Challenging Spyware Hacking by NSO Group, the UAE & Saudi Arabia
In partnership with
GLAN has partnered with Bindmans LLP to set in motion legal action in the UK in respect of mobile phone hacking by foreign states using potent spyware known as ‘Pegasus’. Pegasus spyware is made by an Israeli surveillance company called NSO Group which has sold it under licence to a number of foreign governments – many of whom have then used it to unlawfully target world leaders, human rights activists and journalists. GLAN and Bindmans conducted a 6-month legal and forensic investigation assisted by independent technology experts Reckon Digital and computer surveillance expert Dr. Bill Marczak of Citizen Lab and UC Berkeley. Following the investigation, we have formally put NSO Group, the UAE and Saudi Arabia on notice that three UK-based civil society leaders and human rights activists intend to sue them in the High Court of England & Wales for breach of their privacy rights.
NSO Spyware
Pegasus spyware is made by an Israeli surveillance company called NSO Group which has sold it under licence to a number of foreign governments – many of whom have then used it to unlawfully target world leaders, human rights activists and journalists.
The PEGASUS FILES
The use of Pegasus spyware by rogue states to target their political opponents came to prominence in mid-2021 through The Pegasus Project expose: an investigation led by Amnesty International’s Security Lab and a consortium of investigative journalism outlets across ten countries coordinated by Forbidden Stories. The investigation centred on a leaked batch of 50,000 telephone numbers believed to be ‘people of interest’ identified by state clients of NSO Group who had purchased a licence for Pegasus spyware. compliance.
OUR CASE
In April 2022, following legal and forensic investigations into the use of Pegasus spyware against prominent individuals in the UK GLAN and Bindmans supported three UK-based individuals who were targeted to initiate legal action in England against NSO Group, the UAE and Saudi Arabia for breaching their rights under the General Data Protection Regulation or Data Protection Act 1998, misused their private information, harassment and trespass to their devices.
Legal Case
GLAN and Bindmans have worked together for several months to conduct detailed legal and forensic investigations into the use of Pegasus spyware against prominent individuals in the UK. We have now supported five UK-based individuals who were hacked using Pegasus software to initiate legal action in England against NSO Group, the UAE and Saudi Arabia. They are Dr Azzam Tamimi, a British-Jordanian journalist, academic, and political
activist of Palestinian heritage; Anas Altikriti, a prominent political advisor, commentator, and hostage negotiator, who is the founder and CEO of The Cordoba Foundation; Mohammed Kozbar, the Chairman publicly renowned for reforming and leading the Finsbury Park Mosque in London; Yusuf al-Jamri, Bahraini activist; and Yahya Assiri, the former Secretary General of Saudi Arabian pro-democracy opposition party the National Assembly Party (NAAS) and founder of both ALQST for Human Rights, which tackles human rights violations in Saudi Arabia, and Diwan London, a discussion hub focused on the Arabian Peninsula and aimed at consolidating the values of justice and freedom.
The claimants allege that NSO Group and its foreign state clients, the UAE and Saudi Arabia, have misused Pegasus to target their phones, breaching their rights under the General Data Protection Regulation or Data Protection Act 1998, misused their private information, and are also liable for harassment and trespass to their devices.
The five individuals who have already begun legal action are part of a larger group of individuals who may also have been targeted, including a member of the UK House of Lords, human rights activists, prominent academics and leaders of civil society organisations.
The use of Pegasus spyware by rogue states to target their political opponents came to prominence in mid-2021 through The Pegasus Project expose: an investigation led by Amnesty International’s Security Lab and a consortium of investigative journalism outlets across ten countries coordinated by Forbidden Stories. The investigation centred on a leaked batch of 50,000 telephone numbers believed to be ‘people of interest’ identified by state clients of NSO Group who had purchased a licence for Pegasus spyware.
Pegasus spyware is purportedly intended to be used only for national security or law enforcement purposes but has frequently been used by a number of states to unlawfully target political opponents. Despite NSO Group claiming to carry out a due diligence process and demand human rights compliance from potential state clients, it has continued to provide Pegasus to states with an extremely poor human rights record, including the UAE and Saudi Arabia.
Pegasus spyware is so sophisticated that it can be installed without the owner of the phone even being aware that this is happening. Once installed, it gives the foreign state the ability to secretly and remotely carry out a sweeping range of functions on the target’s phone – such as exfiltrating data including location data, emails, calendar items, contacts, photos and videos, and even activating the camera and microphone to covertly record. It is able to bypass the encryption of messages in apps such as WhatsApp and Signal.
This represents a staggering breach of privacy. Where the individuals targeted with Pegasus spyware are human rights defenders and activists it intensifies the danger of their work, putting them and others with whom they work at risk of further targeting and retaliation by the very authoritarian governments they seek to challenge. In many cases, those individuals have fled the reaches of those governments due to their work and the misuse of this technology unacceptably supports the efforts of those governments to reach across borders to silence them. The United States has blacklisted NSO Group as a result and Members of Parliament in the UK have written to Prime Minister Boris Johnson to ask him to do the same.
Team and Partners
GLAN’s work is led by Siobhan Allen and Dearbhla Minogue.
The Bindmans team is led by Tamsin Allen, Monika Sobiecki and Tayab Ali, with Richard Hermer QC, Ben Silverstone and Darryl Hutcheon of Matrix Chambers instructed as counsel.
Reckon Digital and Bill Marczak are providing digital imaging and forensics support.
Media
Documents
“It's bad enough to realise that my device was hacked and that I was spied upon, but to realise that the party responsible for such a heinous intrusion on my privacy was a foreign authoritarian government accused of gross human rights abuses and violations, is simply horrendous. If nothing else, one's privacy is sacrosanct, particularly when engaged in work that affects the lives of others, and the UAE government violated that leaving me to wonder who and how others were impacted as a result.”
Anas Altikriti, one of the individuals bringing legal action
Take Action
GLAN is committed to pursuing all available avenues to obtain justice for those that have been affected and, more widely, achieving legal recognition that the global misuse of spyware across borders is dangerous, unlawful, and currently operating with impunity.