In June, the Paris Judicial Court in France indicted four executives from two surveillance companies on charges of complicity in torture in Libya and Egypt, following revelations by journalists about their alleged technology sales to repressive regimes. Reporters with The Wall Street Journal discovered Libya’s imported spy technologies through intrepid foreign correspondence — searching abandoned surveillance headquarters in Tripoli as Muammar al Qaddafi’s regime collapsed — while Olivier Tesquet, a reporter at French newspaper Télérama, scoured export licenses and government contracts to investigate spyware sales to Egypt’s el-Sissi regime.
Both companies involved — Amesys and Nexa Technologies — have denied the charges. But to surveillance watchdogs, the cases highlight the dangers of a global boom in the sale and transfer of digital monitoring and interception technologies, as well as the growing potential for accountability. Around the world, alarm bells are ringing that authoritarian governments are acquiring advanced spyware for repression, and democratic governments are deploying invasive surveillance technologies under the guise of crime reduction, national security, or COVID-19 tracking.
This multi-billion-dollar industry involves dozens of tech firms, complicit governments, and secret deals, with far-reaching consequences for human rights, privacy, and the ability of journalists to protect their confidential sources.
How can investigative reporters find out what particular technologies their governments are buying in the shadowy surveillance market — and whether they’re abusing those digital tools for repression or discrimination?
Human rights groups have already done significant legwork on the global spread of these technologies. In July, UK-based research agency Forensic Architecture — in partnership with Amnesty International and Citizen Lab — released a powerful interactive tracking tool, called the Digital Violence platform, which maps the sales of the notorious Pegasus spyware to governments around the world. It also connects the deployment of this system — which can secretly extract call, email, and contact data from an infected phone — to digital attacks on civil rights defenders and journalists around the world, and even some of the physical abuses that followed.
In interviews with GIJN, investigative reporters and researchers on the surveillance beat say clues to these procurements are often found in plain sight, despite the secretive nature of the deals. This is partly because of a chronic lack of regulation around surveillance, because private-sector vendors wish to market their products, and, most troubling, because some authoritarian officials believe the sheer awareness of these technologies can lead to the kind of self-censorship they desire.
Some government surveillance procurement agreements are legal, and intended to fight crime; some are illegal, and intended to persecute dissidents and journalists; and some are a combination of these. Regardless, journalists need to know how to assess who has what.
Tesquet’s reporting approach was based on traditional muckraking. Combing through hundreds of pages of transcripts from a 2013 French judicial investigation into spyware sales to Libya, he noticed that one company employee mentioned “Egypt,” and connected that reference to executive email correspondence in the appendix of another report. Tesquet discovered that the company had quietly changed its name, and was allegedly continuing to sell the same spyware system, now rebranded as “Cerebro,” to repressive governments, despite the allegations about its earlier abuse in Libya.
“I understood there was an ongoing business — using this parent company in the United Arab Emirates, they sold to el-Sissi the exact same system they sold to Qaddafi,” Tesquet claims, in an interview with GIJN.
The veteran investigative reporter then found that one French company had applied for export licenses for the sale of interception technologies to a dozen foreign governments. He also obtained copies of procurement contracts, which — helpful for other reporters’ online searches — revealed the kind of language governments use when seeking these surveillance tech deals, with terms like: “The provision of services enabling the implementation of an IP interception system to combat terrorist or other criminal activities.”
Responding to the indictments of the Amesys and Nexa executives, Rasha Abdul Rahim, director of Amnesty Tech at Amnesty International, remarked: “The indictments are unprecedented. When left unchecked, the activities of surveillance companies can facilitate grave human rights violations and repression.”
“A trial would send an important message to companies doing business with authoritarian regimes,” says Tesquet.
Allie Funk, a senior research analyst at Freedom House, has produced several major reports on digital threats to human rights and accountability, including research that shows how governments exploited the COVID-19 pandemic to monitor their citizens.
Funk suggests reporters look for technologies that fall within four key areas:
Surveillance companies broadly insist that their products are sold legally to help governments combat crime. Cellebrite states that its systems help “to protect and save lives, accelerate justice, and ensure data privacy.” NSO Group — which markets the Pegasus system, and which has merged with Bulgaria-based interception tech firm Circles — states that its goal is to “help licensed government agencies… lawfully address the most dangerous issues in today’s world.” China’s Huawei states that its AI surveillance technology cuts crime and improves public safety.
Funk’s tips to find leads on new or abused surveillance capabilities include:
Funk says she is not aware of any comprehensive interactive map of surveillance tools for each country. “I’d love to see one,” she says. However, she advises reporters to start their research by going to the “Countries” page of Freedom House’s annual “Freedom on the Net” report which assesses digital freedom in 65 countries, click on the correct country name, and seek the text under the C4, C5, and C6 categories in the database for a summary.
A map of law enforcement surveillance technologies does exist for the US — thanks to an Electronic Frontier Foundation (EFF) project called the Atlas of Surveillance. The clickable tool includes some 8,000 data points on technologies like aerial drones, automated license plate readers (ALPRs), cell site simulators, and facial recognition software used by some 3,500 law enforcement agencies.
Beryl Lipton — formerly an investigative reporter at the nonprofit news site MuckRock, and now an EFF investigator — says newsrooms in other democratic countries or cities can replicate their own versions of the Atlas.
The Atlas database is built with open source intelligence that is crowdsourced from a network of journalism students and research volunteers, which is then fact-checked. An online tool developed by EFF, called Report Back, sends automated small tasks to volunteers, urging them to search government procurement records, federal grant reports, and news articles for a particular technology in a defined jurisdiction.
“A lot of this information is out there in disparate places, but harvesting it can be a tedious process for a single newsroom, so a targeted way to crowdsource the data is helpful,” she said. “You can just search dot-gov-type sites for the names of major suppliers, like, say, Cellebrite, or keywords, like ‘cell tower,’ which can lead you to further reports. Or you find pitches, where companies have written to say ‘You should consider us, and we would welcome you to get in touch with our existing government customers, who are X and Y.’”
Lipton’s tips for identifying spy gadgetry used by authorities include:
But how are these technologies used in the real world?
Jon Fasman, US digital editor at The Economist, recently embedded with police units in the United States and Ecuador to research his book “We See It All: Liberty and Justice in an Age of Perpetual Surveillance.” The book, he stresses, is not anti-technology, but rather pro-democracy and pro-regulation.
Fasman says surveillance technologies are often acquired in democracies for noble reasons, but that their deployment — and the downstream uses of the data they extract — can threaten civil liberties in ways that even their government users might not anticipate.
“Things like ALPRs or Citizen Virtual Patrol [which streams video of city streets to laptops] are not doing anything a police officer couldn’t do in a public space — it’s their ubiquity and ease and invisibility that’s the dangerous part,” Fasman says. “I didn’t witness facial recognition deployed — though I did see some companies that were using it, particularly in Israel. Facial recognition worries me more than tools like stingrays [which mimic cell towers to track phones] because we can leave our phones at home, but we can’t leave our faces at home.”
Fasman hung out in police departments in Newark, New Jersey, and Los Angeles, California, and joined officers on ride-along patrols.
“Cops have ShotSpotter apps on their phones [which send alerts when loud bangs are detected on the street]; in LA, a high ranking officer was really familiar with this predictive policing app,” he explains. “It wasn’t the stereotype of the tech nerd-type explaining to other officers what to do — these were ordinary officers integrating tech into their everyday operations.”
Fasman also embedded with a police department in Ecuador to study how officers used the Chinese-made ECU-911 system, which includes a massive smart camera network and can track citizens’ phones. “What’s striking is that it clearly had a dual purpose — beneficial, because it links up their police, ambulance, and fire responses, but it’s also clear the state could use the system to monitor political dissent in an undesirable way,” he says.
Fasman’s tips for gaining access to surveillance operations include:
Reporters can also anticipate surveillance procurement based on past patterns — such as binge purchases of spy equipment by governments that immediately follow the relaxation of sanctions. The Wall Street Journal investigation of Libya’s spy tech procurement deals noted that “Libya went on a surveillance-gear shopping spree after the international community lifted trade sanctions.”
Experts say one of the most difficult technologies to detect is the kind that hacks phone communications without hacking the phone itself — especially the Circles system — because it leaves no trace of its intrusion on the phone. Instead, it exploits weaknesses in a common signaling system used to route calls between different telecommunications networks. The software can identify the approximate location of a phone in seconds by causing the home wireless network to believe the phone is roaming, and can reportedly also intercept calls and texts.
Researchers and reporters have generally relied on open source tools and insider tips to detect the government deployment of Circles products.
However, last year, researchers at the University of Toronto’s Citizen Lab found a new method: scanning Internet of Things (IoT) search engines, like Shodan and Censys, for digital firewalls whose hostnames contained a telltale domain name associated with Circles deployments. By searching for the domain name “tracksystem.info,” Citizen Lab identified 25 governments that had purchased Circles systems, and even the particular agencies using them — including many with records of human rights abuses.
Their digital methodology is complex, but they explain in detail, under the “Fingerprinting and Scanning for Circles” section of their “Running in Circles” report.
Human rights group Access Now is currently completing a major investigation into the acquisition of surveillance technologies by governments in Latin America and the Caribbean. Local reporters can watch for the release of that database on the Access Now site in July, or contact their researchers directly.
At the recent RightsCon summit — billed as “the world’s leading conference on human rights in the digital era” — Gaspar Pisanu, Latin America policy manager for Access Now, said sources for the report included FOI requests, interviews, and corporate press releases.
Pisanu told GIJN that LinkedIn had also proved an effective channel for the research and that reporters could use this platform to identify and interview current executives — and particularly recent ex-employees — of surveillance suppliers to governments.
Speaking on the same panel as Pisanu, Thiago Moraes, head councilor of Laboratório de Políticas Públicas e Internet (Laboratory of Public Policy and Internet, or LAPIN), said researchers were surprised to find that many of the costly “surveillance solutions” owned by local authorities in Brazil were not acquired by traditional procurement methods, but were freely donated by foreign companies “as pilot tests.”
Bulelani Jili, a researcher at Harvard’s Department of African and African American Studies, points to a 2019 investigative story by The Wall Street Journal as a key moment in which prior perceptions that “surveillance tech is a Western issue” changed for many civil society organizations in Africa. In this story, reporters found that Chinese technicians were recruited by Ugandan cybersecurity police to hack encrypted communications used by opposition leader Bobi Wine. The investigation alleged that, after unsuccessful attempts by police to hack Wine’s WhatsApp account, software engineers from Uganda’s major digital supplier, Huawei, helped them penetrate Wine’s “Firebase Crew” chat group. Police then stopped planned opposition rallies, and Wine and several supporters were arrested. The Wall Street Journal noted that it “did [not] find that Huawei executives in China knew of, directed, or approved” of any hacking in Uganda, and quoted a company spokesperson as stating that Huawei “has never been engaged in ‘hacking’ activities.”
Jili says journalists can examine the growing number of soft loans — “primarily from China” — that several African governments are using to purchase monitoring technologies.
“Why would a relatively low-income country like Uganda take a $126 million loan from China to then buy a camera surveillance system, particularly when the datasets show no direct correlation with decreased crime?” he asks.
The scope of China’s impact was spelled out last year in testimony by the Carnegie Endowment for International Peace to a US government commission. The think tank found that 13 African governments had acquired advanced Chinese surveillance tech, from Cloudwall facial recognition in Zimbabwe to Huawei’s “Safe Cities” citizen monitoring in Kenya and Uganda.
French journalist Tesquet warns that the field is exploding. “This is,” he says, “just the tip of the iceberg.”