Publication Date: October 2023

This report is the result of Amnesty International’s Security Lab collaboration with EIC, a partnership of European media organizations, as a technical partner. The document lays out the human rights implications of the Predator Files disclosures, which show how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance, a technological and commercial alliance concluded in 2019 between the Intellexa group and the Nexa group, is being sold and transferred around the world with impunity. These findings make clear, yet again, that the unchecked sale and transfer of surveillance technologies could continue to facilitate human rights abuse on a massive global scale, as companies are still being allowed to freely sell and transfer their wares in utmost secrecy.

The report produces key recommendations to states and the European Union.

Key recommendations to States:

• (Particularly states that have granted export licences) Immediately revoke all marketing and exportlicences issued to the Intellexa alliance and conduct an independent, impartial, transparent investigation to determine the extent of unlawful targeting, to culminate in public statement on results of efforts and steps to prevent future harm.

• Enforce a ban on the use of highly invasive spyware. Such spyware cannot, at present, be independently audited or limited in its functionality to only those functions that are necessary and proportionate to a specific use and target.

• Implement a human rights regulatory framework that governs surveillance and that is in line with international human rights standards. Until such a framework is implemented, a moratorium on the purchase, sale, transfer, and use of all spyware should be enforced.

• Implement domestic legislation that imposes safeguards against human rights violations and abuses through digital surveillance and establish accountability mechanisms designed to provide victims of surveillance abuses a pathway to remedy.

• Legally require surveillance companies to conduct human rights due diligence in relation to their global operations, including on the use of their products and services.

Key recommendations to the European Union and its Member States:

• EU member states and the European Commission should ensure the robust implementation of the 2021 EU Export Control Rules. This includes taking immediate action towards underscoring the human rights due diligence obligations that follow from the Dual-Use Regulation and creating a transparent market in cybersurveillance technologies that is bound by effective human rights safeguards.

• EU member states must adopt and enforce legislation that requires all corporate actors to respect human rights and implement human rights due diligence measures in line with the UN Guiding Principles. As part of the ongoing deliberations on the Corporate Sustainability Due Diligence Directive (CSDDD), the EU should require companies to conduct human rights due diligence with respect to the full value chain including the purchase, sale, transfer, export and use of products. Companies operating in all sectors should implement the requirements on the CSDDD including those producing spyware, as well as financial institutions.

Tags: Surveillance Media freedom Freedom of expression Safety of journalists

The content of this article can be used according to the terms of Creative Commons: Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) . To do so use the the wording "this article was originally published on the Resource Centre on Media Freedom in Europe" including a direct active link to the original article page.