The House Intelligence Committee recently held an open hearing on commercial cyber surveillance, also known as “mercenary spyware.”
 
The hearing focused on new threats posed specifically by privately made, foreign-developed spyware that are bringing capabilities long associated with top-tier nation states to smaller countries and the private sector. PPSA has previously reported on one such foreign spyware, in particular the spreading “zero-click” Israeli-developed Pegasus.
 
Pegasus can transmit itself seamlessly into a smartphone without a single click or action from the victim. From there, it can watch you through your camera, listen to you through your microphone, copy your messages, record your calls, extract all your images, and follow your movements. In just a few years, Pegasus has been acquired by dozens of countries and entities, from Saudi Arabia to Mexican cartels, and has already been used to deadly effect against dissidents and journalists. It represents the most sophisticated and widely available form of spyware yet developed.
 
Among the hearing’s testimonials was John Scott-Railton, a senior researcher at The Citizen Lab of the University of Toronto's Munk School of Global Affairs & Public Policy. His testimony provided a stark picture to Congress:

• Mercenary spyware is a growing sector doing a robust global business.
  
  
• As a result, the number of states capable of sophisticated cyber warfare has expanded into the dozens.
  ​
• The United States is not immune from this threat. Dozens of U.S. officials have been compromised. Mercenary spyware has also been found in critical offices of major allies, including the office of the UK Prime Minister.

 
Railton testified (see the 18:50 mark), “Your phone can be on your bedside table at two in the morning. One minute, your phone is clean. The next minute, the data is silently streaming to an adversary a continent away. You see nothing.” He added it was “capabilities available only to a handful of nation-states … It is too late,” he said, “to put the tech back into the bottle, and so we must take strong action now…”
 
Another witness was Carine Kanimba, an American citizen born in Rwanda. Her testimony (29:05) details the story of her stepfather, Paul Rusesabagina, portrayed by Don Cheadle in Hotel Rwanda. Rusesabagina was the manager of the Hôtel des Mille Collines in Kigali during the Rwandan genocide. He used the hotel to save more than a thousand refugees. Later, he and his family fled to the United States. Rusesabagina became a public speaker and was critical of the human rights violations of the Rwandan government and of the Rwandan President Paul Kagame. In August 2020, Kanimba’s stepfather was surveilled in the United States by the Rwandan government and lured from the family home in Texas. Rusesabagina was kidnapped in Dubai, transferred to Kigali, tortured, tried, and sentenced to 25 years in prison. Kanimba became a vocal and effective activist about the abduction of her stepfather.
 
In February 2021, Carine Kanimba was notified (33:11) by forensics experts that her smartphone had been infected by Pegasus.
 
“I was mortified, and I am terrified,” she said. The forensics report showed “the spyware was triggered as I walked in with my mom into a meeting with the Belgian Minister of Foreign Affairs. It was active during the calls with the U.S. Presidential Envoy for Hostage Affairs team and the U.S. State department, as well as U.S. human rights groups.”
 
Not only was Kanimba’s phone infected, but so was the phone of her cousin with whom she lives.
 
“I am frightened by what the Rwandan government will do to me and my family next,” she said. “It keeps me awake that they knew everything I was doing. Where I was, who I was speaking with, my private thoughts and actions, at any moment they wanted. Unless there are consequences for countries and their enablers which abuse this technology, none of us are safe.”
 
The threat by mercenary spyware companies and malware is too serious to ignore.
 
“It has taken us too long to have this conversation,” concluded Railton. His testimony included several suggestions for Congress (22:15):

• Add all unaccountable players within the spyware industry to a U.S. Department of Commerce blacklist.

 

• Expand the ability to hold problem companies accountable and direct the intelligence community to counter and disrupt them if necessary.

 

• Finally, the US should apply diplomatic pressure to countries that foster these companies and enable spyware operations.

Video starts at Sen. Mike Lee's questioning of FBI Director Wray (1:02:00 mark).

​At a Senate Judiciary Committee hearing yesterday, Sen. Mike Lee (R-UT) neatly summarized the FBI’s spotty observance of Section 702 of the Foreign Intelligence Surveillance Act (FISA), up for reauthorization next year, in his questioning of FBI Director Christopher Wray. Sen. Lee’s questions follow up on the revelation that the FBI used U.S. person information in FISA queries some 3.4 million times in a recent one-year period.
 
Sen. Lee said:
 
“As you know, Director Wray, Section 702 authorizes the collection of electronic communications. Not just the metadata but the content of the communications themselves, including communications of non-U.S. persons outside the United States. But, as you know, this inevitably leads to the incidental collection of communications that involve or include U.S. persons, including U.S. citizens.”
 
The Utah senator reminded Director Wray that the 2018 reauthorization of Section 702 required the FBI to obtain an order from the Foreign Intelligence Surveillance Court to authorize querying the database for communications involving U.S. persons and citizens in criminal investigations not involving national security. Why then, Sen. Lee asked, did a recently released transparency report estimate that the FBI did not obtain a single order under section 702 from the Foreign Intelligence Surveillance Court in 2021?
 
The FBI itself, after all, identified at least four instances in which the electronic communications of U.S. persons “were unlawfully searched without the required order from the Court?” Sen. Lee asked: “Can you tell me how you found those four instances and how you can be certain that there are not more than four instances in which someone did a backdoor search of U.S. persons’ communications?”
 
The FBI Director said he could not recall the “various oversight mechanisms we have.” He noted that the FBI set up a new office of internal audit focused on FISA compliance.
 
Sen. Mike Lee replied that he understood these authorities are needed to protect the American people.
 
“But when it comes to American citizens, they have a reasonable expectation of privacy. When you have that much ability to collect that much information, record that many conversations of unsuspecting, law-abiding American citizens, there really do have to be procedures in place to make sure that there is probable cause and a probable cause-based warrant in order to search those, because that really is just a backdoor search and a potential end run around the Fourth Amendment.”
 
Senator Lee expressed skepticism that the four known surveillances of Americans did not require a FISC order. And said he would hold Director Wray to his promise to provide more information.

If you are ever a witness before a Congressional committee, the trick to surviving a contentious hearing is to run out the clock with smooth talking. Each committee member only has five minutes to ask questions. An expert witness will often respond to a precise and penetrating question by taking up minutes with a Wikipedia-level recitation of a law or process, wrapped within pleasing-sounding banalities and blandishments.
 
Even within time constrictions in facing a polished witness, Rep. Zoe Lofgren (D-CA), long-time watcher of the watchers, managed to challenge the Department of Justice on Section 702 of the Foreign Intelligence Surveillance Act (FISA) in the recent House Judiciary Committee hearing. Rep. Lofgren refused to be brushed off (29 minutes mark) by the Department of Justice’s top national security official, Assistant Attorney General Matthew G. Olsen, concerning the FBI’s use of Section 702 information – collected to catch foreign terrorists and spies – against Americans.
 
Rep. Lofgren began by noting that FISA Court Judge James E. Boasberg had found that the FBI improperly searched Americans’ personal information collected without a warrant. Some of these were run-of-the-mill criminal investigations involving healthcare fraud, bribery, and other purported crimes unrelated to national security.
 
Rep. Lofgren added that in Dec. 2020 to Nov. 2021, the FBI searched the personal identifiers of known Americans in 702 data some 3.4 million times. This was triple the number from the previous year. As PPSA has reported, that amounts to more than 9,300 searches by the personal identifiers of Americans every day.
 
Rep. Lofgren noted that when Olsen went before the Senate Intelligence Committee for his confirmation, he pledged that “restoring and maintaining trust in the FISA process was a critical priority.” She asked him what he has done since to prevent warrantless, improper, backdoor searches of Americans’ data conducted under Section 702?
 
After taking time to give a topline description of the law, Olsen admitted that the “issues you cite are ones of concern” and promised to improve FBI compliance with training and by upgrading FBI computer systems. “We are looking forward to improving the compliance record of the Department of Justice and the FBI in regard to Section 702,” Olsen said, “and I can assure you it is a priority.”
 
Rep. Lofgren had a sharp reply.
 
“We have had reassurances over the years and yet the performance continues to be poor, and it has been poor under both Republican and Democratic Administrations,” she said. “We have considered imposing a warrant requirement for queries of known Americans … probably a necessity unless we can get some further, definitive control of the warrantless search of Americans in the 702 database.”
 
Rep. Lofgren added that using Section 702 to conduct warrantless searches on Americans is “improper and yet it continues.” Olsen replied that Section 702 permits the creation of a database of non-U.S. persons overseas, and that when the FBI searches, it does so to simply find “connections,” not to target Americans.
 
Rep. Lofgren’s retort was sharp: “That is contrary to the report that we got from ODNI and from the FISA Court.”
 
As Section 702 faces reauthorization next year, civil libertarians should continue to press Rep. Lofgren’s questions and urge Congress to consider an explicit warrant requirement when queries target Americans.

Bob Goodlatte, PPSA Senior Policy Advisor, returns to the House Judiciary Committee, which he once chaired, to explain how the government sidesteps the constitutional requirement for a probable cause warrant by simply buying our personal digital information from private data brokers. He also discusses the need to pass The Fourth Amendment Is Not for Sale Act. You can read his testimony or listen to him testify, beginning at the 14:26 mark.

Watch here: