
He says, the executive order won't prevent authoritarian governments from using commercial spyware.
There are countries who need these tools or think they need these tools are going to go looking for them. The Chinese have plenty of people, plenty of companies that would be glad to fill any gap that is created in the market by Western companies getting out.
The U.S. has also imposed export controls to stop foreign spyware firms from using U.S. technology. And the intelligence community has now limited former intelligence officials' ability to work for foreign spyware companies.
In 2021, former intelligence and military officials paid the U.S. government a fine for helping the Emirati firm DarkMatter creates spyware.
You want to make sure that your investment in personnel and resources doesn't end up being used in ways that will contribute to human rights violations abroad or, more importantly, turn around and bite you in the back.
But what the executive order doesn't do, ban spyware entirely or commit the U.S. to helping companies find phone vulnerabilities that spyware exploits.
Do you believe the administration should go even further and issue guidance that would require all agencies of the U.S. government not to exploit the vulnerabilities, but instead to help the companies patch them?
I absolutely think there should be an obligation written into law that this is a requirement. And then you can build in exceptions.
But the U.S. intelligence community uses those vulnerabilities in the phones' operating systems to spy on enemies.
They're immensely important, because they get you into communications that are deeply targeted on a particular person. There are usually a lot of vulnerabilities to choose from. Any one of them can be picked to turn into a kind of Pegasus.
If you're told, no, we can't use that Pegasus because we have now insisted on having that particular vulnerability patched, all that will happen with other countries is, they will say, fine, that was patched, but there were dozens of vulnerabilities. We will pick a different one, and then we will spend money to develop it into a full-fledged piece of spyware.
As for Gressier, he wants accountability against the commercial spyware Pegasus and the government that weaponized it against its critics. He's joined the first case brought by journalists against NSO Group in a U.S. court.
Unless a court steps in to order them to take significant measures to investigate and rectify some of these harms, they will not do it.
It's not an El Salvador issue, in particular. It's not even a Central American issue, in and of itself. It's a global issue. And it's one that we see ourselves as deeply embedded in.
One that experts call a pandemic of spyware abuse that's already spread across borders.
For the "PBS NewsHour," I'm Nick Schifrin.
Watch the Full Episode
Nick Schifrin is the foreign affairs and defense correspondent for PBS NewsHour, based in Washington, D.C. He leads NewsHour's foreign reporting and has created week-long, in-depth series for NewsHour from China, Russia, Ukraine, Nigeria, Egypt, Kenya, Cuba, Mexico, and the Baltics. The PBS NewsHour series "Inside Putin's Russia" won a 2018 Peabody Award and the National Press Club's Edwin M. Hood Award for Diplomatic Correspondence. In November 2020, Schifrin received the American Academy of Diplomacy’s Arthur Ross Media Award for Distinguished Reporting and Analysis of Foreign Affairs.
As the deputy senior producer for foreign affairs and defense at the PBS NewsHour, Dan plays a key role in helping oversee and produce the program’s foreign affairs and defense stories. His pieces have broken new ground on an array of military issues, exposing debates simmering outside the public eye.
Support Provided By: