Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.
The nonprofit Electronic Frontier Foundation announced Thursday that it had filed a lawsuit in U.S. federal court on al-Hathloul’s behalf against former U.S. officials Marc Baier, Ryan Adams and Daniel Gericke, as well as a cybersecurity company called DarkMatter that has contracted with the United Arab Emirates.
In the lawsuit, al-Hathloul alleges that the trio oversaw a project for DarkMatter that hacked into her iPhone to track her location and steal information as part of broader surveillance efforts targeted at dissidents within the UAE and its close ally Saudi Arabia. She said the hacking of her phone led to her “arbitrary arrest by the UAE’s security services and rendition to Saudi Arabia, where she was detained, imprisoned, and tortured.”
“Companies that peddle their surveillance software and services to oppressive governments must be held accountable for the resulting human rights abuses,” said EFF Civil Liberties Director David Greene.
DarkMatter assigned her the codename of “Purple Sword,” the lawsuit says, citing a 2019 investigation by Reuters that first detailed the hacking of al-Hathloul.
The lawsuit is the latest legal challenge to the secretive private cyber-surveillance industry, which often sells pricey hacking services to authoritarian governments that are used to secretly break into phones and other devices of activists, journalists, political opponents and others. Tech giant Apple filed a lawsuit last month against Israel’s NSO Group seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.
Baier, Adams and Gericke admitted in September to providing sophisticated computer hacking technology to the UAE and agreed to pay nearly $1.7 million to resolve criminal charges in a deferred prosecution agreement the Justice Department described as the first of its kind. The Justice Department described each of them as former U.S. intelligence or military personnel. Baier previously worked at the National Security Agency, the AP previously reported.
The trio are part of a trend of U.S. officials with backgrounds in spying and hacking going to work for foreign governments with questionable human rights records, which has led to calls in Congress for greater oversight.
Attorneys for Baier, Adams and Gericke did not immediately return requests for comment. Questions sent by email to officials at Abu Dhabi-based DarkMatter could not be delivered.
Arrested in 2018, al-Hathloul was sentenced to almost six years in prison last year under a broad counterterrorism law. Held for 1001 days, with time in pre-trial detention and solitary confinement, she was accused of crimes such as agitating for change, using the internet to cause disorder and pursuing a foreign agenda.
From behind bars, al-Hathloul went on hunger strikes to protest her prison conditions and joined other female activists in testifying to judges that she was tortured and sexually assaulted by masked men during interrogations. The women reported that they were caned, electrocuted and waterboarded. Some said they were groped and threatened with rape. Saudi Arabia denies that any were mistreated.
Her case sparked an an international uproar over the Saudi kingdom’s human rights record and President Joe Biden called her a “powerful activist for women’s rights” when she was released in February.
Since details of DarkMatter’s hacking campaign have become public, the company’s profile has dropped over the last few years, with some staff moving on to a new Abu Dhabi-based firm called G42. That firm has been linked to a mobile app suspected of being a spying tool as well as to Chinese coronavirus tests that American officials warned against using over concerns about patient privacy, test accuracy and Chinese government involvement.
Related: Mozilla Moves to Deny DarkMatter’s Root Inclusion Request