5 thoughts about the Pegasus Project investigation into NSO Group | Hill+Knowlton Strategies

This week the EU Commissioner called for urgent action on Pegasus spyware, stating that any indication of intrusion should be investigated by every member of the EU for a possible breach to be brought to justice.

It was one of the biggest stories this summer – and yet with the churn of news cycles and so much going on in the world, it soon faded. But with such major ramifications, it should remain on our radar. Here’s our recap with key thoughts to consider.

What’s the story?
In July 2021, 17 major media organisations around the world published the findings of a painstaking investigation into the extent of surveillance spyware used to monitor targets via their smartphones.

The list of those suspected of being targeted by the Pegasus spyware, created by NSO Group, included politicians and heads of state, journalists, human rights campaigners and more. The powerful spyware enables its users to monitor many elements of a person’s communications, including the phone’s precise location, the content of encrypted messages and even operating the microphone remotely to turn the handset into a listening device.

The response was shock and widespread outrage, and the issues at the heart of the debate around privacy continue to run and run. It’s a highly complex space and there is much to consider, but here are five quick thoughts:

Balancing interests of national security and personal privacy is hard
Part of the problem for politicians and tech companies is that it’s hugely unpalatable for encrypted platforms to be seen to provide safe havens for terrorists, child abusers, drug dealers and more. At the same time, it’s impossible to adequately weigh this cost against the benefit of personal privacy for billions of the world’s citizens. That the two things are incompatible presents a huge challenge for governments and tech companies alike.

Who should control who gets their hands on powerful surveillance technology?
Is it correct or appropriate for a private, profit-making company to be the arbiter of who can buy and use surveillance technology? When decisions are motivated by commercial interests, this creates an obvious incentive to deal with rogue states or authoritarian governments. So what customers and use cases do we deem acceptable? Hacking terrorists = good, hacking journalists/politicians = bad? Who should decide, and how?

There is no such thing as a workable backdoor into encryption
As security professionals and technologists are no doubt bored of telling politicians the world over, there is no such thing as a ‘backdoor’ into encryption for law enforcement. Any such method would fundamentally weaken encryption, damaging personal privacy for everyone who uses such services. The investigation into the Pegasus spyware is a powerful demonstration of what happens when governments find ways to attack and diminish citizens’ privacy.

Protecting journalism and journalists is more important than ever
It’s worth remembering that the widespread use of the Pegasus spyware only came to light as the result of a painstaking investigation by a number of major media outlets and highly skilled investigative reporters. A sizeable number of the phones suspected of being infected with the Pegasus spyware belong to journalists. It’s vitally important for democracy that journalists and media organisations are able to do their jobs and hold governments to account without fear of reprisals.

The encryption battle will rumble on
As new developments from the Pegasus Project reporting continue to emerge, it’s clear that we are no closer to resolving the battle between the right to personal privacy and the interests of law enforcement and governments. Though it will have been in development for some time, Apple’s latest anti-child sexual exploitation announcement can be seen as an attempt to find a way to tackle crime without eroding personal protections and the privacy on which Apple has built and marketed its ecosystem. Apple will hope this latest development is something of a middle ground, but the early reaction from privacy campaigners and academics has been broadly negative.

Part of the problem with privacy is that it’s Pandora’s box: damage to privacy is irreversible. Amnesty International called the Pegasus Project’s findings “a global concern” and stated that “anyone and everyone is at risk.” The Pegasus Project revelations should remind us just how precious privacy is.

John Machin

Director, Technology

London

A view from the Mersey at the Labour Party Conference

Conservative Party Conference 2023: Key takeaways

Drive to Thrive: How IAA Ushered in a New Era of Driving

The Starmer Squad takes shape

Connecting the dots: The Winser Review and delivering the energy transition

NEWS: Jenna Goldberg joins Hill+Knowlton Strategies London to strengthen built environment capability

Sunak avoids the triple threat, but is this really a springboard for Tory recovery?

Great British Nuclear: Do good things come to those who wait or are we waiting for the inevitable?

NEWS: H+K London and Tim Luckett recognised in Chambers & Partners’ Crisis & Risk Management Guide 2023

Meta just launched its Twitter rival, and guess what? It’s trending on Twitter.

Kicking the can down the road… why understanding the policy environment is essential for FMCG

The big issue: creating and defending a responsible workplace

The importance of the UK’s 3G switch-off

Cyber-crime: the crisis every business needs to prepare for

UK Local Elections: It’s Always A Local Issue

Energy policy: the battle lines are set

What the industry is excited about from the AI whitepaper

Who pays for the internet? The state of the UK telecoms industry

The Chancellor’s Budget – March 2023

John Machin

Director, Technology

London

Related articles

A view from the Mersey at the Labour Party Conference

Conservative Party Conference 2023: Key takeaways

Drive to Thrive: How IAA Ushered in a New Era of Driving

The Starmer Squad takes shape

Connecting the dots: The Winser Review and delivering the energy transition

NEWS: Jenna Goldberg joins Hill+Knowlton Strategies London to strengthen built environment capability

Sunak avoids the triple threat, but is this really a springboard for Tory recovery?

Great British Nuclear: Do good things come to those who wait or are we waiting for the inevitable?

NEWS: H+K London and Tim Luckett recognised in Chambers & Partners’ Crisis & Risk Management Guide 2023

Meta just launched its Twitter rival, and guess what? It’s trending on Twitter.

Kicking the can down the road… why understanding the policy environment is essential for FMCG

The big issue: creating and defending a responsible workplace

The importance of the UK’s 3G switch-off

Cyber-crime: the crisis every business needs to prepare for

UK Local Elections: It’s Always A Local Issue

Energy policy: the battle lines are set

What the industry is excited about from the AI whitepaper

Who pays for the internet? The state of the UK telecoms industry

The Chancellor’s Budget – March 2023

Conservative Party Conference 2023: Key takeaways 