Don’t miss the latest developments in business and finance.

How the Mexican government puts citizens under systematic surveillance

Mexico's legal framework authorises interception of private communications for investigating crimes

Mexican President, trump, mexico wall
Mexican President Enrique Pena. Photo: Reuters
Jacobo Najera and Giovanna Salazar | Global Voices
Last Updated : Jun 23 2017 | 9:40 AM IST

Mexico has become a prime destination for the surveillance technology industry in the Americas. Trade fairs are held annually and relationships between manufacturers, distributors and the Mexican government has intensified rapidly throughout the administration of Mexican President Enrique Peña Nieto. We are now beginning to see the causes and effects of these espionage practices.

Journalistic and independent investigations carried out by civil society organisations as well as various leaks have brought this relationship to light since 2013.

Purchases of surveillance equipment

In 2013, University of Toronto's Citizen Lab reported that spyware company Gamma Group was operating in Mexican telecommunications, which led to an investigation by various civil society organisations. That investigation along with journalistic research, documented the fact that FinFisher/FinSpy spyware had been acquired by several Mexican authorities through the company Obses de México.

Following a massive leak in 2015, we learned that the Mexican government had also purchased spyware from the controversial Italian firm, Hacking Team, through the intermediary, Teva Tech México SA. Those documents revealed that Mexico was the firm's main client worldwide, having made multi-million dollar purchases of surveillance tools called Galileo and DaVinci, both of which are commercial names for Remote Control Systems or RCS.

Later in September 2016, the New York Times revealed that the Mexican government had entered into contracts with the Israeli firm NSO Group to acquire Pegasus surveillance software.

By the end of 2016, additional reports documented purchases of equipment with interception capabilities known as IMSI-Catchers from companies in Finland and Switzerland each year from 2012 to 2015.

The most recent scandal took place on June 19, 2017 when 76 new cases of attempts to use Pegasus malware against journalists and human rights defenders in Mexico were revealed thanks to research, documentation and publication of a report by Article 19 and Mexico City-based NGOs Red en Defensa de los Derechos Digitales (R3D) and SocialTIC, along with technical research by the University of Toronto's Citizen Lab.

The New York Times published a detailed report about the investigation that appeared on the front page of the US newspaper:

We're on the front page of the NYT. Is it about corruption? No, they published about how Peña's government spies on journalists and activists #GobiernoEspia

How is this software used?

Mexico's legal framework authorizes interception of private communications for the purpose of investigating crimes — with previous approval from the federal judicial authority. The Mexican government has insisted that their use of surveillance technology has been authorized by relevant authorities. Ricardo Alday, spokesman for the Mexican embassy in Washington, confirmed this to the New York Times in a previous article about the Mexican government's million dollar contracts with the Israeli company NSO Group in 2013.

Nevertheless, evidence indicates that the tools have been used against activists, journalists and people who have expressed dissenting opinions or oppose the current government.

As a result of the multiple proofs of illegal digital surveillance utilizing software exclusively used by governments, on May 23, 2017, social organizations that were a part of the Secretariado Técnico Tripartita (Tripartite Technical Secretariat or STT) of the Open Government Alliance (AGA) stepped down from their positions in the group:

Due to espionage, civil society will cease participation in the Secretariado Técnico Tripartita for Open Government

Prior to the most recent revelation, the New York Times reported on February 11 that three members of organizations defending the right to health had all received text messages containing malicious links from Pegasus spyware, developed by NSO Group. They included Alejandro Calvillo, general director of El Poder del Consumidor (The Power of Consumers); Luis Encarnación, coordinator of the Coalición ContraPESO (Counterweight Coalition); and Dr Simón Barquera, a researcher attached to the Instituto Nacional de Salud Pública (National Institute of Public Health).

Research from the Citizen Lab confirmed the claim and detailed that during 2016, malware was used to take control of the activists’ devices in order to spy on their communications during a campaign to support a tax on sugar-sweetened beverages in Mexico.

According to the New York Times:

El descubrimiento de los programas espías en los teléfonos de los impulsores de un impuesto desata preguntas sobre si las herramientas están siendo usadas para promover los intereses de la industria refresquera de México.

The discovery of spyware on the phones of sugar tax supporters raises questions about whether the tools are being used to promote the interests of Mexico's beverage industry.

Citizen Lab's report on this case states that the same infrastructure of NSO Group was used in 2016 against Mexican journalist, Rafael Cabrera, while he was collaborating with Aristegui Noticias’ investigation on the “Casa Blanca”, which implicated the Mexican President and his wife in corruption. In August 2013, together with Lookout, they detected and reported on attempts to intercept Cabrera's cell phone as well as that of Ahmed Mansoor, a human rights defender in the United Arab Emirates.

In the special report Cyberespionage of journalists, the newspaper Proceso pointed out that the presence of companies that commercialize these kinds of surveillance tools is not new.

En julio de 2015, Proceso reveló que Hacking Team catalogaba a sus clientes mexicanos en la categoría de “ofensivos”, es decir, los que utilizan los programas espías para penetrar y manipular los aparatos de sus objetivos.

También reportó que el Cisen utilizó el programa espía de la empresa italiana con fines políticos: durante 2013 la instancia solicitó más de 30 veces a Hacking Team que contaminara archivos titulados, entre otros: “Propuesta reforma PRD”, “Reforma Energética”, “La policía secuestra”, “CNTE” o “Marcos y Julio Sherer” (sic). Para infectar al objetivo, éste debe abrir un archivo y para ello, el título le debe llamar la atención.
Next Story