Like The Hub?
Join our community.
Join

Connor Oke: The private spyware industry is a growing threat to global civil society

Commentary

There is a sector operating within the democratic world that makes millions developing tools that help authoritarian governments better surveil dissidents and journalists. This is the private spyware industry. And few governments have developed the regulatory framework necessary to control this growing threat to civil society. 

Take the industry’s most well-known, and notorious, company as an example: the Israel-based NSO Group. Israel has used the opportunity to do business with NSO Group as a diplomatic outreach tool, including for the Gulf monarchies that used to consider it an enemy. 

Its Pegasus software is a highly-sophisticated surveillance tool that identifies security vulnerabilities in software and implants spyware on a target’s phone. Then, once infected, Pegasus operators can harvest passwords, record calls, monitor the phone’s camera, plant data, and more. 

Pegasus used to require a target to click on an infected link. However, the company has now developed zero-click attacks, meaning it can install its software without any user suspicion.

And for a fee, they’ll infect the phones your government wants infected, too. 

This technology has some benefits. For example, it can be a helpful tool to gather evidence against serious criminals or terrorists. But its abuse by authoritarian governments cannot be justified. 

Saudi Arabia, for instance, used Pegasus in 2018 to hack the phone of Canadian permanent resident and Saudi dissident Omar Abdulaziz. Abdulaziz was in close contact with fellow dissident Jamal Khashoggi before Khashoggi’s murder at the Saudi embassy in Turkey in 2018. The information in their text message exchanges may have contributed to Saudi knowledge of Khashoggi’s travel plans. 

The Kingdom even hacked Khashoggi’s family and Jeff Bezos“It’s alleged that the compromised message was sent from the personal WhatsApp account of the crown prince of Saudi Arabia, Mohammed bin Salman (often known as MBS). Forensic analysts working for FTI Consulting concluded that once the phone was infected, the attackers were able to siphon ‘large amounts’ of data from the device and had access until the start of 2019.” https://archive.ph/20210720134138/https:/www.wired.co.uk/article/jeff-bezos-phone-hack-mbs-saudi-arabia#selection-457.26-461.148 with Pegasus following the assassination due to coverage of the incident in the Washington Post.

Rwanda’s dictatorial government has used Pegasus to spy on over 3,000 opposition figures, journalists, and critics of the Kagame regime.“Pegasus appears to have been particularly useful in allowing the Rwandan government to attempt to silence political dissent outside of the country’s borders.” https://www.brookings.edu/techstream/how-digital-espionage-tools-exacerbate-authoritarianism-across-africa/ The deployment of the technology has been linked to several killings, both in Rwanda and in Mexico

The United Arab Emirates uses it to monitor dissidents outside the country. So does Morocco. Ugandan operators used it to hack U.S. embassy officials. Early in 2022, Poland’s government was embarrassed by revelations that it had used the software to monitor members of opposition parties. 

Even heads of state, including France’s Emmanuel Macron, have faced hacking attempts by Pegasus operators. So have hundreds of journalists.“An attack on a journalist could expose a reporter’s confidential sources as well as allowing NSO’s government client to read their chat messages, harvest their address book, listen to their calls, track their precise movements and even record their conversations by activating the device’s microphone.” https://www.brookings.edu/techstream/how-digital-espionage-tools-exacerbate-authoritarianism-across-africa/

The risks posed by these hacking technologies are unprecedented. Authoritarian governments have never before had access to such easy tools to surveil, intimidate, and blackmail dissidents far from their borders.

The world knows what it knows about the workings of NSO Group—and its victims—thanks to the investigations of organizations like Amnesty InternationalForbidden Stories, and the University of Toronto’s Citizen Lab

However, the private spyware industry is much larger than just NSO Group. Israel is home to many of these firms because of links between the private sector and the country’s elite cybersecurity forces. Firms include CandiruCellebriteCircles, or Germany’s FinFisher

Formerly, the Italian company HackingTeam sold its data infiltration services to the governments of Egypt, Russia, Turkey, and more—until the Italian government stepped in with an export ban. 

Other firms operate in the shadows, without public websites or even buildings displaying a logo.

So, what can be done in Canada about the growing risks to civil society posed by these organizations? The United States has recently blacklisted NSO Group and Candiru, meaning that American companies can no longer do business with, or sell technology to, either entity. The Government of Canada could take a similar step. 

Canada could also strengthen its export control regime to ensure that the technologies made here at home do not support repression in authoritarian states. The Citizen Lab, for example, recommends that Canada implement greater transparency requirements so that Canadians know who is exporting dual-use technologies, where they’re going, and why an export permit was granted.“The European Union recently increased transparency requirements on EU states in the context of dual-use exports.106 Doing so enables ongoing monitoring by civil society of the surveillance capacity of countries of export and the proliferation of dual-use surveillance technologies globally. https://citizenlab.ca/wp-content/uploads/2022/03/Report151-dtr_022822.pdf 

Because although Canada does not host the private spyware industry on its soil, other technologies developed in Canada have been used by repressive governments abroad. One such example is Netsweeper, an internet filtering service.

Canadian journalism schools and newsrooms should also think deeply about how they can implement more digital security training, particularly for those journalists doing foreign reporting. 

Ultimately, however, the power to control the operations of the private spyware industry does not lie with Canada. If the government takes action on the first two points, it, while necessary, will do little to slow down the spread of these technologies around the globe. 

Instead, Canada could lend its voice to efforts to strengthen and harmonize export control regimes for surveillance technologies among democratic states, focusing on human rights. Using its diplomatic connections, Canada could try to raise this a priority in its international negotiations. 

It’s a big ask, given Canada’s limited diplomatic pull. But as the Western world is increasingly aligned in response to Russia’s invasion of Ukraine, the time for a coordinated stand against enabling authoritarianism is now. 

Malcolm Jolley: Pork, poultry, and Poland’s place in the EU

Commentary

The kabanos sausages at ZM Moscibrody are excellent. Slender as a finger, they taste of tangy smoked cured pork, garlic, salt, and spices. Moscibrody is about an hour or so east of Warsaw, in the flat and intermittently forested Polish countryside. The complex includes a banquet hall, scenic ponds for raising carp, a kind of old-time themed wood-framed medieval village, and a good-sized slaughterhouse and meat packaging plant. The kabanos were part of a spread put out for me and my colleagues at lunch, and I was greedily snacking on them while I waited for the main courses to arrive. We’d seen them being made earlier on our tour of the plant in the morning.

I travelled to Poland last November as a guest of that country’s Union of Producers and Employers of the Meat Industry (UPEMI). I was part of a delegation of Canadian and American journalists invited to learn more about the production and processing of beef and pork in that country, with a view to encouraging exports. The trip was paid for (at least in part, if not in full) by the European Union as part of an ongoing “Meat with European Quality” marketing campaign focused on Polish products. That campaign is part of the larger European Union’s “Enjoy It’s From Europe” worldwide marketing campaign for the promotion of EU agricultural exports. The hope being that more products like the kabanos sausage would make it across the Atlantic to North American markets.

Our delegation was small, with four journalists from each country. Six of us wrote for trade journals that covered everything from supermarkets to hog farming in Alberta, to food engineering. Without a technical audience, my line of inquiry on the trip was to see how the Poles were approaching the EU campaign. On October 7 of last year, the Polish Constitutional Court had ruled that parts of the Treaty on the European Union were incompatible with the country’s constitution,“In a decision that caused a stir in the EU, the Polish constitutional tribunal rejected the primacy of European law over Polish law, sparking a row with Brussels that blocked approval of Warsaw’s economic recovery plan.” https://www.euronews.com/2022/03/10/polish-court-finds-european-human-rights-convention-incompatible-with-constitution and the government of Prime Minister Mateusz Morawiecki seemed to be taking a combative pose towards Brussels, to the extent that some supporters in the Polish press had begun to talk about a “Polexit”.“In the 2003 Polish referendum on joining the EU, 77.6% of voters voted in favor. Poland joined the EU the following year, and since then–according to regular polls conducted by the governmental Centre for Public Opinion Research (CBOS)–no more than a quarter of respondents ever supported leaving, with support gradually waning down to a mere 5% in 2019 and 6% in 2021.” https://en.wikipedia.org/wiki/Polexit#cite_note-20

The overt premise of the “Meat From Europe” campaign was to remind prospective customers that Polish producers and processors are held to the EU’s strict set of agricultural and food processing standards, including health and safety and animal welfare. Poland joined the EU in 2004. In the fifteen years between then and the fall of the Berlin Wall, Polish producers invested in new plants, precisely to bring standards up to EU compliance. So explained veteran farmer Waldemar Podniesiński, President of ZM Mokobody, a processing plant also due east of Warsaw. A small, family-owned operation, it was established in 1989 to take advantage of new economic freedoms and refurbished in 2004 to comply with EU standards.

When Poland joined the EU in 2004 it elected not to join the Eurozone, and the country has retained the zloty. Implicit, though never explicitly stated, in the promise of “Meat From Europe”, is Western European quality at Eastern European prices. This sounds good for the Polish producers, although Canada is among the world’s top exporters of pork and beef itself, and agricultural products are generally outside the realm of the Canada European Trade Agreement.

While the Polish farmers of the UPEMI hope to benefit from the “Meat with European Quality” campaign, they are not uniformly pleased with the European Union as an institutional body, which they see as increasingly interfering with the way they do business. “EU politicians want to turn Polish farmers into gardeners,” complained UPEMI President and member Wieslaw Rozanski when we met him for dinner.

Poland is, in fact, a relatively large exporter of meat, I learned at the UPEMI annual conference in Warsaw. It’s just that what they mostly export is poultry. Second is pork, but Poland has suffered from outbreaks of Asian swine flu over the last decade or so, aggravated by its relatively high population of wild boar. Still well forested, the wild pigs roam the Polish countryside and carry the disease. Asian swine flu is not dangerous to humans but needs to be aggressively contained by culling to protect herds.

Beef production is much smaller, and the cattle I saw at the Mokobody plant were old dairy cows. They were destined to be turned into Halal meat for the Middle Eastern export market, and the men who worked there were from former Soviet Islamic republics, like Khazakstan and Uzbekistan. Polish export to Islamic markets, I learned from union president Podniesiński, is another source of friction with the EU. Legislators in Strasbourg have threatened to effectively ban Halal slaughter, as it forbids the prior use of a stun gun, which is the standard in conventional processing.“Yet in recent years that lucrative trade has come under political threat, with the ruling Law and Justice (PiS) party – and in particular its powerful chairman Jarosław Kaczyński – pushing an animal-protection law that would, among other things, ban ritual slaughter. That legislation has twice been shelved following opposition within PiS itself, marking rare defeats for Kaczyński and highlighting the size, strength and lobbying power of the meat industry. Yet producers remain concerned that they could again come under threat.” https://notesfrompoland.com/2022/02/21/poland-among-europes-leaders-in-kosher-and-halal-meat-despite-uncertainty-around-ritual-slaughter/

Back in Warsaw, at a meeting with the Acting Head of Representation of the European Commission in Poland, Witold Naturski, he explained that whether I had heard some grumbling about the EU or not, since it represented over 70 percent of Polish agricultural exports it was unlikely that relationship was in too much trouble. Mr. Naturski serves as a kind of diplomat and was not going to comment on a Canadian journalist’s wild speculations on Polexit. It became clear to me, by inference, that if the Polish countryside support for the EU, including its Common Agricultural Policy, was strong, then, given the overwhelming support for the EU in urban areas, Poland’s membership was not likely in much peril.

On the two occasions when we left Warsaw for the countryside, we took the main highway out of town going east. The end of that road is Belarus, and we passed a few military vehicles heading that way. At the time, a group of refugees had assembled at the border having been flown there by the Lukashenko regime. The Poles refused them entry, and an international crisis was unfolding.

The implied message of the crisis to the Poles, and their Baltic neighbours, seemed to be “If you like the EU so much, then take in these refugees”, presumably playing on xenophobic fears in the hopes of fomenting more discord among member states. It didn’t seem to be working at the time, and any Pole I spoke to about had no doubt who was behind it: Vladimir Putin.

That crisis seems like a long time ago now that there is a serious one on Poland’s border with Ukraine. Polish membership in the EU today is unquestioned, if it ever really were at all. The courage and the generosity the Poles have shown in their absorption of millions of war refugees is inspiring but not surprising, given their long and bloody history of being under the Russian boot.“Among the two million people who have entered Poland from Ukraine, some have moved on to other countries in the EU, although the majority are believed to be still in Poland. The overall number of refugees who have left Ukraine to neighbouring countries from 24 February onwards is estimated at over 3.2  million.” https://www.unhcr.org/news/press/2022/3/6234811a4/poland-welcomes-million-refugees-ukraine.html

I don’t know if they’re going to export much more meat to Canada or not, but I will look out for kabanos sausage and anything else tasty made in Poland from now on.

The official website for the “Meat From Europe” campaign is https://www.meatfromeurope.eu/.