The use of Pegasus malware on UK-based smartphones​

By Thomas Vink, 27th April 2022

GLAN are working in partnership with Bindmans LLP to devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’ rights to privacy and freedom of expression. Pegasus is developed by NSO Group who sell licences for use to foreign state governments. GLAN and Bindmans are carrying out a scoping exercise to develop an interconnected civil, criminal and public law strategy, strengthened by collaboration through their respective legal and NGO expert networks, to identify the most impactful legal strategies. As a result of this exercise, they have so far put NSO Group, the UAE and Saudi Arabia on notice of the intention to bring civil claims against them in the courts of England and Wales: the three claimants are human rights activists, political commentators and leaders of civil society organisations.

The use of Pegasus malware on UK-based smartphones

Organisation Name

Global Legal Action Network, with Bindmans LLP

Country/Jurisdiction

United Kingdom

Amount Granted

EUR 61,619

Current Status

Ongoing

Grant type

Pre-litigation Research Support

Description

GLAN worked in partnership with Bindmans LLP to devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’ rights to privacy and freedom of expression. Pegasus is developed by NSO Group who sell licences for use to foreign state governments.

GLAN and Bindmans conducted a 6-month legal and forensic investigation assisted by independent technology experts Reckon Digital and computer surveillance expert Dr. Bill Marczak of Citizen Lab and UC Berkeley. They finalised how to move forward with litigation against NSO, the Kingdom of Saudi Arabia and/or the United Arab Emirates. 

In September 2024, GLAN filed a criminal complaint with the UK Metropolitan Police on behalf of four victims of Pegasus spyware. The victims are all human rights defenders residing in the UK, who are believed to have been targeted by the Kingdom of Saudi Arabia, the United Arab Emirates and the Kingdom of Bahrain.

The accused include NSO Group Technologies Limited (‘NSO’) is an Israeli software company which supplied Pegasus technology, Q Cyber Technologies is a Luxembourg-based company inextricable from NSO, and Novalpina Capital, a UK-based private equity firm which undertook a ‘management buyout’ of NSO in 2019.

"devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’ rights to privacy and freedom of expression"

Strategic Goal

To achieve legal accountability for, and raise public awareness about, illicit cross-border cyber-surveillance and hacking, where individual rights are violated.

Organisation Name

Women’s Link Worldwide

Image credit: Saksham Choudhary from Pexels