Post-Pegasus: Protecting Human Rights Defenders in the 21st Century

On 29 October 2021, the Bahrain Center for Human Rights (BCHR) hosted a panel titled “Post-Pegasus: Protecting Human Rights Defenders in the 21st Century” to bring together digital security experts and human rights defenders (HRDs) to discuss the recent Pegasus spyware revelations in Bahrain. Speaking at the event was Mohammed Al-Maskati of Front Line Defenders (FLD), Saloua Boukaouit of BCHR, Mohamad Najem of SMEX, and Emna Mizouni of Digital Citizenship. Anthony Hu from BCHR moderated the event.

Mohammed Al-Maskati began the event by framing the issue in that his biggest focus in the past few months has been Pegasus. However, he notes that the NSO Group is not the only company selling these technologies to repressive governments and Pegasus is not the only software that has targeted HRDs. Namely, FinFisher and the Hacking Group are just two examples of companies that have sold exploitive technologies to Bahrain in the past. Al-Maskati explained that these technologies do not just affect HRDs, but also their families, friends, and colleagues by siphoning data from your phone through both infected links and “zero-click” bugs that infect phones without the user having to do anything. It is also more likely to be able to detech the spyware after the fact in iPhones rather than Androids. Moreover, he pointed out that the NSO Group’s contracts abroad has to be approved by the Israeli government and the Israeli Defense Force (IDF). As a result, not only is Israel responsible for the exploitation of these technologies, but also other relevant parties like investors, customers, countries where the victims are found, and the United Nations. Al-Maskati ended his presentation by explaining that the data collected through Pegasus does not necessarily have immediate repercussions; it can be used as blackmail or defamation in a few months or several years from now.

Saloua Boukaouit spoke on the impact of Pegasus on HRDs, non-governmental organizations (NGOs), and civil society more generally. Boukaouit pointed out that this issue is not new, and that Bahrain has been spying on its citizens for years even before the Arab Spring. Recently, at least five members of BCHR has been targeted by these spywares. These attacks are different in that it is difficult to be aware that you have been targeted, and so it is increasingly hard to protect each other. Boukaouit explained that the abuse of surveillance technologies like Pegasus are not only a violation of privacy, but it can also lead to more severe human rights issues such as torture, detention, and even extrajudicial killings. More up-to-date digital security mechanisms on recent digital threats are needed as all NGOs like BCHR can do is attend digital security trainings to try to protect themselves as best as possible. Boukaouit underscored that currently, the human rights dimension is excluded from the cyber security laws, policies, and practices. Thus, more collaboration to develop specific policy recommendation that places human rights central in the international cyber security debates. Furthermore, Boukaouit pointed out that the national security discourse has been going on for a long time. However, she argues that we need to challenge the idea that we need to weaken cyber security for national security reasons, especially when it endangers HRDs.

Mohamad Najem started by saying that Bahrain is one of the most sophisticated countries in the region when it comes to online threats from the state’s angle. SMEX has witnessed these threats even before the Arab Spring took place in 2011, making Bahrain one of the first countries to adopt this practice. Moreover, a number of laws have been put into place that, for example, may criminalize individuals that “likes” a certain Tweet on Twitter or follows a certain social media page. Najem said that, unfortunately, it will not get better in the short term as these online threats continue to expand and grow more complex. From a policy angle. Najem proposed (1) building coaliations on the issue of privacy and digital security not only in the region but around the world; (2) checks and balances against the companies selling these technologies; and (3) taking legal action, though not easy, may pressure these companies to change through courts domestic and abroad.

Emna Mizouni began with a comparison between Tunisia and Bahrain in that the Tunisian police forces would use these technologies like Pegasus to monitor protestors’ activity online and then try to suppress any sort of political mobilization. In both situations, in Tunisia and Bahrain, however, Mizouni said it is clear that it is a huge threat against HRDs and their personal lives. She also seconded Najem in that a coalition is necessary between the actors and players in the region of digital security to put pressure on governments to stop misusing these technologies. Recently, she has been working on a project with SMEX, where they discovered a surprising amount of surveillance taking place within social media and the targets were persecuted, often for things that were unrelated to what they were posting. It is needed, then, for international pressure, including from the United Nations (UN), to at minimum limit these technologies and stop the misuse of them.

On the biggest challenge in creating such a coalition with international pressure, Mizouni replied that there is no lack of expertise, as evident by the panel, on digital security in the region. What is needed is not only the knowledge to navigate the international community, but for all parties to put in the effort and energy to make something like this happen. Al-Maskati pointed out that there is no regional mechanism to turn to with issues like this in comparison to European and African mechanisms. Najem was concerned about the fast adoption of new technologies in the region, including with artificial technology and smart cities, and countries in MENA that are investing in social media platforms like Telegram and Twitter.

In wrapping up the event and on the usage of spyware in the name of national security, Mizouni highlighted that these technologies may be made possible with the help and assistance of foreign countries. For example, surveillance cameras in Tunisia were given by Japan for national security reasons. And because these transactions often occur behind closed doors, NGOs and civil society cannot hold them accountable and bring about transparency. Al-Maskati suggested a reevaluation of the meaning of national security. He brought up INTERPOL as an example in that governments may try to use INTERPOL to target HRDs, arrest them, and prevent them from crossing borders all in the name of national security. Najem explained that there is no short-term solution to the threats HRDs face because the issue is multifaceted, and we just have to continue pushing forward.

View the entire live stream on YouTube.