For over ten years, companies producing government surveillance tools have justified their products by claiming they are solely meant for use against dangerous criminals and terrorists, and only in exceptional situations.
Yet, the numerous documented cases of spyware misuse worldwide clearly demonstrate that these claims do not hold up.
Across both authoritarian and democratic nations, journalists, activists, and politicians have frequently been singled out. The most recent case involves a political adviser for left-leaning parties in Italy, who has been identified as the latest confirmed target of Paragon spyware in the country.
This new incident highlights how the use of spyware has expanded well beyond what was once considered “rare” or “isolated” attacks affecting only a select few.
“There’s a misconception at the core of stories about who is targeted by government spyware, which is that being targeted means you are Public Enemy Number One,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, who has spent years researching spyware, in an interview with TechCrunch.
“In fact, because it’s so simple to target people, we’ve observed governments deploying surveillance malware against a wide array of individuals, including minor political rivals, activists, and members of the press,” Galperin explained.
There are multiple factors that help explain why spyware often ends up on the devices of people who, in principle, should not be under surveillance.
One key reason is how these surveillance tools are structured. Typically, when a government agency acquires spyware from a vendor—such as NSO Group, Paragon, or others—they pay an initial fee for the technology, followed by smaller payments for updates and technical assistance.
The initial payment usually depends on how many individuals the agency can monitor at once. The higher the number of targets, the greater the cost. Leaked records from the now-closed Hacking Team revealed that some law enforcement and government clients could monitor anywhere from a few people to an unlimited number of devices simultaneously.
While democratic states often had a lower cap on simultaneous surveillance targets, it was not unusual for countries with poor human rights records to have the capacity to monitor a vast number of people at the same time.
Allowing such extensive surveillance capabilities to governments with a strong desire to monitor citizens has almost inevitably led to the targeting of many more individuals than just suspected criminals or terrorists.
Morocco, the United Arab Emirates (on two occasions), and Saudi Arabia (multiple times) have all been exposed for targeting activists and journalists over the years. Security expert Runa Sandvik, who supports at-risk journalists and activists, maintains a growing list of global spyware abuse incidents.
Another factor behind the widespread misuse is that, especially in recent times, spyware like NSO’s Pegasus or Paragon’s Graphite makes it remarkably straightforward for government clients to target virtually anyone. These platforms function much like control panels, where officials simply enter a phone number and the rest is handled automatically.
John Scott-Railton, a senior researcher at The Citizen Lab who has spent a decade investigating spyware firms and their misconduct, described government spyware as presenting a “massive temptation for abuse” to its users.
Scott-Railton emphasized that spyware “should be regarded as the threat to democracy and elections that it truly is.”
A widespread lack of openness and oversight has further enabled governments to use these advanced surveillance tools with little fear of repercussions.
“The fact that relatively minor figures are being targeted is especially troubling, as it shows just how emboldened governments feel when deploying such invasive spyware against their opponents,” Galperin told TechCrunch.
There is, however, some positive news regarding accountability for victims.
Earlier this year, Paragon made a public announcement that it was severing ties with the Italian government, stating that authorities there declined the company’s assistance in probing alleged spyware abuses.
NSO Group has also disclosed in court that it has cut off ten government clients in recent years for misusing its spyware, though it has not identified which countries were involved. It remains uncertain whether this includes governments like those of Mexico or Saudi Arabia, where numerous abuses have been documented.
On the government side, nations such as Greece and Poland have begun investigations into spyware misuse. The United States, under President Biden, has imposed sanctions and economic restrictions on spyware makers like Cytrox, Intellexa, and NSO Group, as well as their executives. Additionally, a coalition of mostly Western countries, led by the U.K. and France, is attempting to use diplomatic efforts to slow the growth of the spyware industry.
Whether any of these initiatives will succeed in slowing or restricting what has become a global, multi-billion-dollar industry—one where companies are eager to provide sophisticated spyware to governments intent on monitoring almost anyone—remains to be seen.
