In Christopher Nolan’s magnificent movie The Dark Knight, Bruce Wayne presents his chief scientist, Lucius Fox, with a sonar technology that transforms millions of cellphones into microphones and cameras. Fox surveys a bank of screens showing the private actions of people around the city.
The character, played by Morgan Freeman, takes it all in and then declares the surveillance to be “beautiful, unethical, dangerous … This is wrong.”
What was fiction in 2008 became reality a few years later with Pegasus: zero-click spyware that allows hackers to infiltrate cellphones and turn them into comprehensive spying devices, no sonar needed. A victim need not succumb to phishing. Possessing a cellphone is enough for the victim to be tracked and recorded by sound and video, as well as to expose the victim’s location history, texts, emails, images, and other communications.
This spyware created by the Israeli NSO Group might have originally been developed, as most of these surveillance technologies are, to catch terrorists. It has since been used by various dictatorships and cartels to hunt down dissidents, activists, and journalists, sometimes marking them for death – as it did in the cases of Jamal Khashoggi and Mexican journalist Cecilio Pineda Birto.
PPSA reported earlier this year that the FBI had purchased a license for Pegasus but has been keeping it locked away in a secure office in New Jersey. FBI Director Christopher Wray has assured Congress that the FBI was keeping the technology for research purposes. Now, Mark Mazzetti and Ronen Bergman of The New York Times have updated their deep dive into FBI documents and court records about Pegasus produced by a Freedom of Information Act request.
PPSA waded through these now-declassified documents, half of each page blanked out by censors. What we could see was alarming.
One document, dated Dec. 4, 2018, pledged that the U.S. government would not sell, deliver, or transfer Pegasus without written approval from the Israeli government. The letter certified that “the sole purpose of end use is for the collection of data from mobile devices for the prevention and investigation of crimes and terrorism, in compliance with privacy and national security laws.”
Since many in the national security arena and their allies assert that executive order EO 12333 gives intelligence agencies unlimited authority, the restraining influence of privacy and national security laws is questionable. And true to form, the FBI documents show that the agency did, in fact, give serious consideration to using Pegasus for U.S. criminal cases.
Why the turnaround? It was at time that a critical mass of Pegasus stories – with no lack of murders, imprisonments, and political scandals – emerged in the world press. That is surely why the FBI left this hot potato in the microwave. One wonders, however, what to make of the attempt of a U.S. military contractor, L3Harris, to purchase NSO earlier this year? If the FBI was out of the picture, was this aborted acquisition an effort by the CIA to lock down NSO and its spyware menagerie? And if the CIA has found some other route to possess this technology – and to be frank, they’d be guilty of malfeasance if they didn’t – is the agency staying within its no-domestic-spying guardrails in deploying this invasive technology? Recent revelations of bulk surveillance by the CIA does not inspire confidence.
Nor can we discount what the FBI might do in the future. Despite the FBI’s decision to avoid using the technology, Mazzetti and Bergman report that an FBI legal brief filed in October stated: “Just because the FBI ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals.”
No doubt, targeted use of such technologies would catch many fentanyl dealers, human traffickers, and spies. But as Lucius Fox asks, “at what cost?”