The Washington PostDemocracy Dies in Darkness

Opinion Democracies shouldn’t surrender to a future of limitless surveillance

A branch of the Israeli company NSO Group near the southern Israeli town of Sapir, on Aug. 24, 2021. (Sebastian Scheiner/AP)
Placeholder while article actions load

“Almost all governments in Europe are using our tools.” This boast from the chief executive of Israeli spyware company NSO Group reveals the extent to which surveillance software has become the world’s weapon of choice. Contrary to the popular narrative, it’s not only authoritarian regimes that rely on third-party tools for high-tech snooping, but democracies, too. Abuses abound, and the need for global regulation is clear.

Ronan Farrow reports for the New Yorker that NSO’s much-publicized links to repressive governments are only half the story. Germany uses the firm’s ultra-intrusive Pegasus tool; so does Poland; so does Belgium, though without admitting it. The FBI has even tested Pegasus, though it denies having deployed it. And a report from the University of Toronto-based research group Citizen Lab reveals that at least 65 individuals in Catalonia with links to the separatist movement saw their devices infected with spyware — including every single member of the European Parliament who voted for Catalan independence. In some cases, their family members became targets, too. “Strong circumstantial evidence” suggests a connection to Spanish authorities.

These revelations follow investigations in The Post and elsewhere about governments harnessing spyware to go after journalists, opposition figures and more. Notoriously, Pegasus infected the phones of associates of Post contributing columnist Jamal Khashoggi shortly before his murder under the apparent approval of Saudi Crown Prince Mohammed bin Salman. When democracies engage in violations of civil liberties as flagrant as appears to have occurred in Catalonia, they deserve condemnation. But even when they use spyware with judicial approval or legal justification, they’re still doing damage by lending legitimacy and financial support to a product exported far and wide for all kinds of malfeasance. They might also be undermining their own national security: Citizen Lab discovered that in 2020, Pegasus compromised a device connected to a network at 10 Downing Street, the office of British Prime Minister Boris Johnson.

Instead, democracies should be trying to create incentives for companies and countries that want to sell or use these tools to do so responsibly. The only solution to the unchecked proliferation of NSO-style tools is for states committed to protecting civil liberties to band together to write some rules. Countries that are home to spyware companies should agree to deny licenses for export to any destination with a record of abuse, or without a framework to protect human rights. Similarly, these countries should vow not to import spyware from the same set of places. The point isn’t that no form of spyware should ever be used to track down terrorists, or to engage in legitimate spying against foreign targets. It is that spyware’s use should be governed by the rule of law — and limitations imposed to prevent abuse, especially domestically.

Already, the worst offenders of civil liberties such as China and Russia are selling their own spyware around the world. Democracies shouldn’t surrender to a future of limitless surveillance; they should fight for a better one.