In July 2021, in what is likely to be the spy scandal of the year, Amnesty International released a list of 50,000 phone numbers they claimed had been hacked by an advanced spyware program known as “Pegasus.” Many of the numbers belonged to journalists, activists, government officials, and even heads of state. Independent verification of some of these hacks has followed, confirming that at least some of the phone numbers on the list were compromised.
Although a version of Pegasus has been circulating for some years, its latest iteration was particularly worrying because it could penetrate a phone and extract information without an action by the owner. Most spyware relies on the user being tricked into using a malicious link, visiting a contaminated website, or downloading a viral attachment, so any spyware which circumvents this user input is extremely dangerous.
In one sense, however, the Pegasus hacks are unexceptional. We all know that governments and criminals are trying to penetrate our computers, especially if you have money, oppose a government, or work in an industry with valuable intellectual property. Large numbers of people are hacked and don’t know it, as a malicious entity is simply trying to retrieve data unnoticed, and huge numbers of people are physically raided for their computers. In such a context, Pegasus is only a tiny advance.
But Pegasus is emblematic of two worrying trends. First, the list of countries that may be using Pegasus includes such minor powers as Morocco. This is significant because it shows that a staggering level of surveillance potential is now available to countries with minimal technological bases. Second, the company that made Pegasus (NSO Group) claimed that it strongly vets all customers and does not sell to human rights abusers. That means the program is either stolen and available on the black market, or Israel sees no issue giving it to Saudi Arabia, Mexico or Kazakhstan (each of which was accused of using Pegasus). Both possibilities are troubling.
The fact that this software is readily available indicates that the movement towards the universal surveillance state is closer than many people realise. Previously, it was assumed that high-tech solutions to social control, such as facial recognition, tracking, hacking and data collation, would only be available to countries with advanced, indigenous technology industries. This is unlikely to be the case.
Programs such as Pegasus, along with commercially available facial recognition systems, will soon be paired with the increasingly ubiquitous mobile phones, even in the poorest countries, to create a level of monitoring that far exceeds anything possible in Orwell’s 1984. States with higher levels of investment in social control, most notably China, will doubtless maintain a lead in the number of deployable cameras and systems, but a base level of permanent monitoring and seamless hacking appears very achievable for any regime that tries.
Of course, part of this isn’t even about the power of spyware. Vast numbers of citizens happily allow their phone and attendant apps to log their location, and the surprisingly little fuss generated by COVID-19 sign-ins and vaccination proofs in some countries proves that many people think very little about their online anonymity or their phone vulnerability. Dictators, criminals, and state security operatives are primarily just leveraging our laziness and complacency.
In that sense, given the degree to which citizens themselves are helping the globalisation and penetration of the security state, we could logically suggest that citizens could simply get serious about their digital security and push back against this subversion of our technology. Unfortunately, by the time citizens feel threatened enough to do this, it will probably be too late. In fact, it probably already is.
The degree to which a hacker can ruin your life through simple access denial grows year on year, and the spread of phone usage among rich and poor alike means that malicious hacking is a weapon with near-universal applications. From social media to banks, to government services (such as the census or healthcare), the digitisation of society and its attendant services continues apace, as does data integration. Attending this digital growth has been a consolidation of platforms so that a single phone can be the source of one’s finances, identity, work and social life. It is a single point of attack and an extraordinary vulnerability.
Virtually all governments are pursuing policies that will entrench our dependence on such vulnerable platforms. Many worried people are currently moving towards end-to-end encryption apps, such as Signal. Unfortunately, this is a temporary fix. Never mind the ability of spyware to register keystrokes. When combined with the decryption potential of artificial intelligence or quantum computing, nothing will be hidden for very long. And as the availability of cameras and facial recognition grows, no one will be unseen and untracked.
This will be the world of activists and dissidents in years to come. The handwritten pamphlet may be the only semi-secure method of communication, and a face covering may be the only way to blend in. If China becomes emblematic of the digital dictatorship, many other regimes will be “China on the cheap.” They will have the same fundamental technologies and present the same basic challenge to freethinkers.
I would advise you to throw away your computer or laptop; however, you wouldn’t be able to read this article. So it is that I, too, play a part in building the open-air prison. I hope the food is good.