cyber security

  • JORDAN: ‘Commercial spyware that enables digital repression and abuse must be completely banned’

    CIVICUS speaks with Access Now about their forensic investigation that exposed the use of Pegasus spyware to target activists and journalists in Jordan. Access Now is an international civil society organisation that works to defend and extend the digital rights of people and communities at risk.

    internet 1971623 1280

    What restrictions do Jordanian journalists and activists face?

    Over the past four years, the Jordanian government has dialled up its crackdown on the rights to freedom of association, expression and peaceful assembly. Journalists, human rights defenders, labour unions and activists are routinely harassed, detained and prosecuted under vague and draconian laws. In late 2022 and throughout 2023, several lawyers, journalists and activists were arrested in connection with protests or for their social media posts.

    Repression has deepened as a result of the new cybercrime law adopted in August 2023. This law threatens online freedom of expression on the basis of ambiguous and overly broad provisions about ‘spreading fake news’, ‘promoting, instigating, aiding or inciting immorality’, ‘online assassination of personality’, ‘provoking strife’ and ‘undermining national unity’. The law is now being weaponised to quash pro-Palestinian protests and activism in Jordan. Since 7 October 2023, hundreds of protesters expressing solidarity with Palestinians in Gaza have been detained and many others prosecuted under this draconian law.

    Our recent forensic investigation into the use of NSO Group’s Pegasus spyware in Jordan has revealed an additional layer of repression, with at least 35 people being targeted for no reason other than their peaceful political dissent and human rights advocacy.

    How’s spyware used, and who’s using it?

    In January 2022, Access Now and Front Line Defenders revealed that Pegasus spyware had been used to hack prominent Jordanian human rights lawyer Hala Ahed. Hala was hacked in March 2021, and it was an isolating and traumatic experience for her. Access Now then joined Citizen Lab to further investigate the use of Pegasus spyware in Jordan.

    Our joint forensic investigation uncovered a terrifyingly widespread use of Pegasus to target Jordanian media and civil society. We found traces of Pegasus spyware on the mobile devices of 30 activists, journalists, lawyers and civil society members. Further forensic analysis by our partners Human Rights Watch, Amnesty International’s Security Lab and the Organized Crime and Corruption Reporting Project identified five more Pegasus victims, bringing the total to 35.

    This is the largest pool of Pegasus victims uncovered in Jordan so far, but we believe actual numbers are much higher. We don’t know exactly who is behind these attacks because spyware manufacturers such as NSO Group make the identification of perpetrators of cyberattacks very hard.

    The NSO Group blatantly claims its surveillance technologies are crucial for governments to fight crime and terrorism. Conveniently, this is the same pretext used by dictators and repressive regimes to criminalise the work of journalists and activists and prosecute them under draconian counterterrorism and cybercrime laws. It’s a match made in hell, as a result of which activists and journalists are hacked, prosecuted, jailed, tortured and killed merely for exercising their rights or doing their job.

    What can activists and journalists do to protect themselves?

    Unfortunately, given their stealthy nature, there’s no bulletproof protection against spyware attacks. Zero click spyware doesn’t require any interaction between the software and the user of the hacked device. It basically exploits a vulnerability in the device’s software to infect it without the user’s knowledge.

    Still, there are some basic protection measures everyone should implement. For example, every time a vulnerability is discovered, Apple patches it, which means it’s important for users to ensure their device’s operating system is always up to date, otherwise the patch won’t apply. Activists can also enable the Lockdown Mode feature on their Apple devices, which seems to be helping protect at-risk users.

    How does Access Now hold governments and companies accountable?

    For years, Access Now and broader civil society have been campaigning for a global moratorium on the export, sale, transfer, servicing and use of targeted digital surveillance technologies until rigorous human rights safeguards are put in place. Commercial spyware that enables digital repression and abuse worldwide, such as Pegasus, must be completely banned. We are not there yet, but this is our baseline to rein in the surveillance tech industry.

    There have been some positive steps toward holding spyware companies accountable. For instance, a number of Israeli spyware outfits including NSO Group, Candiru and four Intellexa entities were added to a list of the US Department of Commerce that includes entities engaging in activities contrary to the USA’s national security or foreign policy interests. The latest addition to the list was the Canada-based firm Sandvine, blacklisted for enabling digital repression in Egypt. In February 2024, the US State Department also announced a new visa sanctions policy that will deny visas to anyone involved in, facilitating or deriving financial benefit from the misuse of commercial spyware around the world.

    Civil society plays a vital role in exposing how these shady companies profit from facilitating human rights abuses around the world and demanding accountability for violations and reparation to spyware victims. Its continued work is key to holding governments and spyware companies accountable.

    Civic space in Jordan is rated ‘repressed’ by theCIVICUS Monitor.

    Get in touch with Access Now through itswebsite orFacebook andInstagram pages, and follow@accessnow on Twitter.
  • NEPAL: ‘The TikTok ban signals efforts to control the digital space in the name of national sovereignty’

    GandakiPradeshCIVICUS speaks about the recentTikTok ban in Nepal with Anisha, provincial coordinator for Gandaki Pradesh at Body and Data.

    Founded in 2017,Body and Data is a civil society organisation promoting an accessible, safe and just digital space for all people in Nepal. Anisha, known by her digital name Aneekarma, oversees a project focused on online expression by women and LGBTQI+ people and leads Body and Data’s digital rights initiative in Nepal’s Gandaki province. 

    Why did the Nepali government ban TikTok?

    The government has cited multiple reasons for banning TikTok. It cited concerns about a rise in cybercrime, the disruption of social harmony – mainly due to the circulation of ‘vulgar’ content that ‘damages societal values’ – and TikTok’s perceived promotion of a ‘begging culture’, as content creators use it to seek money or gifts from their audience during live sessions. They also invoked the fact that the platform is being banned in some global north countries, although those bans normally apply only to government phones.

    Ultimately, it all boils down to an attempt to restrict freedom of expression. TikTok has grown to be a significant platform. It serves a diverse audience including housewives, older people, small business owners and entrepreneurs. Recently, people began using TikTok to voice opinions and exercise free speech against the authorities, provoking anger and fear among political leaders who have stepped up surveillance.

    How will this ban impact on digital rights?

    Nepal is a democratic country where freedom of speech and expression are fundamental, and the ban on TikTok has raised concerns about these rights being compromised. These concerns have been exacerbated by the government’s plans to introduce a separate bill aimed at tightening control over social media.

    The enforcement of the TikTok ban infringes on the basic rights of freedom of expression and access to information. The platform was used not just for entertainment and for small enterprises to promote their products and services but also as a channel to share diverse opinions, engage in creative expression and amplify the voices of excluded communities, particularly women.

    Bans on popular social media platforms add complexity to the ongoing international debate regarding digital rights. There are growing concerns surrounding the intersection of technology, free expression and governance in the digital age. The TikTok ban sparks discussions on the delicate balance between government regulation and individual liberties.

    What potential privacy or security concerns arise from users shifting to other platforms?

    Because of TikTok being banned, users have started to migrate to alternative platforms, which raises further privacy and security concerns. It is paramount that digital rights are safeguarded during this transition.

    User education and awareness campaigns on privacy and security best practices are needed to enhance digital literacy. Users must be confident that their personal information is well protected. Transparent data practices, including clear information on data collection and usage, are vital for building user trust and enabling informed decision-making.

    The influx of new users to alternative platforms may also introduce potential cybersecurity threats. Platforms should continuously invest in security measures such as encryption protocols, regular audits and prompt vulnerability fixes. It is also essential to implement user authentication and verification mechanisms to mitigate risks such as fake accounts and identity theft.

    The situation in Nepal raises additional concerns due to the government’s limited understanding of cybersecurity. The absence of consultation with experts before this type of decision is made poses severe risks, as evidenced by instances of people’s personal data being exposed and government websites being hacked.

    The TikTok ban only made the gap in the oversight of data privacy clearer. A comprehensive approach is required to address these issues, integrating technological measures, transparent policies, education initiatives and regulatory frameworks to ensure robust safeguards for user privacy and digital rights.

    What are the global implications of the growing trend of TikTok bans?

    The growing trend of countries considering or implementing bans on TikTok due to security concerns reflects a global unease surrounding potential risks associated with the platform. Often intertwined with geopolitical tensions, the TikTok ban signals broader government efforts to control the digital space in the name of national sovereignty. These bans underscore an intensified scrutiny of data privacy and security practices on digital platforms, with governments expressing reservations about the potential misuse of user data.

    This trend is reshaping the global tech landscape, prompting questions about the dominance of specific platforms and the role of international tech companies. Governments face a significant challenge in striking a delicate balance between encouraging innovation and implementing regulations to address security and privacy concerns.

    As users encounter bans on TikTok, they may migrate to alternative platforms, fostering increased competition and influencing user demographics and content trends. This trend emphasises the need for international collaboration on digital standards and regulations to address security concerns and establish a framework for responsible behaviour in the global digital arena.

    Ultimately, bans on TikTok carry broader implications for the future of digital platforms, shaping discussions on user awareness, advocacy and the delicate interplay between innovation and regulation in the evolving digital landscape.

    How can governments regulate platforms without compromising people’s rights to free expression and privacy?

    Governments face the complex challenge of regulating social media platforms to combat misinformation and disinformation while also safeguarding their citizens’ rights to free expression and privacy. Sophisticated strategies are required to achieve a balance between national security imperatives and global digital rights.

    Just as TikTok has established its own guidelines regarding harmful content, governments can collaborate with technology companies to define clear and transparent standards for social media conduct that do not compromise people’s right to express their opinions, but rather that counteract misinformation. It is crucial to implement robust fact-checking mechanisms and foster media literacy to empower users to distinguish between reliable and deceptive information.

    International collaboration to standardise regulations is key to preventing the infringement of digital rights across borders. The adoption of privacy-enhancing technologies, such as end-to-end encryption, preserves individual privacy while facilitating uninhibited self-expression. It is paramount to recognise that state-controlled surveillance and censorship directly threaten our freedom of expression. Rather than resorting to outright bans, governments should prioritise measures that address concerns about misinformation and privacy to strike a nuanced balance that safeguards fundamental rights.

    Civic space in Nepal is rated ‘narrowed’ by theCIVICUS Monitor.

    Get in touch with Body and Data through itswebsite orInstagram page,and follow@bodyanddata and@aneekarma on Twitter.

Sign up for our newsletters

Our Newsletters

civicus logo white

CIVICUS is a global alliance that champions the power of civil society to create positive change.

brand x FacebookLogo YoutubeLogo InstagramLogo LinkedinLogo

 

Headquarters

25  Owl Street, 6th Floor

Johannesburg
South Africa
2092

Tel: +27 (0)11 833 5959


Fax: +27 (0)11 833 7997

UN Hub: New York

CIVICUS, c/o We Work

450 Lexington Ave

New York
NY
10017

United States

UN Hub: Geneva

11 Avenue de la Paix

Geneva

Switzerland
CH-1202

Tel: +41 (0)79 910 3428