In an age of increasingly sophisticated digital surveillance, where our every move can be tracked and our most intimate moments can be captured, the delicate balance of security and personal privacy has received and caused a critical juncture. The age of digital surveillance has ignited widespread concerns about the far-reaching implications of surveillance technologies on our society, privacy, and individual rights.

From the watchful eyes of cameras scattered across our cities to the data-gathering technologies built into our social media accounts, surveillance takes many different forms. With cutting-edge technologies like Pegasus Spyware, this all-pervasive eye could not only watch our every move but could also dig up our personal data and analyze it with astounding accuracy. Pegasus spyware is a sophisticated software developed by the NSO Group that is capable of infiltrating mobile devices and gaining complete access to the data of the device, including messages, calls, location, and camera, effectively turning these devices into 24-hour surveillance tools. Behind this prevalent surveillance software, there is a complex web of power relationships where surveillance transforms from a national security measure to an advanced tool of social control created by privatized companies, and used globally by intelligence agencies and governments, undermining the freedom of individuals.

The concept of surveillance

To understand surveillance and its evolution over the last few decades, we first need to grasp the concept of surveillance, as can be explained by the work of David Lyon, a well-known surveillance researcher who has made substantial contributions to the topic. Lyon's book "Surveillance Studies: An Overview" (2007) offers a thorough assessment of surveillance as a social phenomenon. Surveillance, according to Lyon, is the “focused, systematic, and routine attention to personal details for purposes of influence, management, protection, or direction" (p. 14). It includes a wide range of practices, technology, and organizations that collect, process, and analyze data in order to monitor individuals and their behavior. Lyon's work stresses the power dynamics inherent in surveillance, demonstrating how it may be utilized as an instrument of social control and government.

Surveillance has undergone a significant transformation in the last few decades. It has shifted from a primary focus on national security intending to protect a nation’s interest and safeguard citizens, and being carried out by national intelligence agencies and law enforcement, to a privatized practice driven by technological advancements, the commercialization of surveillance, and the need for international cooperation due to the extension of surveillance practices beyond national borders.

The emergence of surveillance technologies like Pegasus challenges our traditional understanding of surveillance, especially in light of recent scandals such as the Snowden revelations and the Cambridge Analytica scandal. These events highlight the need to reevaluate our understanding of surveillance in the post-Snowden age, as surveillance is no longer a type of national security.

This paper seeks to understand what role technical, commercial, and political factors play in shaping the development and adoption of Pegasus spyware, and how these technologies reflect and shape broader trends in digital culture and the surveillance industry. Specifically, drawing on Bauman et al. (2014), the article addresses the following research question: What is the impact of digitization, privatization, and transnationalization on surveillance?

Digitization: Zero-day vulnerabilities and the infiltration of digital spyware

The digitization of surveillance has enhanced the capabilities of spyware like Pegasus. Such spyware relies on exploiting vulnerabilities in digital systems and devices to gain unauthorized access and collect information. With Pegasus, this is done by so-called zero-day- and zero-click vulnerabilities. 

With Pegasus spyware, a device can become infected using a zero-click vulnerability, which is a sort of vulnerability that doesn't require any user interaction or intervention. In the past, spyware would need the user to open an infected file or click on a malicious link in order to access the device. But with zero-click vulnerabilities, malware can get into a device by merely exploiting the flaws in the operating system, software, or network connections of the device. Since the user isn't aware of the infection, it is harder to recognize and protect against such attacks.

What is the impact of digitization, privatization, and transnationalization on surveillance?

As written in a report by the European Parliament (Sartor & Loreggia, 2023, p. 23), this is how the NSO Group describes zero-click in its product description for Pegasus:

"A push message is remotely and covertly sent to the mobile device. This message triggers the device to download and install the agent on the device. During the entire installation process no cooperation or engagement of the target is required (e.g., clicking a link, opening a message) and no indication appears on the device. The installation is totally silent and invisible and cannot be prevented by the target".

To perform such a zero-click infection, Pegasus makes use of zero-day vulnerabilities. A zero-day vulnerability is a vulnerability in software that has not yet been identified nor fixed by software developers, which spyware developers can use to their advantage. Since developers have zero days to respond or fix the problem, these vulnerabilities are referred to as "zero-day" vulnerabilities. By utilizing these undisclosed vulnerabilities, spyware can evade detection and gain unauthorized access to devices or networks (Sartor & Loreggia, 2023).

The impact of surveillance technologies on individual privacy and surveillance as a whole

The collection and analysis of digital data through Pegasus spyware can have profound implications on individual privacy and security by gaining unauthorized access to personal information. This type of spyware can have devastating effects, as could be seen in the case of Jamal Khashoggi, a columnist for the Washington Post, who was killed at the Saudi Arabian consulate in Istanbul in October of 2018. His family claimed that they were targets of Pegasus spyware (Boffey, 2022), despite repeated denials from the NSO Group (Staff, 2019). However, in an investigation carried out by Amnesty International’s Security Lab, it was found that the spyware was successfully installed on the phone of Jamal Khashoggi’s fiancée Hatice Cengiz (Amnesty International, 2021d). Once Pegasus spyware infiltrates a phone, it grants unrestricted access to all sensors and data on the targeted device, effectively transforming mobile phones into 24-hour surveillance tools. The spyware has full control over the phone's camera, microphone, GPS, and more, enabling it to intercept, transmit, or receive messages that would typically be protected by end-to-end encryption. Additionally, it can retrieve stored photos, gather passwords, eavesdrop on and record voice or video conversations, and engage in various other invasive activities.

In the case of Jamal Khashoggi, if his phone or the phone of one of his family members had been compromised by Pegasus, his conversations, location, and other sensitive information could have been intercepted and accessed, which could have played a significant role in the planning and execution of his killing. The extensive capabilities of Pegasus allow it to exploit the phone's functionalities, violating the targeted individual’s privacy, as well as the privacy of individuals the target is in contact with (Marzocchi & Mazzini, 2022). 

Even before the Pegasus Project, members of the European Union have raised qualms and skepticism about acquiring cyberweapons developed by private companies (Mildebrath, 2022). The sensitive nature of surveillance technologies and the potential risks associated with their misuse has made the EU cautious about relying on external sources for such capabilities. In the case of the NSO Group, the presence of former top intelligence officials within the Israeli company raised that concern even higher. There have been concerns that the spyware built by such firms may have hidden vulnerabilities or backdoors that allow unauthorized access to internal systems. The apprehension stems from the perception that these firms have close relationships with intelligence services such as Mossad, a well-known component of the Israeli intelligence agency, prompting fears about potential state-sponsored surveillance (Bergman & Mazzetti, 2023). While Pegasus's capabilities raise attention to the concerning consequences for individuals and groups, they also demonstrate broader security threats brought on by the digitization of surveillance. The likelihood of unauthorized access, data breaches, and cyber-attacks increases as our society becomes increasingly connected and dependent on digital technology. The digitization of surveillance introduces vulnerabilities that can be used by malicious actors, posing serious risks to individual, organizational, and even national security (Ministerie van Justitie en Veiligheid, 2022).

The interconnectedness and interdependency of digital systems in the EU create a complex web of potential entry points for malicious activities, making it crucial to address and mitigate these risks. In addition to compromising individual privacy, the exploitation of surveillance vulnerabilities can have far-reaching effects, as it can lead to the disruption of critical infrastructure, which includes energy grids, transportation networks, and financial systems. It can also lead to the theft of confidential data, including intellectual property, personal data, and government secrets, which in turn can lead to espionage and compromise national security. The manipulation of data or systems for malicious purposes can undermine trust in public institutions, disrupt democratic processes, and fuel social and political instability (Ministerie van Justitie en Veiligheid, 2022).

While Pegasus's capabilities raise attention to the concerning consequences for individuals and groups, they also demonstrate broader security threats brought on by the digitization of surveillance. The likelihood of unauthorized access, data breaches, and cyber-attacks increases as our society becomes increasingly connected and dependent on digital technology. The digitization of surveillance introduces vulnerabilities that can be used by malicious actors, posing serious risks to individual, organizational, and even national security (Ministerie van Justitie en Veiligheid, 2022).

Digital repression

Steven Feldstein defines digital repression as “the use of information and communications technology to surveil, coerce, or manipulate individuals or groups in order to deter specific activities or beliefs that challenge the state” (Feldstein, 2021, p. 25). The NSO Group exemplifies this definition with Pegasus spyware as this is used to conduct pervasive surveillance by infiltrating the phones of individuals and groups. Pegasus has been known for targeting journalists, (human rights) activists, and political dissidents (OCCRP, 2021). As they enable state actors to monitor and control these targets, they deter activities and beliefs that challenge the state’s authority, impending the targets’ freedom of expression. 

The primary and most known case of Pegasus exemplifying digital repression is that of Jamal Khashoggi. The prominent Saudi Arabian journalist of the Washington Post, and critic of the Saudi government, was brutally murdered at the Saudi consulate in Istanbul in 2018. As described in Sartor & Loreggia (2023), the Investigations by Amnesty International (2021d) found that Pegasus played a significant role in the planning and execution of the operation. This case demonstrates how digital repression extends beyond the borders of national surveillance and into the realm of physical harm and human rights violations. By exploiting Pegasus, the Saudi government targeted and silenced a dissident journalist, born in Saudi Arabia, eliminating his ability to express critical views against the regime. The spyware provided the tracking of Khashoggi’s activities, facilitating real-time information that was used to plan his abduction and murder. The dark side of Pegasus, which enables state-sponsored digital repression and undermines privacy, is exemplified by its use to target and eliminate political opponents, highlighting the authoritarian nature of such surveillance technologies and their implications for freedom of speech, freedom of the press, and the overall protection of human rights. 

Privatization: Israel’s offensive cyber security approach

In 2011, after recognizing the limitations and potential risks of the existing approach to cybersecurity, the Israeli government appointed an ad-hoc team of experts to assess the country's cybersecurity shortcomings and make recommendations for improvement (Cristiano, 2020). Israel recognized the rising importance of cybersecurity and formed a special task force in 2011 to strengthen the country's private cyber industry. This program aimed to strengthen Israel's capabilities in the sector while also reducing export restrictions for cyber technology. Veterans from the Israeli military's well-known intelligence unit, Unit 8200, as well as other divisions of the military, began transitioning into the business sector. Investing in cybersecurity would bring about advantages that encompass both security and economic aspects in Israel (Tabansky & Israel, 2015). Benjamin Netanyahu, Israel’s current and 2017 Prime Minister, said at Tel-Aviv University’s 7th Annual Cybersecurity Conference that “Cyber is a great business. It’s growing geometrically because there is never a permanent solution, it’s a never-ending business,” (Press, 2017). By highlighting the growth and perpetual nature of the cyber industry, Netanyahu implies that investing in cybersecurity can yield significant economic benefits. The statement also indicates that the cyber industry is experiencing rapid and exponential growth. The use of the term "growing geometrically" suggests that the industry's expansion is not linear but rather accelerating, driven by the increasing demand for cybersecurity solutions.

Initially, some of the veterans from the Israeli military who transitioned into the cyber business sector focused on defensive measures to protect Israeli computer systems from attacks. However, there was a shift in certain cybersecurity companies' priorities, including the NSO Group, towards offense-oriented technologies.

Their main goal became engaging in offensive cyber operations, utilizing advanced technologies to infiltrate and hack foreign systems. Coincidentally, this shift in focus by the NSO Group aligned with the Arab Spring uprisings in 2011, which were fueled by the widespread use of social media. Intelligence agencies in Arab countries, seized the opportunity to enhance their surveillance capabilities on social media platforms, enabling them to track the spread of protests and, in some cases, intervene to impede their progress (Weinberger, 2019).

In a New York Times article by Weinberger (2019), Ronald Deibert, the director of Citizen Lab, a cybersecurity watchdog organization, highlighted an interesting observation. According to Deibert, the Snowden leaks unwittingly offered a clear strategy for interested parties. The release of The Guardian's investigation on Snowden and the PRISM Project triggered widespread discussion and concerns about obtaining comparable surveillance capabilities. The results of this investigation served as a call to action for numerous nations, including Israel, pushing them to rethink their existing surveillance techniques and look for ways to improve their capabilities. 

Israel's response to the Snowden leaks led to the investment in a more offensive tactic within their realm of cyber security. The emphasis changed from solely defensive cyber security measures, to actively looking into offensive operations. The following rise of companies such as NSO Group, an organization solely focused on hacking into foreign systems, exemplifies this trend. Israel's pursuit of offensive cyber capabilities, along with the growth of its private cyber-surveillance industry, have since gained significant attention and acclaim worldwide. While the operations of its customers were highly secretive, NSO claimed to be working with several government intelligence and law enforcement agencies to prevent criminal activities, selling their software on a global scale (NSO GROUP - About Us, 2020). The nation established itself as one of the world's leading actors in cyber security (Cristiano, 2020; Hunt & Hackett, n.d.), with the NSO Group as its showpiece.

Transparency in the privatized surveillance industry

As a private entity, the NSO Group operates with less transparency and public oversight compared to state-run surveillance programs, illustrating the shift of surveillance power from public institutions to private corporations. The ability of private security firms to evade national controls is due to a number of factors, including the lack of strict and comprehensive national and international regulation, the internationalization of the private military industry, and the secrecy with which private security firms often operate (Krahmann, 2005).

The NSO group has come out with a transparency report in June of 2021 (NSO Group, 2021a). Such a report aims to enhance accountability, foster trust, promote oversight, and protect user rights in the digital ecosystem. By providing insights into the company's actions and practices, these reports can contribute to a more open, responsible, and ethical approach to data handling and user engagement. 

In the 'Statement of principles' published by the NSO Group in September of 2019, it is mentioned that the company’s “aspiration is to set the standard for transparency in the digital surveillance and communication interception sector” and that they “are committed to reporting publicly to the greatest extent possible on the effectiveness of [their] Human Rights Policy and related procedures” (NSO Group, 2019, p. 1). 

The transparency report that was published by the NSO Group in June of 2021 NSO Group, 2021b), sparked criticism from various organizations, including Amnesty International. According to Danna Ingleton, Deputy Director of Amnesty Tech, the transparency report falls short of its intended purpose and resembles more of a sales brochure than a genuine effort to provide meaningful information (Amnesty International, 2021a).

One of the main criticisms against NSO Group’s report in the article by Amnesty International is its failure to address the issue of remediation for victims who have suffered as a result of the misuse of its surveillance technology. Amnesty claims that activists and journalists worldwide have been subjected to unlawful surveillance using NSO Group's products, yet the company's report overlooks this crucial aspect. By omitting any mention of remediation efforts, NSO Group evades responsibility and fails to address the harm caused to individuals and communities. In a report by the European Parliament’s Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware, it was found that “NSO spyware continues to be detected on the devices of journalists and critics of authoritarian regimes, contrary to NSO’s human rights policy and human rights due diligence procedure” (In ‘T Veld, 2022, p. 122).

This exemplifies one of the consequences of privatized surveillance as described by Bauman et al. (2014) where issues about accountability and transparency arise due to profit motives and business interests.

Transnational partnerships and the exchange of surveillance technology by the NSO Group

Through their involvement in the development and deployment of surveillance services, private corporations like the NSO Group often gain interest in transnational partnerships. These private companies form partnerships and agreements with governmental agencies, allowing them to operate legally and collaborate across borders, facilitating the exchange of surveillance technology, expertise, and resources. As described in a study requested by the PEGA committee: “The Codes of Criminal Procedure of all [EU] Member States (…) provide for the use of special investigative techniques which may include, explicitly or not, hacking and the use of spyware.” (Liger & Gutheil, 2023, p. 8). This indicates the existence of legal frameworks that allow for the use of special investigative techniques in the EU.

The NSO Group is an example of such a private company that develops and sells its powerful surveillance technology — Pegasus spyware — in partnerships with various governments around the world (Marczak, 2020). These partnerships are meant to assist in intelligence gathering, counterterrorism efforts, and law enforcement activities. The issue lies in the fact that this very tool can also be utilized by governments to suppress dissent, resulting in the linkage of Pegasus to human rights violations, unethical surveillance practices, and even the highly publicized and heinous murder of the Saudi Arabian critic, Jamal Khashoggi (Kirkpatrick, 2018). Although the NSO Group’s co-founder Shalev Hulio claimed that Pegasus spyware has saved “tens of thousands of people” (60 Minutes, 2021, 04:28), there are multiple allegations and incidents that prove otherwise. The allegations and incidents that have surfaced indicate that Pegasus has been used by abusive government agencies (Gaubert, 2021), as also evidenced in Marczak (2020): “At least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society, including Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates” . The availability of sophisticated spyware such as Pegasus enables a wide range of actors, including authoritarian governments, to conduct surveillance operations that have the potential to infringe on individuals' privacy, freedom of speech, and human rights.

Pegasus as a tool of political power in Israel

After its release, Pegasus quickly became the flagship product of the NSO Group, and its significance extended beyond the company itself to the nation of Israel. Israel maintained control over the distribution of the Pegasus software under the ruling of former Prime Minister Benjamin Netanyahu, determining which entities are granted permission to acquire it, making the NSO Group operate “almost as an arm of the government” (Haaretz Editorial, 2022). According to an investigation by The New York Times (Bergman & Mazzetti, 2023), it was found that Panama and Mexico, showing support for Israel, voted in favor of Israeli interests at the United Nations, coinciding with their subsequent access to the Israeli software. According to that same NYT reporting, it was alleged that Pegasus was also promised to countries that would support Israel in its fight against its archenemy, Iran. The software by the NSO Group allegedly played a covert yet pivotal role in securing the support of Arab nations in Israel's efforts against Iran and even in the negotiation of the Abraham Accords, which were a series of historic diplomatic agreements signed in 2020, normalizing relations between Israel and several Arab nations, to foster peace, stability, and cooperation in the Middle East. “The combination of Israel’s search for influence and NSO’s drive for profits has also led to the powerful spying tools ending up in the hands of a new generation of nationalist leaders worldwide” (Bergman & Mazzetti, 2023). This quote perfectly describes the existence of a surveillance-industrial complex in Israel, where the motivations of governments seeking control and the commercial interests of the company NSO Group intersect, leading to the creation and distribution of advanced surveillance technologies.

The global impact of the Pegasus Project

Since its creation, the NSO Group’s advanced surveillance technology has piqued the interest of governments all over the world, becoming highly sought after. NSO rapidly became the largest Israeli corporation in the spyware sector, valued at a market capitalization of more than 1 billion USD (Kaster & Ensign, 2022). However, after the July 2021 publications of the Pegasus Project, a global collaboration involving over 80 journalists from 17 media organizations in 10 countries, coordinated by Forbidden Stories, and with technical assistance from Amnesty International, the NSO Group has been in a financial crisis (The Wire Staff, 2022). The Pegasus Project uncovered the abuse and impact of Pegasus spyware. Through forensic analysis of leaked data and the examination of targeted individuals' devices, the project exposed the widespread use of this powerful surveillance tool and its implications for privacy, human rights, and democratic governance. The initiative released public information on leaked lists of around 50,000 phone numbers that were targeted and attacked with the Israeli spyware (Forbidden Stories, 2021). The Pegasus Project evoked protest and backlash in several nations. The U.S., for example, blacklisted the NSO Group by adding it to the U.S. Department of Commerce’s Entity List after the Pegasus Project was revealed (Sanger et al., 2021). The revelations also had a significant impact on the EU. Prompted by the findings of the Pegasus Project, European Commission President Ursula von der Leyen expressed her strong disapproval, denouncing the reported usage of Israeli spyware to target the smartphones of journalists, government officials, and human rights activists across the globe. Von der Leyen emphasized the gravity of the situation, stating that if the allegations were true, “it is completely unacceptable. Against any kind of rules we have in the European Union” and that “Freedom of media, free press is one of the core values of the EU. It is completely unacceptable if this [hacking, editor's note] were to be the case” (Lakhani et al., 2021). 

As a result of the Pegasus Project, on March 10th, 2022, the European Parliament voted to create a new "committee of inquiry" called the PEGA Committee to investigate the use of Pegasus and similar spyware surveillance software by European member states (News European Parliament, 2022).

The Pegasus Project also prompted a reaction from Edward Snowden. In an interview with The Guardian, Snowden said that “this is an industry that should not exist” (0:06). During the interview he made the comparison that the NSO Group doesn’t “make vaccines – the only thing they sell is the virus” (0:43) and mentioned that this can only be stopped by a ban on spyware trade (Lewis & Pegg, 2021). This comparison of the NSO Group's products to a virus implies that their technology is harmful and invasive, but also capable of spreading and causing damage on a wide scale. It underscores the potential negative impact of their surveillance tools, suggesting that they can infect and compromise the privacy and security of individuals and organizations targeted by their software.

Discussion and conclusion

Historically, surveillance has been closely tied to the concept of national security. Governments have justified surveillance practices as necessary for protecting the safety and well-being of their citizens within the borders of their nation-states (Balzacq et al., 2016). Surveillance was primarily focused on gathering intelligence and monitoring activities within the national territory to prevent potential threats or acts of aggression from foreign countries. However, with the digital revolution of the world, surveillance has evolved into a global infrastructure. Due to advancements in technology, communication, and globalization, the boundaries of surveillance practices have expanded beyond national borders. And with the emergence of transnational surveillance networks, intelligence-sharing agreements, and the growth of private surveillance technologies companies, the notion of surveillance has changed. 

In this globalized context, the power dynamics and motivations behind surveillance have also changed. While national security is remaining a significant driver for surveillance, the scope of surveillance has expanded to encompass broader objectives such as economic interest, geopolitical influence, and the maintenance of social control over a nation’s citizens, even of those living outside the country of origin.

The global reach of surveillance technologies like Pegasus raises significant concerns about human rights, privacy, and the potential for abuse of the technology. The lack of international regulations and oversight mechanisms for surveillance technologies allows for unregulated expansion and misuse of these technologies. 

The case study on Pegasus spyware illustrates the convergence of privatization, transnationalization, and digitization in modern surveillance. In the context of modern surveillance, Pegasus serves as a compelling case study that exemplifies a larger phenomenon. While Pegasus highlights all aspects of the framework by Bauman et al (2014), privatization, transnationalization, and digitization, it is crucial to acknowledge that its implications extend beyond this specific technology. To gain a comprehensive understanding of modern surveillance, it is essential to broaden our perspective and consider other capacities as well. By examining surveillance more broadly we can detect the interconnected nature of surveillance technologies and practices across various sectors including government intelligence agencies, private companies, and authoritarian regimes. Surveillance goes beyond the scope of just Pegasus’ technology. It encompasses various techniques, systems, and strategies for monitoring and data collection, for example, facial recognition and biometric data (Snijder, 2016). 

Understanding surveillance as a larger phenomenon helps us explore its multifaceted concept and can help identify recurring themes across different contexts. Edward Snowden's statement during an interview with the Guardian exemplifies this perspective, as he highlights (Lewis & Pegg, 2021):

“We’re seeing what the NSO Group — which is sort of one of the most famous of these guys — is up to, but the NSO Group is only one company of many”

With this statement, he suggests that the issues surrounding surveillance extend beyond the actions of a single entity and involve a broader network of actors operating in similar capacities.

Based on the articles' aim to understand what role technical, commercial, and political factors play in shaping the development and adoption of Pegasus spyware, and how these technologies reflect and shape broader trends in digital culture and the surveillance industry, the results indicate that the interplay between societal attitudes towards privacy and security, as well as pivotal events, influence the demand for surveillance technologies, while political factors contribute to their development and use. The NSO Group reflects the increasing sophistication and scope of privatized surveillance technology companies, highlighting the emergence of the surveillance-industrial complex where the convergence of technological advancements, governmental policies, and corporate interests intertwine to create a complex ecosystem of surveillance.  

The case of Pegasus underscores the digitization of surveillance practices as the spyware operates through the exploitation of vulnerabilities in digital platforms and devices, enabling the collection, analysis, and storage of vast amounts of digital data. The findings of the study reveal how Pegasus exemplifies the transnational nature of modern surveillance as the spyware operates in a global context, transcending geographical boundaries and blurring the traditional notions of surveillance as a purely national framework. The case study of the NSO Group and Pegasus spyware helped our understanding of surveillance as a larger phenomenon and attributed to identifying recurring themes across different contexts. It provided a contextual understanding of a real-world subject to address the impact of digitization, privatization, and transnationalization on surveillance

This article is based on my thesis for the Master Digital Culture Studies. 

References

60 Minutes. (2021, November 4). 60 Minutes Archive: NSO Group’s “Pegasus” [Video]. YouTube.

Amnesty International. (2021a). NSO Group’s new transparency report is “another missed opportunity” [Press release].

Amnesty International. (2021b). China: Draconian repression of Muslims in Xinjiang amounts to crimes against humanity [Press release]

Amnesty International. (2021c). Forensic Methodology Report: How to catch NSO Group’s Pegasus [Press release]

Amnesty International. (2021d). Massive data leak reveals Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally [Press release]

Balzacq, T., Léonard, S., & Ruzicka, J. (2016). ‘Securitization’ revisited: theory and cases. International Relations, 30(4), 494–531. https://doi.org/10.1177/0047117815596590

Bauman, Z., Bigo, D., Esteves, P. A., Guild, E., Jabri, V., Lyon, D., & Walker, R. J. (2014). After Snowden: Rethinking the Impact of Surveillance. International Political Sociology, 8(2), 121–144. https://doi.org/10.1111/ips.12048

Bergman, R., & Mazzetti, M. (2023, June 15). The Battle for the World’s Most Powerful Cyberweapon. The New York Times.

Boffey, D. (2022, September 23). Jamal Khashoggi’s wife to sue NSO Group over Pegasus spyware. The Guardian.

Cristiano, F. (2020). Cyber Warfare and Security as National Trademarks of International Legitimacy. In S. N. Romaniuk & M. Manjikian (eds.), Routledge Companion to Global Cyber-Security Strategy, Palgrave Macmillan. .

Feldstein, S. (2021). The Rise of Digital Repression: How Technology Is Reshaping Power, Politics, and Resistance. Oxford University Press.

Forbidden Stories (2021, July 18). About The Pegasus Project. Forbidden Stories.

Haaretz Editorial. (2022, January 30). NSO is an arm of Israel’s government Haaretz.

Hunt & Hackett (n.d.). Threat profile - Israel. Hunt & Hackett.

In ‘T Veld, S. (2022). Report of the investigation of alleged contraventions and maladministration in the application of Union law in relation to the use of Pegasus and equivalent surveillance spyware. (PE738.492). European Parliament.

Kaster, S. D., & Ensign, P. C. (2022). Privatized espionage: NSO Group Technologies and its Pegasus spyware. Thunderbird International Business Review, 65(3), 355–364. https://doi.org/10.1002/tie.22321

Kirkpatrick, D. D. (2018, December 3). Israeli Software Helped Saudis Spy on Khashoggi, Lawsuit Says. The New York Times.

Krahmann, E. (2005). Security governance and the private military industry in Europe and North America. Conflict, Security & Development, 5(2), 247–268. https://doi.org/10.1080/14678800500170209

Lakhani, N., Safi, M., Sabbagh, D., Walker, S., Ellis-Petersen, H., & Kirchgaessner, S. (2021, July 20). Pegasus: NSO clients spying disclosures prompt political rows across world. The Guardian.

Lewis, P., & Pegg, D. (2021, July 20). Edward Snowden calls for spyware trade ban amid Pegasus revelations. The Guardian.

Liger, Q., & Gutheil, M. (2023). The use of Pegasus and equivalent surveillance spyware - The existing legal framework in EU Member States for the acquisition and use of Pegasus and equivalent surveillance spyware (PE 740.151). European Parliament.

Lyon, D. (2007). Surveillance Studies: An Overview. Polity.

Marczak, B. (2020, May 8). HIDE AND SEEK: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries. The Citizen Lab.

Marzocchi, O., & Mazzini, M. (2022). Pegasus and surveillance spyware. Think Tank, European Parliament.

Mildebrath, H. (2022). Europe’s PegasusGate - Countering spyware abuse. Think Tank, European Parliament.

Ministerie van Justitie en Veiligheid. (2022, July 4). Cyber Security Assessment Netherlands 2022. National Coordinator for Security and Counterterrorism. https://english.nctv.nl/documents/publications/2022/07/04/cyber-security...

News European Parliament (2022, April 19). EP inquiry committee for Pegasus and other spyware launched [Press release]

NSO Group (2019). Transparency - Statement of principles. NSO Group Website. https://www.nsogroup.com/wp-content/uploads/2019/09/Transparency-Stateme...

NSO Group (2020). About us. NSO Group Website.

NSO Group (2021a). Transparency - NSO Group. NSO Group Website.

NSO Group (2021b). Transparency and responsibility report 2021. NSO Group Website.

The Wire.

OCCRP. (2021, July 18). The Pegasus Project. OCCRP.

Press, G. (2017, July 18). 6 Reasons Israel Became A Cybersecurity Powerhouse Leading The $82 Billion Industry. Forbes.

Sanger, D. E., Perlroth, N., Swanson, A., & Bergman, R. (2021, November 3). U.S. Blacklists Israeli Firm NSO Group Over Spyware. The New York Times.

Sartor, G., & Loreggia, A. (2023). The impact of Pegasus on fundamental rights and democratic processes. Think Tank, European Parliament.

Snijder, M. (2016). Biometrics, surveillance and privacy: ERNCIP Thematic Group Applied Biometrics for the Security of Critical Infrastructure. Joint Research Centre. https://doi.org/10.2788/986068

Staff, T. (2019, January 12). NSO founder denies its phone hacking software was used to track Khashoggi. Times of Israel.

Surveillance (n.d.) In Wiki Diggit Magazine

Tabansky, L., & Israel, I. B. (2015). Cybersecurity in Israel. Springer International Publishing. https://doi.org/10.1007/978-3-319-18986-4

The Wire Staff (n.d.). NSO group deemed “worthless” to investors; no new pegasus bookings since july 2021. The Wire.

Weinberger, S. (2019, July 26). Private Surveillance Is a Lethal Weapon Anybody Can Buy. The New York Times.