For years, companies selling government spyware defended their products as tools reserved for targeting dangerous criminals and terrorists in exceptional circumstances. However, mounting evidence from numerous documented cases worldwide paints a drastically different picture.
Journalists, human rights activists, and even politicians have become victims of these intrusive technologies in both authoritarian regimes and democracies alike. The recent case of an Italian political consultant working with left-wing parties highlights how spyware is proliferating far beyond the narrow scope initially claimed by its vendors. This isn’t a case of isolated “rare” attacks; rather, governments are exploiting these powerful tools to surveil a broader range of individuals than previously thought.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation and a long-time spyware researcher, clarifies this misconception: “If you’re targeted by government spyware, you are not Public Enemy Number One,” she explains. “It’s become far too easy to target people, so we’re seeing governments use surveillance malware against a range of individuals—minor political opponents, activists, and journalists.”
Several factors contribute to this alarming trend.
Firstly, the way spyware is sold creates an inherent incentive for abuse. Intelligence agencies typically purchase these systems with a one-time fee covering technology acquisition, followed by ongoing support payments. The initial price often depends on the number of simultaneous targets the agency desires—the more potential victims, the higher the cost. Leaked documents from the defunct Hacking Team reveal that some police and government clients could surveil anywhere from a handful to potentially unlimited devices simultaneously. While democratic countries might typically have fewer concurrent targets, nations with concerning human rights records frequently opt for massive surveillance capabilities. This dynamic has resulted in documented spyware abuse against journalists and activists by Morocco, the United Arab Emirates, and Saudi Arabia, among others.
Secondly, modern spyware like NSO’s Pegasus or Paragon’s Graphite is incredibly user-friendly. These systems function essentially as consoles where government officials input a phone number, triggering automated surveillance in the background. This ease of use amplifies the “abuse temptation” inherent in such powerful technology, as noted by John Scott-Railton, a senior researcher at The Citizen Lab who has investigated spyware companies for over a decade. He emphasizes the urgent need to treat government spyware as a serious threat to democratic processes and elections.
Finally, the lack of transparency and accountability surrounding these tools emboldens governments to use them with reckless abandon. The impunity enjoyed by perpetrators in using this exceptionally invasive technology against even minor opponents raises serious concerns about its unchecked proliferation.
Despite these challenges, there are glimmers of hope. Paragon severed ties with the Italian government earlier this year after publicly disputing the country’s handling of alleged spyware abuses involving its product. NSO Group has also disclosed disconnecting ten government customers in recent years for abusing its technology, although it remains unclear if this includes notorious cases linked to Mexico and Saudi Arabia.
Investigations into spyware abuses have been launched in countries like Greece and Poland. The Biden administration imposed sanctions on companies like Cytrox, Intellexa, and NSO Group, effectively placing them on economic blocklists. Additionally, a coalition of mainly Western nations led by the UK and France is attempting to curb the global spyware market through diplomatic channels.
It remains to be seen whether these efforts will significantly impact the burgeoning multibillion-dollar industry eager to supply powerful surveillance tools to governments seemingly with no limits on their targets.
