NSO Group is leveraging Pegasus spyware for tracking quarantined people
NSO Group claims to be selling this software only to governments
Privacy advocates have now raised privacy concerns on the software
Covid19 Tech Impact
Latest updates & innovations, in-depth resources, live webinars and guides to help businesses navigate through the impact of the COVID19 pandemic on India's economy.
Citing the coronavirus pandemic, governments across the world have ramped up surveillance. Using technology provided by private players, government officials are monitoring Covid-19-infected patients. As of now, many companies are offering these surveillance services and one of them is Israel’s NSO Group, the maker of infamous WhatsApp Pegasus spyware.
According to a report by Motherboard, citing sources, NSO Group is proactively selling its surveillance tool — Fleming — to government agencies for tracking citizens and know who they came in contact with, thereby curbing the spread of coronavirus. While the software might look innocuous, several experts have now raised privacy concerns.
Pegasus Back To Business
The tracking software sold by NSO Group uses the same Pegasus WhatsApp spyware which was used to snoop around 1400 journalists, lawyers, writers, among others, including 121 in India.
The media report said that NSO has incorporated its user interface and analytical tool with Pegasus to hack into mobile phones through WhatsApp to extract personal data such as photos, messages, and phone call details from the devices.
However, NSO doesn’t collect data for itself but provides the software to governments which in turn use these tools to get location data from telecom companies.
In countries like Italy, Germany, Austria, Spain, France, Belgium and the UK, telecom companies are already sharing the location of their customers with the governments to help them better track the virus. Using Fleming, governments can get data on an intuitive user interface that lets official track where people go, who they meet, and for how long. The data is displayed as a heat map which has advanced filters to know what is happening on the ground. For instance, analysts can check whether a patient visited a public place or commercial spaces.
With these functionalities, Fleming seems to be a complete violator of data privacy. However, the software tracks citizens by assigning them random IDs to protect their identities. But this function also has some flaws as the option to track individuals with random IDs or personal identities is left with the government.
John Scott-Railton, a senior researcher at the Citizen Lab of the University of Toronto, said that this is an extremely cynical attempt from a notorious spyware company to branch out into mass surveillance. He added that while everyone wants to go back to normal as soon as possible, the rush to surveillance technology could mean that there is a normal expectation of privacy violation.
Further, some experts have even questioned the effectiveness of the software. They are unclear whether software like Fleming can actually make a difference on the ground or are just used for surveillance.
Similar to Fleming, some countries are using tracking software made by Rome-based Cy4Gate. The company is pitching to Italy, one of the worst impacted countries, to use an application to track user’s location via GPS, phone tower data and Bluetooth.
Moreover, Cy4Gate’s software only tracks individual afters their consent. Also, they have to download the application and enable it to help the government agencies to track them. Cy4Gate claimes to anonymises data and only law enforcement agencies can have access to de-anonymise it.