Mexican journalist Carmen Aristegui listens beside Mario Patron, Director of Human Rights Center Miguel Agustin Pro Juarez (PRODH) during a news conference in Mexico City, Mexico June 19, 2017

© 2017 Reuters

(Cancun, Mexico) – Mexican authorities should ensure a prompt, thorough, and credible investigation into evidence that advanced spyware sold to the government targeted human rights defenders, journalists, and anti-corruption activists, Human Rights Watch said today. The government should hold accountable anyone found responsible for using the spyware against activists and journalists.

The New York Times reported on June 19, 2017 that the spyware had targeted lawyers working for the prominent human rights group Centro Prodh, which represents family members of the 43 students who disappeared in 2014 in Guerrero State and other abuse victims, an academic who advocated for anti-corruption legislation, and two influential journalists who exposed government corruption and abuse. The Mexican government has “categorically denied” it is engaged in surveillance of defenders, journalists, and activists without judicial authorization.

“It’s deeply disturbing that sophisticated cyberweaponry like this could be turned on ordinary citizens – and especially when these are rights defenders and journalists working to expose corruption and abuse,” said José Miguel Vivanco, Americas director at Human Rights Watch. “The Mexican government has denied responsibility, but they need to do much more to find who’s responsible and hold them accountable, and make sure this doesn’t happen again.”

It’s deeply disturbing that sophisticated cyberweaponry like this could be turned on ordinary citizens – and especially when these are rights defenders and journalists working to expose corruption and abuse.

José Miguel Vivanco

Americas director

Technical analysis published by Toronto-based research center Citizen Lab strongly indicates the attacks involved spyware called Pegasus, sold by Israeli cyber arms manufacturer NSO Group. Once a smartphone is infected with the spyware, NSO Group’s software allows government agencies to monitor all activity on the phone, including emails, files, contact lists, location information, and chat messages. The spyware also enables governments to secretly record audio or video using a phone’s built-in microphone and camera.

The invasive spyware was developed by the NSO Group, an Israeli surveillance technology firm that has contracts with multiple agencies within Mexico, The New York Times previously reported based on internal NSO Group emails. In response to media reports, the company has stated that it sells “only to authorized governmental agencies” and that agreements signed with customers require that its products “only be used in a lawful manner … for the prevention and investigation of crimes.” However, the NSO Group relies on the governments themselves to monitor its use.

NSO Group should investigate potential abuses of its product in Mexico and immediately cease all service and support to agencies where abuses are found, Human Rights Watch said.

Sales of powerful spyware remain under-regulated at the global level. There are insufficient national controls or limits on their export to prevent sales to governments that have used or are likely to use them to target and persecute government critics. There is also an urgent need for oversight and mechanisms to ensure that firms selling such tools are held accountable for abuses linked to their business, Human Rights Watch said.