PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 1

Digital Violence: How the NSO Group Enables State Terror

Interviews conducted with targets of , as well as lawyers and investigators of NSO worldwide

Supported by and The Citizen Lab, Forensic Architecture’s Digital Violence investigation is a multidimensional study of the global use of the malware Pegasus made by Israeli cyber- surveillance company NSO Group, which has infected the phones of human rights defenders worldwide.

The project consists of three parts:

1. A navigable, digital platform that offers the most comprehensive database to date of the reported infections of the phones of activists, journalists and human rights defenders worldwide using NSO Group’s Pegasus malware. Across over a thousand datapoints, the platform shows how digital infections are entangled with violence in the physical world—break-ins, harassment, intimidation and murder—and how infections spread within professional and personal networks.

2. Video investigations that tell the stories of human rights defenders from around the world reportedly targeted by Pegasus, the extreme psychological effects of being hacked, as well as the intimidation and harassment against them, their families and colleagues.

3. An interactive diagram and video presenting new research into the corporate affiliations of NSO Group. Based on reports by Amnesty International, open source research, and leaked documents, we reveal how private investment enable the proliferation of digital surveillance, likely including the sale of Israeli-made to Saudi Arabia, the United Arab Emirates and the United States. PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 2

The platform includes sound design by composer Brian Eno. The video investigations are narrated by Edward Snowden. A new film directed by Laura Poitras, documenting the ‘making of’ this project is on show at the NBK gallery in Berlin and will be screened in the 2021 Cannes Film Festival.

Context

Forensic Architecture’s interest in the NSO Group dates back to 2017, when reporting by The Citizen Lab revealed that members of Centro Prodh, our collaborators in investigating the disappearance of 43 students from Ayotzinapa, Mexico, had been hacked using Pegasus.

The investigation into NSO Group began two years later, when Forensic Architecture learnt that our close associates, members of the legal team leading a suit against NSO on behalf of a number of human rights defenders, were informed by WhatsApp in 2019 that their phones had also been infected.

While reporting on this issue incrementally exposed new cases of infection, we undertook this project in order to provide the public, researchers and the legal team with a general tool to explore relations among the full spectrum of NSO-related activities worldwide.

First detected by Citizen Lab, the NSO Group’s Pegasus malware has reportedly been used since at least 2015, in at least 45 countries worldwide, to infect the phones of activists, journalists and human rights defenders. NSO has yet to confirm a single state or corporate client, and continues to receive security export licenses from 's Ministry of Defense for the sale of Pegasus—despite being challenged in Israeli and international courts.

PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 3

The Outputs

1. The Platform

The data for the project is based on fifteen months of open source research, dozens of human rights reports including The Citizen Lab and Amnesty International’s exposure of NSO-related hacks, legal files, hundreds of news reports, and dozens of interviews with people targeted using Pegasus. Over a thousand datapoints convey information about export licenses, alleged purchases, digital infection attempts, and events in the physical world related to the individuals reportedly targeted, such as intimidation, assaults, defamation, and even murder.

Forensic Architecture developed bespoke open-source software to present this data as an interactive 3D platform, organized by time and according to the documented fields of NSO’s operation—including Mexico, the United Arab Emirates, Saudi Arabia, Morocco, Rwanda, , Spain and Togo—as well by the individuals targeted. The platform will be updated as our investigation continues.

Key Findings

The infections enabled by NSO’s Pegasus malware that were exposed by The Citizen Lab and Amnesty International likely form only a part of a far more expansive deployment against civil society actors across the world. However, the data collected does already suggest possible patterns in the ways that digital targeting using Pegasus operates: PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 4

1. Digital infections do not target civil society actors as individuals, but rather networks of collaboration. Our platform shows that in Mexico, Saudi Arabia, and India digital targeting (blue dots) starts with one person, before their professional networks are targeted within a similar time period. In each of these examples, the use of Pegasus occurs after or during periods where these civil society networks expose or confront controversial or criminal state policies.

1a. Digital targeting of Carmen Aristegui extends later to 1b. Digital targeting of Indian human rights lawyers Nihalsing include her colleagues and son, one month after their major Rathod extends to include Shalini Gera and Surendra Gadling, exposure of corruption by the Mexican President. and their associate and client Anand Teltumbde, a Dalit-rights scholar and activist, within the same few months.

2. Digital infections of civil society groups occur alongside other forms of violence experienced in the physical world. Cyber-surveillance is consistently entangled with a spectrum of physical violations, including break-ins, intimidation, assaults, arrests, lawsuits and smear campaigns, and murder, in the case of prominent Saudi journalist , whose friends and colleagues were targeted by Pegasus.

2a. Maati Monjib’s digital targeting in Morocco (in blue) 2b. Carmen Aristegui’s digital targeting (in blue) in Mexico interlaced with constant forms of physical violence and entangled with break-ins to the offices of Aristegui Noticias, psychological intimidation, including against his family and intimidation, lawsuits and smear campaigns (in red). colleagues (in red).

PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 5

3. Digital targeting extends the reach of state power to include human rights dissenters in exile, while also physically targeting their colleagues and families in their home country.

3a. Omar Abdulaziz is targeted using Pegasus while in exile in 3b. All Rwandan opposition activists were living abroad when Montreal, after which two of his brothers are arrested in targeted by Pegasus in 2019, with Faustin Rukundo’s wife Saudi Arabia. having earlier been arrested by Rwandan authorities and held incommunicado.

4. Private investment in NSO Group has expanded its ‘corporate network’, likely enabling the sale of Pegasus to governments with which Israel had no official relations at the time. These sales appear to be precursors to the normalization of relations with Israel, leading to the proliferation of digital targeting and a rise in human rights violations.

4a. Saudi Arabia’s purchase of Pegasus in 2017 was reportedly 4b. Leaked documents reveal that NSO Group’s affiliate Circles enabled by another of NSO’s affiliate companies—Q Cyber Solutions reportedly enabled the sale of malware to the Technologies SARL, based in Luxembourg—after which a United Arab Emirates in 2016, with whom Israel had no official purge within Saudi was supplemented with a digital spying connections at the time. Since this reported purchase, the UAE campaign in 2018 targeting Saudi dissenters abroad. Analysis has hacked the devices of dozens of human rights defenders of corporate documents provided by Amnesty in this project and reportedly developed its own cyberweapons in close suggest that Saudi purchases of Pegasus licenses may have collaboration with the Israeli cybersecurity industry. been what contributed to Q Cyber’s jump in profits from $24,738,462 in 2016 to $169,214,909 in 2019.

2. The Pegasus Stories: Interviews with Targets PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 6

Using data from the platform and first-hand interviews (conducted with Laura Poitras) with reported targets and investigators of NSO’s spyware, Forensic Architecture’s video series, The Pegasus Stories, reveals how digital infections are part of a toolkit of actions targeting the work of civil society around the world.

Narrated by Edward Snowden, the NSA whistleblower and President of Freedom of the Press Foundation, these videos tell stories of journalists, opposition figures, human rights defenders and activists—including prominent Mexican journalist Carmen Aristegui, Saudi human rights defender Yahya Assiri, Moroccan historian and journalist Maati Monjib, and the investigators and lawyers pursuing accountability for reported misuse of NSO’s spyware.

These short films are the first to tell the stories of civil society actors targeted by Pegasus, describing in detail the experience of being surveilled as a personalised terror that exacts a psychological toll within networks of collaboration and friendship, as well as their resistance and perseverance in the face of this terror.

Quotes from interviews:

Father Pierre Marie-Chanel Affognon, Togolese Priest targeted by Pegasus: “It’s exactly as if you were put in front of people and stripped naked and forbidden from protecting your nudity… It’s a violence, it’s a violence.”

Salvador Camarena, Mexican journalist targeted by Pegasus: “They are threats and with time passing you realise that you have fear, living a new form of stress…. [I]t takes months to develop the consequences: the stress, the lack of sleep....” PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 7

Shalini Gera, Indian human rights lawyer targeted by Pegasus: "It gives a sense of vulnerability that I didn't have before, just the fact that it's not only my work communications...they can have access to my password, all my financials, everything about people close to me….”

Interview with Mazen Masri, lawyer suing NSO Group on behalf of targeted human rights defenders: “It is like somebody sitting in your mind because of our relationship with our phones today…. Now, imagine all of this is mediated through somebody who wants to harm you.”

3. NSO Group’s Corporate Network

Consulting Amnesty International’s report tracking investment in NSO and its corporate structure, along with news sources and leaked financial documents and reports, Forensic Architecture has reconstructed the corporate network within which the NSO Group is nested. This video investigation and chapter within our interactive platform suggests ways in which affiliates of NSO Group based in other countries likely enabled the contracting of licences on NSO’s behalf for its spyware, so as to facilitate its access to state markets in Saudi Arabia, the United Arab Emirates and the United States—countries to which NSO would otherwise not have access.

//////

As part of the investigation, Academy Award-winning filmmaker Laura Poitras made an accompanying short film documenting the ‘making-of’ the investigation. The film, titled Terror Contagion, is on show at Berlin’s NBK gallery, and will premiere at the Cannes Film Festival in July 2021 as part of an anthology of short films produced by NEON, and executive produced by renowned filmmaker Jafar Panahi, who also directed a short film for the anthology.

Composer Brian Eno has joined with Forensic Architecture to create a work of data sonification to the digital platform. The audio is based on software that translates data points into modulated sounds.

Quotes

Eyal Weizman, Director of Forensic Architecture said: “NSO Group’s Pegasus spyware needs to be thought of and treated as a weapon developed, like other products of Israel’s military industrial complex, in the context of the ongoing Israeli occupation. It is disheartening to see it exported to enable human rights violations worldwide.”

Shourideh C. Molavi, Forensic Architecture’s Researcher-in-Charge said: “The investigation reveals the extent to which the digital domain we inhabit has become the new frontier of human rights violations, a site of state surveillance and intimidation that enables physical violations in real space.” PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 8

John Scott-Railton, Senior Researcher at The Citizen Lab, said: “This is the first global mapping of victims and targets of NSO spyware, and promises to be an essential resource for those seeking to understand the harm of the global proliferation of this shadowy spyware.”

Danna Ingleton, Deputy Director Amnesty Tech. at Amnesty International, said: “For years, NSO Group has shrouded its operations in secrecy and profited from working in the shadows. This platform brings to light the important connections between its actions and the devastating harms inflicted upon human rights defenders and civil society. States must stop shirking responsibility and implement a moratorium on the sale and transfer of surveillance equipment until a proper human rights regulatory framework is put in place.”

Laura Poitras, filmmaker and journalist said: “The outsourcing and privatization of nation-state level surveillance technology is terrifying, and NSO’s cyber-weapon Pegasus is a cautionary tale about what can and will go wrong.”

Edward Snowden, President of Freedom of the Press Foundation, said: “The NSO Group is the worst of the worst in selling digital burglary tools to players who they are fully aware actively and aggressively violate the human rights of dissidents, opposition figures, and journalists."

About Forensic Architecture

Forensic Architecture (FA) is a pioneering investigative research agency based at Goldsmiths, University of London. Since 2010, FA has developed original and ground-breaking investigative techniques and deployed them in over seventy bold and impactful investigations. FA works to pursue accountability for state and corporate violence alongside the affected communities, activists, legal teams, major media outlets and NGOs. www.forensic-architecture.org // for more information please contact: [email protected]

About Amnesty International

Amnesty International is a movement of 10 million people which mobilizes humanity in everyone and campaigns for change so we can all enjoy our human rights. Our vision is of a world where those in power keep their promises, respect international law and are held to account. We are independent of any government, political ideology, economic interest or religion and are funded mainly by our membership and individual donations. We believe that acting in solidarity and compassion with people everywhere can change our societies for the better. https://www.amnesty.org/en/ // for more information please contact Amnesty International Media Manager, Technology and Human Rights at: [email protected]

PRESS NOTES - EMBARGOED UNTIL 3 July 2021 8pm CET 9

About The Citizen Lab

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of , focusing on research, development, and high-level strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security. We use a “mixed methods” approach to research combining practices from political science, law, computer science, and area studies. Our research includes: investigating digital espionage against civil society, documenting Internet filtering and other technologies and practices that impact freedom of expression online, analyzing privacy, security, and information controls of popular applications, and examining transparency and accountability mechanisms relevant to the relationship between corporations and state agencies regarding personal data and other surveillance activities. https://citizenlab.ca/ // for more information please contact Miles Kenyon, Communications Specialist at: [email protected]

The CyberPeace Institute contributed additional coding support for the website and platform.