Last year saw the highest global military spending – nearly $2tn – since 1988. More than half of that was expenditure by the United States and its allies. Defence capabilities are closely guarded national assets. A web of rules has grown up around the export of arms and their use. No country wants its most lethal weapons being turned upon themselves.
Yet there are at least 500 private companies that operate, largely unregulated, and sell intrusive software to oppressive regimes that spy on and harass their critics. These anti-democratic acts ought to be enough to bring such trade to a halt. However it has continued; the industry says these tools are for fighting crime and terrorism. What happens when, instead, governments opt to use these capabilities not just on their people, but on the democratic west?
We may be about to find out the answer to that question. A global reporting consortium, which includes the Guardian, Amnesty International and the Paris-based non-profit Forbidden Stories, has produced this week a wealth of stories from a leaked list of phone numbers identified by the client governments of NSO, an Israeli hi-tech firm. Forensic analysis showed NSO’s Pegasus spyware was used by some of its clients to hack smartphones belonging to journalists, dissidents and activists. The mobile phone of a serving French minister showed digital traces of activity associated with NSO’s spyware. Paris has launched an investigation.
These phones appeared on a leaked list of more than 50,000 numbers. On there were 10 prime ministers, three presidents – including France’s Emmanuel Macron – and the king of Morocco. The Indian government, suspected of being an NSO client, is thought to have selected numbers of the Dalai Lama’s Tibetan government-in-exile. Hundreds of phones belonging to British citizens were also listed, with the government responsible for picking them believed to be Britain’s Gulf ally the United Arab Emirates, that itself has close ties to UK partner Israel. With friends like these, one might ask what is required of our adversaries? This week the Cabinet Office minister Lord True said that the UK has “raised our concerns several times with the government of Israel about NSO’s operations”.
NSO says that as it does not operate the spyware systems it sells, and does not have access to the data of its customers’ targets, the company cannot supervise their use. This is a self-serving argument that rests on corporate secrecy. But spyware such as NSO’s makes possible the violation of fundamental rights. It is a bit rich for western democracies to complain that China or Russia export digital authoritarianism if its allies are peddling tools that can be used for the same ends.
State power is about software. Israel should clamp down on a spyware sector that allows authoritarian regimes to export self-censorship. Global rules are needed to govern the proliferation of these weapons of mass repression: it is in democracies’ self-interest to limit the spread of such technology. At present, no other governmental or private mechanisms, aside from bringing legal cases, are available to prevent or redress the serious violations of free speech, association, and privacy enabled by tools like NSO’s. That must change.