Governments monitor activists via their smartphones
August 18, 2016 Leave a comment
Your government is potentially spying on you via your mobile, tablet or computer, especially if you are an activist fighting for human rights or democracy. So if you want your information safe from prying eyes and ears, you need to take precautions. Your cell phone monitors where you spend your time, and thereby where you live, visit friends and work. Social media and your browser reveal your interests, politics and a whole lot more.
It is more or less common knowledge that companies are spying on us through data brokers, and use this data for advertising purposes. What is perhaps less well known is that many governments, often in the name of catching alleged criminals and terrorists, are using advanced programmes and technology for widespread spying on their own citizens through our mobile phones and computers.
And the private and corporate sector of spying is often intertwined. The NSA gets data from Microsoft, Googla and Apple, through the courts or via hackers if necessary. And other governments all over the world have similar arrangement with telephone and internet companies, says security technologist and Harvard Fellow Bruce Schneier.
Hacking Team hacked
On the 6th of July last year, we got a rare insight into the world of such government surveillance of an array of countries’ own citizens. On this date the Italian cyber-weapons company Hacking Team was itself hacked.
The company sells the so-called Da Vinci malware software hacking system to governments around the world to enable them to break into people’s computers and smartphones. The software can, amongst other things, “intercept information before it is encrypted for transmission, capture passwords typed into a web browser, and activate a target’s microphone and camera,” according to the Committee to Protect Journalists.
Hundreds of gigabytes of Hacking Teams internal documents were released on the Wikileaks website, revealing who they supply their surveillance software to and how they and it works.
Sells software to human rights abusers
Hacking Teams’ customers include over 50 agencies in 40 countries around the world such as Morocco, Swaziland, Russia, Egypt, Saudi Arabia, Libya, Vietnam, USA, Turkey, Colombia, Bahrain, Saudi Arabia, Ethiopia, Sudan, the United Arab Emirates and Azerbaijan.
Hacking Team claim they do “not sell products to governments or to countries blacklisted by the USA, EU, UN, NATO or ASEAN” and that they “review potential customers” to try and ensure that their technology will not “be used to facilitate human rights violations”.
But with such a multitude of countries with less than perfect human rights records, this and Hacking Team founder David Vincenzetti’s claim to be “the good guys” all seems rather spurious. Human Rights Watch certainly doesn’t think so, writing in a letter to Hacking team that “The leaked materials [on the Wikileaks website] provide no indication that Hacking Team took any meaningful steps to … stop any of the agency’s abuses that were committed with the technology and training Hacking Team provided.”
Hacking Team is also regarded as an “Enemy of the Internet” by international NGO Reporters Without Borders.
Must respect human rights
Just like governments, Hacking Team and other companies are, in principle anyway, subject to human rights obligations, including the UN Guiding Principles on Business and Human Rights
These principles, amongst other things, compel “business enterprises” to “respect human rights. This means that they should avoid infringing on the human rights of others and should address adverse human rights impacts with which they are involved … Addressing adverse human rights impacts requires taking adequate measures for their prevention, mitigation and, where appropriate, remediation.”
Protect yourself and your data
But if you do not wish your government to listen in on your phone and other conversations, emails, text messages and other private information, or copy your passwords and use your smartphone’s camera or microphone, then you need to take precautionary measures.
- Do not open unexpected attachments on emails or chats, even if they come from a trusted contact. PDF and DOC files can trigger the installation of malware on your phone or computer.
- Do not install software from untrustworthy sources. When possible, use encrypted HTTPS connection and Virtual Private Network (VPS) to download new software.
- Keep your systems and applications up to date.
- Connect to public or insecure networks via a VPN
- Consider installing browser plugins that improve your online safety, such as HTTPS Everywhere and NoScript.
- Have up-to-date antivirus software on you system.