By Caesar Keluro
The pegasus spyware scandal, in which Amnesty International reported the surveillance of 50,000 phone numbers by NSO Group, has raised worries about the unregulated spyware industry and its damage to our privacy and on human rights globally.
After the Pegasus scandal broke out, AWS disconnected cloud sites linked to NSO Group. Pegasus is one of NSO Group’s products. This is because NSO Group used AWS CloudFront platform – one of its content delivery infrastructures that allow it to transfer data, videos, apps, and APIs quickly and safely. It gives it the capacity to conduct the early stages of the attacks against mobile phones. Also, AWS CloudFront enables it to breach and conceal its surveillance activity. AWS alleged that Pegasus has significantly misused and it has undermined the freedom of the press, freedom of thought, and free and open democracies.
The Pegasus scandal has brought us to an epochal time with frightening dimensions as sophisticated spyware of its kind comes into the open market. We should expect to see similar and even more sophisticated tools with vicious potentials to bring businesses and agencies of government to their knees. As a result, Edward Snowden has called for an international spyware ban. Today, no device is safe. If what we saw with Eternal Blue (Wannacry saga) is anything to go by, we may experience the same fate with Pegasus as its source code finds its way onto the dark web, to be weaponized by criminal hackers. The DYSTOPIA era may have just arrived.
Right to repair
In the United States of America, we have seen the advancement of legislation pushing for the ‘right to repair’. But experts worry that spyware firms like NSO Group might get a boost from such; noting that NSO Group spyware, which exploits mobile device operating systems, should compel policymakers to ensure that software designs continue to enjoy maximum protection. Critically, there’s a need for policy rethink; we should look into NSO Group’s “zero-click” exploits, which leverage flaws in the phone’s operating system to access our devices without any help. Firming up the security of smartphone OS is key.
The experts argue that if we allow the device to be made deliberately or indirectly vulnerable through making their source codes and patented design schematics easily accessible, we will be inevitably making our digital life hackable. While we can make repairs happen at scale, we mustn’t be compromising data security, privacy, safety, and other legitimate goals advanced by manufacturers. We must address the fears of potentially degrading, destroying, or compromising our devices.
NSO Group’s Pegasus impact has reverberated across the Global South. Nigeria has even gone to the spyware market too, to bring in a similar capacity in its fight against terrorists and also setting the stage for grievous abuse. Using Pegasus-style malware may be appealing in critical circumstances, yet it is time for us to have a deep thought into the consequences of having an entity with such brutal capacity.
We need global regulations to address its abuse. Spywares and their corporate owners have to be held accountable for misuse by entrenching oversight in the way they are deployed. We have to move beyond debates, as enforcing controls on the creation and sale of these corporate spyware has become important. This is because Pegasus and future spyware tools represent a significant threat to both our privacy and human civilization.
The question on everyone’s lips is, “Could Pegasus have slipped into private hands?” That fear must be entertained as the world dives deeper into digitalization and smartphone sophistry. No one should be trusted with spyware of any sort.
With accusations that 50,000 people targeted by NSO found that Pegasus was tracking 65 executives, 85 activists, 189 journalists, and more than 600 government officials, we have to examine the import for continually allowing private companies to wield such brutal capacity in exercising judgment over the key to our digital locks.
Microsoft called NSO Group “private-sector offensive actors” and “mercenaries.” The fear of conferring sovereign immunity protections to NSO Group is that it may be unaccountable to anyone, such status is the exclusive preserve of the State. Our cyberspace is morphing at a rapid pace. That is the reason we have to raise our awareness about new surveillance levels and most importantly upgrade our digital skills to address complex legal issues and challenges that have cropped up at the dawn of this new era of cyberspace.
Finally, since we now have new technological advancements in surveillance techniques, we must see it as a necessity to insert appropriate checks and balances in our various legal structures, to prevent the misuse of such advancements. We must democratize the capabilities to detect spyware such as Pegasus. All nations who understand this threat to our civilization and democracy must do something about banning the trade in commercial spyware technologies, which is completely under-regulated across the world. We must appreciate the fact that spytech, such as Pegasus, is a weapon and taking away the profit motive will save us from its liabilities.
Caesar Keluro, co-founder/CEO, Nanocentric Technologies Limited, leads ‘Make In West Africa’, a regional think-tank; and can be reached on +234 806 300 2817 (text only) or firstname.lastname@example.org. Twitter:@KCaesar