In 2017, while reporting a story on Harvey Weinstein that would, along with a New York Times report, kick off the #MeToo movement, the investigative journalist Ronan Farrow found himself the target of covert surveillance.
The efforts to suppress investigations into Weinstein’s history of sexual abuse, for which the Hollywood mogul paid the Israeli private intelligence firm Black Cube, were mostly old-school: front companies and false identities, hired subcontractors staking out buildings or tailing targets, gumshoes eavesdropping on meetings. Black Cube was able to obtain some of Farrow’s geolocation data from his phone, thus tracking his movements, but the majority of its operations were contained to the analog world of traditional surveillance.
Farrow later reported on these tactics for the New Yorker in the first of several pieces delving into the shadowy world of surveillance and, in particular, the private companies selling insidiously powerful spyware technology. Surveillance has always been an exercise of intimidation – “it is emotionally devastating and intrusive and it makes you feel unsafe,” Farrow told the Guardian – but the new commercial spyware tools are, as laid out in a new documentary, “a whole other game, a whole other level of sophistication”.
Surveilled, now on HBO, is, on one level, a visual accompaniment to Farrow’s bombshell April 2022 report on how governments – western democracies, autocratic regimes and many in between – secretly use commercial spyware to snoop on their citizens. The hour-long documentary, directed by Matthew O’Neill and Perri Peltz, records the emotional toll, scope and threat potential of a technology most people are neither aware of nor understand. It also serves as an argument for urgent journalistic and civic oversight of commercial spyware – its deliberately obscure manufacturers, its abuse by state clients and its silent erosion of privacy.
The film, like Farrow’s 2022 article and much of his subsequent reporting, primarily concerns a proprietary spyware technology called Pegasus that is produced by the Israeli company NSO Group. Pegasus, as the film chillingly demonstrates, can infiltrate a private device through one of its many third-party apps, sometimes with one click – via a spam or phishing link – or, for certain models, without any help of the device’s owner at all. Once activated, Pegasus can control your phone, turn on your microphone, use the camera, record voice or video, and disgorge any of its data – your texts, photos, location. It is very possible, and now documented, to be hacked by Pegasus and not even know it.
Surveilled follows Farrow on his globe-trotting efforts to trace the invisible, international scope of Pegasus: to Tel Aviv, the center of the commercial spyware industry, where NSO executives toe the party line that the group only sells to governments for law enforcement purposes and has no knowledge of its abuses. To Silicon Valley, where the giant tech companies such as WhatsApp are in a game of cat and mouse with Pegasus and others infiltrating its services. To Canada, where the University of Toronto’s Citizen Lab leads efforts for transparency on who has Pegasus, and what they are doing with it. And to Barcelona, where Citizen Lab representatives detect Pegasus hacks, suspected from and later confirmed by the Spanish government, on pro-Catalan independence politicians, journalists and their families.
Throughout the film, NSO claims to vet potential clients (though they have not disclosed what said vetting process entails), to have no knowledge of abuses – such as the Spanish government’s surveillance of Catalan separatists, or the ruler of Dubai spying on his ex-wife in London, or the Greek prime minister listening to rivals’ calls – and to discontinue business when such abuses arise. But Farrow’s reporting suggests otherwise. “The data activists and watchdog groups that monitor this see the data as moving through the company’s infrastructure in a way where it would be pretty hard to have no knowledge [of misuse],” he said. This week, legal documents in ongoing US litigation between NSO and WhatsApp revealed that it is the company, not its clients, that actually “installs and extracts” information from targeted mobile phones.
Such targets are at the client’s discretion, including regimes with abysmal human rights records that are instrumental to NSO’s business. A former NSO salesperson who meets with Farrow anonymously in the film explains how NSO sold the same Pegasus technology to western European democracies for a fraction of the price it sold to repressive regimes in the United Arab Emirates or Saudi Arabia – the logic being that western democracies are better representatives for the company. The same former NSO salesperson quit the company after investigations linked Pegasus to the 2018 murder of the Washington Post journalist Jamal Khashoggi by Saudi officials. (The company has denied any involvement.)
NSO’s tentacles in surveillance beyond the scope of counter-terrorism, not to mention Israel’s longstanding use of Palestine as a laboratory for surveillance, evinces the need for more transparency. “These companies need to be subject to the same kind of international regulation and legal infrastructure that arms dealers are,” said Farrow. “That’s just the reality. It’s dangerous tech. It threatens democracy and freedom. It leads to violence. The data tells us this now. That doesn’t mean that there are no law enforcement applications for it, which also makes it very similar to weapons of mass destruction.”
Also like weapons of mass destruction – and generative AI, another nascent technology whose implications far outpace regulations – “we can’t be naive,” Farrow added. “You can’t put the genie back in the bottle. But we need restraints.”
The United States government has not yet, to public knowledge, used Pegasus on private citizens. The FBI bought the technology under the Trump administration purportedly to test it, though a New York Times investigation later found that the department was keen to operationalize it. In 2022, the Biden administration passed an executive order limiting the US government’s ability to purchase private spyware that has been abused elsewhere – though, as with any legal measure, there are loopholes. “It is an encouraging statement of principle,” said Farrow, as is the move to put NSO and other spyware companies on a blacklist that prevents them from doing business with US companies. “But these are pretty halting, limited measures.”
And the incoming administration of Donald Trump appears to have little interest in even that. Trump has appointed as his national security adviser Michael Waltz, who as a congressman advocated for the expansion of the Foreign Intelligence Surveillance Act in an effort to deport illegal immigrants. In a piece for the New Yorker released the same day as the film, Farrow reported on the Department of Homeland Security’s new $2m contract with an Israeli firm called Paragon for their Graphite spyware, which can breach encrypted messaging services such as Signal or Telegram. Immigration and Customs Enforcement (Ice), an agency within DHS, will almost certainly use the technology for Trump’s stated plans to deport illegal immigrants en masse.
Farrow characterized the purchase as an impending “digital panopticon” for not just the 3.7 million people awaiting immigration hearings, nor the millions more who have so far evaded immigration enforcement, but the US population at large. “There’s not transparency. There’s not accountability,” he said. “And it is very possible that with even thin types of law enforcement rationales, this could start to be deployed against people the administration just doesn’t like, as we’ve seen in a lot of these other democracies.
“All of the privacy law experts that I’m talking to are very, very afraid right now,” he added. “This tech is just increasingly everywhere, and I think we have to contend with the inevitability that this is not just going to be this path of private companies selling to governments.”
Though in part a film of journalistic process, Surveilled also advocates for a regulatory framework on commercial spyware and surveillance, as well as awareness – even if you are not a journalist, a dissident, an activist, you could be surveilled, with privacy writ large at stake. The new digital surveillance tools are “so cheap, and so accessible, and the legal protections are so porous”, said Farrow. “We all need to be invested in whether the space for political diversity of opinion, resistance, dissent, journalists getting information, shrinks or remains alive.
“This is not some side issue. This underpins all of the issues we care about,” he added. “This is one of the bellwethers of and catalysts of crackdowns and authoritarian tendencies.”
Surveilled is available on Max in the US
