The Pegasus Project’s Exposé on Mass Surveillance

By Digital Freedom Fund, 1st December 2021

Illustration of a Pegasus horse inside a giant eye

In July 2021, the Pegasus Project exposed the chilling extent of global mass surveillance by states and companies around the world.

The results of this major investigative effort  —  led by over 80 journalists from 17 media organisations  —  dealt a devastating blow to global digital rights, revealing that many journalists, human rights activists, and opposition politicians had been targeted by Pegasus spyware. Developed by Israeli firm NSO Group, Pegasus is a software that infects smartphones and extracts information at will, often while being impossible to detect.

Pegasus can harvest any information it wants from our phones, which, as we know, contain vast amounts of data about us, from where we’ve been to who we meet to what we think. The hacking software can film you through your camera, read your messages and record your calls. Not long ago, the prospect of such a sophisticated surveillance tool being used by governments was merely the stuff of dystopian fiction. But the Pegasus Project proved that the worst fears of digital rights activists around the world have indeed already materialised.

The Pegasus Project proved that the worst fears of digital rights activists around the world have indeed already materialised

Pegasus is a powerful weapon for governments wanting to clamp down on free speech and restrict democratic opposition, making it a grave threat to human rights. The investigation identified both democratic states and authoritarian regimes that had purchased licenses to use it.

While the spyware was ostensibly developed to help combat terrorism and serious crime, it has been widely deployed against human rights activists, journalists and opposition politicians, suggesting blatant misuse by states seeking to advance other their own political agendas and maintain power. The fact that private companies like NSO Group can develop and sell this kind of bulk hacking and surveillance technology to governments and other potentially nefarious actors is a severe oversight by market regulators, who must limit the sale of such dangerous tools.

The fact that private companies like NSO Group can develop and sell this kind of bulk hacking and surveillance technology to governments and other potentially nefarious actors is a severe oversight

The impact of the in-depth investigation into Pegasus rippled around the world. When the project first published its findings in July, 156 civil society organisations  —  including leading digital rights NGOs such as Access Now and European Digital Rights (EDRi)  —  issued an open letter to states, urging them to impose a moratorium on surveillance technology like Pegasus.

Since then, there have been consequences for those behind the hackings. NGO Group was blacklisted in the US, where it is also facing a lawsuit from WhatsApp, who argue that the company unlawfully used WhatsApp’s servers to deliver its spyware. Elsewhere, the Indian Supreme Court ordered an inquiry into the state’s use of the software, while Mexico arrested an individual on charges of using Pegasus to spy on a journalist.

As part of our The Year in Digital Rights series, DFF counted down to Human Rights Day 2021 with ten of the year’s biggest digital rights stories. Read the full series here.

Artwork by Cynthia Alonso