The Pegasus Controversy: India Can Usher In Surveillance Reform Through Open Government Doctrines
On July 18, a global investigation uncovered how mobile phones of journalists, activists, and opposition leaders across the world were targets of illegal surveillance by at least eleven governments. This was done using the software Pegasus, sold by the NSO Group, an Israeli firm known for cyber-surveillance. This scandal throws into sharp relief the dangers of unaccountable use of technologies, and how this is a fundamental threat to open government.
Surveillance as a security tool is not new by any means. Governments have used it to track criminal networks and foreign threats to national security. What makes this different is both the scale of the number and spread of phones hacked (in over 45 countries) and the sheer ease with which some governments were able to access this software and deploy it against their own citizens.
The Pegasus leak shows how technology can be systematically used to undermine press freedom and democracy.
How governments used Pegasus
Governments targeted journalists who were critical of their policies and were investigating systemic corruption. For instance, among those targeted were those who uncovered the 1Malaysia Development Berhad scandal (1MDB) and the fiancee of murdered Saudi journalist Jamal Khashoggi.
Governments also used this alleged security system for political ends, including against opposition leaders during elections. This will have a chilling effect on civil society, journalists, and reformers beyond those immediately tracked - contributing to further fear and self-censorship, attempting to silence those who hold their governments to account.
The countries identified in the Pegasus investigation are known to rank low on the Press Freedom Index, including three countries that are members of the Open Government Partnership (OGP) - Azerbaijan (currently suspended), Morocco and Mexico. India, widely recognized as the world’s largest democracy, is also on the list identified in the investigation.
That said, given the prevalent use of surveillance by law enforcement and security agencies across borders, and not just by a few countries, some democratic controls and open government principles need to be in place to check abuse and promote accountability.
In 2017, the former Mexican government was first found to be targeting activists and journalists using the Pegasus software. This included journalists such as Juan Pardinas, who was part of the group of governments and civil society leaders who founded OGP, and activists who were part of the OGP national process at the time.
This led to a breakdown in dialogue between the government and civil society, resulting in civil society organizations leaving the OGP table. Once a new government was elected, Mexican civil society groups such as Article 19, Social TIC and others advocated for greater accountability and oversight on government regulation, procurement and use of surveillance technologies.
Open government ideas
This OGP brief highlights innovations in democratic oversight of surveillance technologies in detail. Relevant to the unfolding Pegasus case, here are five key open government ideas for governments and activists navigating the policy vacuum in countries:
Ensure transparency, accountability and oversight: There is very little oversight on the procurement and deployment of surveillance technologies across the jurisdictions emerging from the Pegasus leak. This needs to be tackled as an urgent priority.
A few years ago, the UN Special Rapporteur on Freedom of Expression called on member states to “publish, at minimum, aggregate information on the number of requests approved and rejected, a disaggregation of the requests by the service provider and by investigation and purpose.” Under OGP, the Supreme Court of Georgia committed to maintaining statistics on motions for phone tapping. Following a request by civil society involved in the OGP process, the Supreme Court began publishing them on an annual basis.
In 2019, as part of their OGP action plan, civil society in Mexico prompted the government to commit to increasing transparency and accountability in the use of surveillance technology. Mapping the experiences of other countries to inform the commitment’s implementation showed that there are very few examples of similar reforms elsewhere.
Integrate into broader data protection reform: As countries consider their policy infrastructure around data protection and data sharing, it is essential to include provisions on surveillance reform.
The European Convention for the Protection of Individuals concerning Automatic Processing of Personal Data has some strong provisions on this, some of which are reflected in the EU’s General Data Protection Regulation (GDPR). For example, one of the countries identified in the investigation – India, is considering a suite of data protection bills, which according to experts, currently does not contain any provisions related to surveillance reform.
Consider the role of civil society and independent oversight bodies: Transparency and supervision are essential for public agencies as they tackle organized crime and promote trust among citizens. Involving civil society in monitoring and oversight, therefore, becomes important. Where surveillance technologies are used to tackle organized crime, they need to be implemented in compliance with international human rights and data protection frameworks.
In this regard, mechanisms such as independent task forces or ethics committees set up to work with law enforcement agencies are important. Emerging examples to consider include, the data ethics committee created by the West Midlands Police & Crime Commissioner and West Midlands Police in the UK, the New Zealand Police independent advisory panel on emergent technologies, and a local surveillance technology ordinance in Oakland which mandates public consultations.
Couple global principles and declarations with concrete country reforms: There have been many calls for developing a set of global principles and frameworks to regulate surveillance technology recently - including to ban export and transfer. In addition to proposed global trading regulations, countries (like Israel in this case, where the NSO group is based) must regulate their domestic spyware industry.
While global standards are valuable, concrete policy actions at the country level are key. There needs to be a multi-stakeholder push to strengthen national-level policies and enhance accountability for implementation to bridge the gap between global principles and country action. On this, Mexico’s commitment from its OGP action plan has the opportunity to set a precedent in what a multi-stakeholder, transparency-led framework for the use of surveillance technology could look like.
Strengthen whistleblower protection frameworks: While data and digital governance policy frameworks need to be prioritized, they should not be seen as divorced from the wider legal frameworks around fundamental freedoms and human rights. Reforms related to surveillance should also take into account intersections with strong whistleblower protection frameworks. There are several countries in OGP that are now advancing this – from Latvia to Ireland. Employees from private companies or public agencies must be given the enabling environment to report abuse without retaliation. This is a critical safeguard to guarantee transparency in the use of technologies.
Protecting civic space
The courageous and critical work on the Pegasus Project by the consortium of journalists and activists behind Forbidden Stories, Amnesty International, Citizen Lab and their partners has demonstrated the continued importance to protect civic space and the space for independent journalism - something that governments, foundations, and business should unequivocally support across borders.
Equally critical, the Pegasus Project has shown how personal data protection is inextricably linked to protecting democracy and media freedom. As reformers in the open government community, we should direct collective, multi-stakeholder action towards global principles for the regulation of surveillance along with concrete country actions.
2021 is an important opportunity to advance this agenda through the 100+ action plans expected from OGP members tackling some of the most pressing challenges in their jurisdictions. Additionally, the upcoming OGP Global Summit and the forthcoming U.S.-hosted Summit for Democracy will be important for advancing the global agenda on this.
About Open Government Partnership (OGP): OGP is a multilateral partnership of 78 countries and 76 local governments committed to government transparency, accountability, and inclusive participation, working with civil society and other relevant actors. Presently, Afghanistan and Sri Lanka are the only active members of OGP in the broader South Asia region; Pakistan had joined, but is currently designated inactive according to the rules of the Partnership. (SAM)
(This article was originally published by Open Government Partnership on July 20, 2021.)