The Mexican surveillance scandal in which the Citizen Lab is involved now widens substantially.

Our latest report confirms that a phone belonging to an international group of experts from several countries assembled by the Inter-American Commission on Human Rights (known as the GIEI), charged with investigating the 2014 Iguala Mass Disappearance, was targeted with infection attempts using spyware developed by the NSO group, an Israeli “cyber warfare” company.

The infection attempts we documented took place in early March 2016, shortly before the publication of GIEI’s final report on their investigation.

For those who do not know, the 2014 Iguala Mass Disappearance refers to a horrific episode in which 43 students from the Ayotzinapa Rural Teachers’ College were disappeared while travelling to Mexico City to participate in an event commemorating yet another tragic episode in Mexico, the Tlatelolco Massacre. The Mexican government’s inadequate response to the mass disappearance, and suspicions that Mexican government agencies themselves were implicated, led to calls for the creation of the independent international investigation.

While carrying out their investigations, the GIEI experts faced numerous threats and harassment, and eventually a public falling-out with the Mexican attorney general’s office. Just prior to the release of their public report in March 2016, we determined that a phone belonging to the investigators was targeted with SMS messages containing links to NSO Group exploit infrastructure.

While we cannot definitively attribute the targeting we discovered to a particular Mexican government agency or individual, it is highly significant that leaked documents show numerous Mexican government agencies, including the Mexican attorney general’s office itself, purchased NSO Group spyware.

This latest report of ours adds to the growing number of cases clearly showing the abuse of commercial spyware in the context of Mexico.   So far we have positively determined that technology sold by an Israeli-based company ostensibly restricted to governments for anti-terror, criminal, and national security investigations has been used instead to target health scientists and anti-obesity activists, anti-corruption NGOs, journalists (and their family), opposition politicians, and now members of an independent international inquiry into the massacre of 43 students.

These findings will undoubtedly deepen the surveillance crisis in Mexico.  But what’s going on in that country is symptomatic of a much wider global problem. Surveillance companies are making millions selling their products to governments that lack oversight and public accountability who are then turning these powerful and highly invasive tools on civil society to further their corrupt aims.

Addressing this problem will require a comprehensive policy response across multiple domains, from the domestic to the international.  My colleague Sarah McKune and I have outlined recommendations to bring more accountability to the commercial spyware trade in the form of a checklist, which can be found here.  We hope our documentation of cases of abuse such as these will inspire such comprehensive responses.

We are grateful for the cooperation of the GIEI experts, and our Mexican colleagues, R3D, SocialTic, and Article19, without whom this investigation could not be undertaken.

Read the full report here: https://citizenlab.org/2017/07/mexico-disappearances-nso/