Last Sunday afternoon, The Guardian broke a momentous story in conjunction with more than a dozen other media organizations. The story detailed how the Pegasus malware provided by the The NSO Group, has been used by hostile governments to target journalists, political opponents and activists around the world, from the UAE to Hungary.
This spyware – designed according to the NSO Group in order to track terrorists and criminals – has now been associated with 50,000 phone numbers belonging to political activists, political opponents of authoritarian and repressive regimes, and over 180 journalists at media organizations including the Financial Times, Reuters, Associated Press and CNN. Among these names include Mexican Journalist Cecilo Pineda Birto, who was murdered at a car wash while investigating governmental corruption, and family and friends of the murdered Saudi Arabian journalist Jamal Khashoggi. While there is no indication that there was a direct correlation between these two deaths and their presence on the list, it is an indication of the kind of figures who have been identified as a result of this breach.
The NSO Group released a statement which says they do not have access to the data their clients access and act merely as technology providers. They also suggested that they will be working to investigate any misuse of their product.
This has opened up once again the age old questions of ethics in technology The NSO Group claims to run a detailed vetting process on every client before they sign a contract, but should they be engaged in more rigorous checks once these contracts are signed, to ensure that their product is not being misused?
These questions are ones that we see across the technology industry: If a tool is developed by the NSA, or by a ransomware developer (who creates the too, but does not use it), how much responsibility does the individual who created it bear for the unsavoury uses?
This same argument can be said to apply to Facebook, who provide a content platform with a reach that even the world’s largest media organizations could not hope to match, but do not attempt to face check much of the information espoused on this platform. Is this the responsibility of Facebook, or of the individual’s providing the content?
There are no easy answers to questions of ethics in technology. While we can clearly say the targeting of activists and journalists by hostile governments is wrong, the NSO group would argue that they are simply a technology company, whose responsibility ends at the point they provide this to a third party.
What we can say with confidence is that these issues are not going away: The Internet’s influence on our lives – personal, business and political – has increased exponentially over the course of the past decade, and will continue to do so. We will continue to grapple with issues of technology, and the ethical considerations of how they are applied will be among the defining arguments of our age.