Mexican Privacy Watchdog Criticizes Government Over Spyware

Mexico’s privacy watchdog said Wednesday that the federal Attorney General’s Office stonewalled it for more than a year as it tried to investigate the government’s use of powerful Israeli spyware against journalists, lawyers and activists.

Commissioners of Mexico’s Institute for Transparency, Access to Information and Protection of Personal Data said that just this week the Attorney General’s Office provided for the first time licensing contracts from 2016 and 2017 for the Pegasus software from Israel’s NSO Group.

Initially, the office denied the contracts existed, then refused to divulge them before eventually capitulating.

Commissioners were incredulous Wednesday at the idea that the government would spend $32 million on software and then maintain that it hadn’t used it. They said the government earlier told them it had no records of the software being employed.

“When I’m going to buy something it’s because I’m going to use it,” commissioner Oscar Guerra Ford said.

In the improbable case that it really wasn’t used, there should be an explanation for why something so expensive — almost the annual budget for INAI — was purchased but not used, he said.

“It’s evident that there’s something strange,” Guerra said. He urged the new autonomous prosecutors’ office to essentially investigate itself.

In 2017, the internet watchdog Citizen Lab released its investigation that found some of Mexico’s most prominent journalists had been targeted by the spyware. Journalists Carmen Aristegui and Carlos Loret de Mola had been investigating government corruption and alleged human rights violations by security forces.

It also found evidence that members of an international team of experts backed by the Organization of American States investigating the 2014 disappearance of 43 students in Mexico were targeted.

The University of Toronto-based Citizen Lab said the software was capable of not only accessing all of the information on a target’s cellphone, but also of turning the phone into a spying device by activating its camera and microphone.

NSO had said the software was only sold to governments for the purposes of fighting crime and terrorism.

At the time, the Mexican government flatly denied any of its entities had targeted human rights defenders, journalists, anti-corruption activists or anyone else without prior judicial authorization.

Citizen Lab said it identified targeted messages sent in 2015 and 2016. Among the other targets were members of the Centro Miguel Agustin Pro Juarez, a prominent human rights group, and Mexicans Against Corruption and Impunity.

The software has been implicated in cases of misuse elsewhere as well.

In December, a Saudi Arabian dissident filed a lawsuit in Israel alleging that NSO software was used to monitor Saudi journalist Jamal Khashoggi before his killing in Turkey in October. NSO has called the lawsuit “completely unfounded.”

Related: Cyber Attack Aims to Manipulate Mexican Election

Related: Hackers Steal ‘$15.3 Million’ From Mexico Financial System