Amnesty International Spyware Investigation Reveals Outdated View of Morocco
Amnesty International’s latest investigation into the use of
NSO Group’s Pegasus spyware in Morocco revealed more about myopia and political
bias within the organization than about alleged human rights abuses in Morocco.
The NGO’s focus on Morocco in the investigation into
Israel’s NSO Group and the international use of its spyware ended up shining
the spotlight on the NGO itself and its myopia when it comes to human rights
violations in certain countries. The report also revealed that, while the rest
of the world has kept turning, Amnesty International appears to be stuck in the
early 1990s as far as its view of Morocco is concerned.
The investigation views Morocco as frozen in time, still
making the same mistakes and living the same struggles as it was 30 years ago.
However, Morocco has made significant, tangible progress in its human rights
record over the past decades.
This said, no country is beyond reproach. Setbacks happen,
as we have seen in the US over the past weeks. Morocco, though by no means
perfect in its human rights record, deserves to be seen through the
contemporary, impartial lens Amnesty claims it uses to evaluate all countries.
Damning rhetoric
On June 22, the human rights group released the findings of
an investigation into Morocco’s alleged use of NSO spyware to “harass”
journalist and activist Omar Radi.
“The organization found that Omar Radi’s phone was subjected
to multiple attacks using a sophisticated new technique that silently installed
NSO Group’s notorious Pegasus spyware,” the report reads.
Amnesty International then outlines how and when Moroccan
security services allegedly hacked Radi’s phone using the NSO spyware,
specifically through “network injections” which allow cyberattackers complete
access to the victim’s calls, camera, microphone, messages, emails, and other
applications.
The NGO states that: “Forensic data extracted from Omar
Radi’s phone indicates network injection attacks occurred on 27 January, 11
February, and 13 September 2019.”
Within the June 22 report, there are no gray areas: Amnesty
International is clear that Moroccan authorities used the Israeli spyware,
claiming that the evidence speaks for itself. However, the report also states
that the malware leaves few traces and is “notoriously difficult to spot.”
Meanwhile, a source within the Moroccan security services
told Moroccan newspaper Le360 that “The Moroccan [security] services have no
relationship with the Israeli company NSO and do not use the Pegasus software.
The entire Amnesty International report on this subject was erroneous and
without foundation.”
The document quotes Deputy Director of Amnesty Tech, Danna
Ingleton. Illustrating Amnesty International’s outdated view of Morocco,
Ingleton sees the investigation as an open and shut case.
“The Moroccan authorities are increasingly using digital
surveillance to crack down on dissents. This unlawful spying, and the wider
pattern of harassment of activists and journalists must stop,” she said,
sharing no evidence to back up the allegations.
She classed the “forensic data” cited in the report to prove
one alleged hacking incident as “chilling evidence” that Morocco consistently
uses the spyware to “attack” and “harass” journalists and activists.
On top of this damning rhetoric, the report makes the
unsubstantiated claim that Morocco continues to “use the [Pegasus] technology
to track, intimidate and silence activists, journalists, and critics.”
Despite the fact that Morocco categorically denies the
allegations and, as a rule, does not share diplomatic relations with Israel
which would complicate any government contract, for Amnesty International
Morocco’s guilt is “chilling” and unquestionable.
The NGO wasted no time in harking back to 1990s Morocco,
roundly condemning the Moroccan government, not only for the Omar Radi hacking,
but for “continued” abuses for which they provided no evidence.
Morocco World News contacted Amnesty International’s media
office by telephone and email for comment but has not yet received a response.
Moroccan newspaper Le Desk quoted a Moroccan security
services official who clarified Morocco’s current position on the use of
spyware.
“For us, citizens like the one cited in the report [Omar
Radi], who are not radicalized, and do not represent even a tiny threat to the
security of the country do not justify the money or technology such
surveillance would require,” the source said.
The source also emphasized the Moroccan government’s opinion
of journalist Radi, saying: “We do not consider his [Radi’s] public expressions
of opinion as an act of subversion meant to stir social unrest, it represents
diversity in opinions.”
Blurred lines and inaccuracies
In the June 22 report, Amnesty International claims that:
“For network injections, the attacker requires either physical proximity to the
targets or access over mobile networks in the country which only a government
could authorize, a further indication that the Moroccan authorities were
responsible for the attack against Omar Radi.”
Experts in the tech field argue that tracing the origins of
network injections is far from as simple as Amnesty International suggests in
the report. The process of tracking and identifying both the presence and use
of Pegasus spyware is liable to inaccuracies, meaning that Amnesty
International’s claims that the Moroccan government had any involvement in, or
even awareness of, the hacking of Omar Radi’s cell phone are unsubstantiated.
A tech expert explained to Francophone news outlet Le360
that “each move leaves a trace to identify it. IP is the equivalent of the
certificate of residence for this act,” meaning that Amnesty International
researchers could have traced messages infected with spyware that Radi received
prior to 2018 through the telephone operator, thus proving whether or not the
Moroccan government was behind the hack. The Amnesty International report makes
no mention of this and its links between the Moroccan government and the hack
are largely unsubstantiated.
A 2018 investigation by researchers at the University of
Toronto in Canada revealed that Pegasus spyware was active in 45 countries. Use
of the spyware was prevalent in the Gulf states, the UK, the US, France,
Greece, and a number of other countries.
The report emphasizes that the “findings are based on
country-level geolocation of DNS servers, factors such as VPNs and satellite
Internet teleport locations can introduce inaccuracies.”
The research found that operators using spyware were active
in several Gulf states: “In total, we identify at least six operators with
significant GCC operations, including at least two that appear to predominantly
focus on the UAE, one that appears to predominantly focus on Bahrain, and one
with a Saudi focus.”
Saudi Arabia, according to the research by the Canadian
university, was using the spyware on targets across the Middle East and in
Europe and was actively “seeking to execute five nonviolent human rights
activists accused of chanting slogans at demonstrations and publishing protest
videos on social media.”
Meanwhile, an operator in North Africa appeared “to focus on
Morocco” but “may also [have been] spying on targets in other countries
including Algeria, France, and Tunisia.”
The research report suggests that, while it is possible to
identify the location of operators, it is not possible to confirm with any
accuracy who is behind the use of the malware. Furthermore, one operator can
target information sources in different countries and is not dependent on the
government or authorities for access to mobile networks through the use of
VPNs.
Myopia and bias
Considering the global prevalence of the use of Pegasus
spyware, Amnesty International’s use of damning rhetoric in the June 22 report
reveals a clear and concerning myopia and bias as far as Morocco is concerned.
The human rights NGO was quick off the mark to condemn the
Moroccan government for allegedly using the spyware, but has been remarkably
quiet on the subject of other states using the Israeli software.
After strongly criticizing the Moroccan authorities for
their alleged involvement in the cyberattack on Radi, the Amnesty International
report briefly cites other countries where the NSO Group’s software has been
detected.
“Amnesty International and others have documented a pattern
of NSO Group’s Pegasus spyware being used to target civil society. The spyware
has been used in attacks on journalists and parliamentarians in Mexico; Saudi
activists Omar Abdulaziz, Yahya Assiri, Ghanem Al-Masarir; award-winning
Emirati human rights campaigner Ahmed Mansoor; an Amnesty International staff
member; and allegedly, used in connection with murdered Saudi dissident Jamal
Khashoggi,” the report reads.
There is no mention of the use of spyware in Israel, the US,
the UK, or France. And, while the NGO is calling for Israel to control and curb
the export of the spyware in order to stop the malware from being used to
infringe human rights, there is no evidence that Amnesty International has
investigated whether the Israeli government is using the NSO Group software
outside counterterrorism. There have also been no specific country reports on
the use of NSO Group malware in the UAE of Saudi Arabia.
Though Amnesty International has a very sharp vision in its
assessment of Morocco and other “repressive” states, myopia has set in where
certain other states are concerned. And, while the NGO claims to be
independently funded and standing impartial, apart from international
governments, an examination of the facts at hand indicates Amnesty
International’s inherent bias is rooted in dollars.
Influence through funding
A 2017 report by the Reseau International unveiled the truth
behind the NGO’s finances, and through them, the roots of Amnesty
International’s selective blindness. The report shows that Amnesty
International received funding from the “National Foundation for American
Democracy (NED), which is officially funded by the United States Congress,
through the budget of the United States Agency for International Development (USAID).”
The Reseau International report explains that the NGO is far
from transparent in terms of access to information, and that information about
donors is increasingly difficult to access. “Today, it is almost impossible to
find direct evidence that in 2008, the Israeli branch of Amnesty International
accepted a donation of NIS 130,186 from the State Department of the United
States government,” the report notes.
The Royal Netherlands Embassy in Israel, the UK government’s
Department for International Development (DFID), the US government, through
other associations, and the Norwegian Telethon, among other Western government
sources, all appear on the list of Amnesty International donors.
A June 2012 report by NGO Monitor documented Amnesty
International’s finances and directly questioned the human rights NGO’s claims
of impartiality.
Closer inspection of Amnesty International’s funding prompts
a number of questions.
Which donor is behind the NGO’s anomalous lack of coverage
of human rights violations in Egypt? Who benefited from Amnesty International’s
position on NATO’s intervention in Libya in 2011? Why does mistreatment of
migrant workers in Qatar warrant more scrutiny than the appalling treatment of
domestic workers in other Gulf states?
While protecting and preserving access to human rights
across the globe is a vital mission and one that every government should stand
firmly behind, Amnesty International’s myopia when it comes to certain
countries and crises and intense, outdated views where others are concerned
undermines its goals.
Through condemning Morocco so openly in the recent Pegasus
report, Amnesty International has shown all too starkly that a clear-sighted
and impartial investigation is needed within its own ranks in order to rescue
the remaining vestiges of its transparency and credibility.
Comments
Post a Comment