Dear Reader,

Today The Washington Post is joining news organizations across the globe to bring you an important story. Digital surveillance pervades our society, and new technologies offer more power than ever to track every aspect of our daily lives. The danger of abuse has never been greater. In most countries, there are no effective rules or standards limiting private companies that sell surveillance technology to governments or others.

That is why we have devoted extraordinary resources to joining the Pegasus Project.

The project was conceived by Forbidden Stories, a Paris-based journalism nonprofit, which, along with Amnesty International, a human rights group, had access to records that formed the basis of our reporting: a list of more than 50,000 cellphone numbers concentrated in countries known to surveil their citizens and also known to have been clients of NSO Group, a private Israeli firm that is a worldwide leader in the field of private surveillance. NSO is the developer of Pegasus, a powerful spyware tool, and says it has 60 government agency clients in 40 countries, which it will not name. The company says that it licenses its software only to vetted governments and that Pegasus is meant to be targeted at criminals — drug dealers, terrorists, pedophiles — not ordinary citizens.

NSO says it does not operate the software it licenses. It maintains that it follows the highest ethical standards and monitors its clients for human rights violations. Nevertheless, the Pegasus Project examined the numbers on the list to identify dozens of smartphones belonging to journalists, human rights activists and others that were infected or subjected to attempted penetrations by NSO software. Although the purpose of the list could not be conclusively determined, it is a fascinating document. Out of the more than 1,000 identities that could be confirmed, there were at least 85 human rights activists, 65 business executives, several members of Arab royal families, 189 journalists, and 600 government officials and politicians, spread across more than 50 countries. The journalists include investigative reporters who have crusaded against government corruption while the politicians include leading opposition figures in countries with authoritarian leaders. Several heads of state and prime ministers were on the list.

Forbidden Stories and Amnesty International had access to the list. Based on our reporting with the consortium, we are confident that the material provides accurate and revelatory insight into the pervasiveness of private surveillance.

Your support is essential
Without subscribers, we wouldn’t be able to uncover the facts and bring you groundbreaking reporting like this.

More than 80 journalists from Forbidden Stories, Le Monde, Süddeutsche Zeitung, Die Zeit, The Washington Post, the Guardian, Daraj, Direkt36, Le Soir, Knack, Radio France, the Wire, Proceso, Aristegui Noticias, the Organized Crime and Corruption Reporting Project, Haaretz and PBS Frontline took part in this investigation. The journalists spent months reporting and interviewing on four continents. Amnesty’s Security Lab did the analysis on the smartphones.

Citizen Lab, an independent research group at the University of Toronto that has specialized in tracking Pegasus infections over the past several years, reviewed Amnesty’s forensic methods and data from four cellphones and endorsed Amnesty’s analyses.

NSO says the list of more than 50,000 numbers probably shows nothing more than the innocent gathering of data for business purposes, not surveillance. It says the Pegasus Project’s findings are flawed and baseless. It cites confidentiality obligations in not identifying its clients and says it does not know the specifics of their intelligence gathering.

One of the experts we quote in our report states the problem plainly: “Humanity is not in a place where we can have that much power just accessible to anybody.”

The Post is proud to take part in reporting that brings such information to light.


Sally Buzbee