Where Governments Hack Their Own People and People Fight Back: 2018 in Review
Throughout 2018, new surveillance practices continued to erode the privacy of people in Latin America. Yet local and regional digital rights organizations continue to push back with strategic litigation, journalists and security researchers investigate to shed light on government use of malware, and local activists work tirelessly to fight overarching surveillance laws and practices across the region.
Brazil: Secretly Tracking 600,000 Subway Riders
In a win for privacy, the São Paulo Court of Justice ordered a halt to the collection of subway passengers’ data, using advertisements on subway trains that tracked user's facial expressions and traits. The Brazilian Institute of Consumer Protection (IDEC) and the Latin American Network of Surveillance, Technology and Society Studies (LATVIS), sued Via Quatro, a concessionaire in São Paulo’s subways, defending the privacy rights of around 600,000 Brazilians who use the public transport system everyday.
Mexico: Murders and Hacking #GobiernoEspia
Mexico has remained in the headlines this year for privacy violations. In 2018, Citizen Lab, with the ARTICLE 19 Office for Mexico and Central America, Mexican NGO R3D, and SocialTIC, revealed that two journalists from Rio Doce—an independent news outlet covering drug cartels—were targeted with malware. The journalists received text messages laced with Pegasus malware made by the Israeli spyware firm NSO Group. They links were sent to them after their colleague, award-winning Mexican journalist and Rio Doce co-founder Javier Valdez died of 12 bullet wounds.
The Mexican government has been denounced before for illegally spying on twenty of its most outspoken critics. Despite abundant evidence pointing to the illegal use of Pegasus in Mexico, NSO Group has apparently maintained its relationship with the Mexican government. In response, R3D last August filed civil lawsuits in Israel and Cyprus against NSO Group alleging negligence and complicity to human rights violations. R3D is demanding that NSO Group cease its services and be held accountable for its role in the Mexican government's human rights violations. R3D also seeks to hold Mexican officials responsible for these abuses.
Guatemala: Planting Malicious Software on Citizens' Computers
Governments have used the same malicious software that petty internet criminals use to take over innocent users' computers, for the purpose of social control. This year, El Nuevo Diario published a groundbreaking report revealing a years-old, vast, and illegal spying operation against Guatemalan activists, entrepreneurs, politicians, journalists, diplomats, and social leaders. The report found the government of the Patriot Party (Partido Patriota) spent more than 90 million quetzales (US $12 million) on IMSI-catchers and software to monitor and collect social media information for investigations and surveillance. They also purchased malicious software from the world's most notorious malware providers: Hacking Team’s Galileo and NSO Group’s Pegasus. The news revealed that the government used those tools to target protesters fighting government corruption in 2015. Digital rights organizations such as Fundacion Acceso and IPANDETEC used this opportunity to raise awareness about privacy rights, despite the country's deeply rooted culture of secrecy surrounding surveillance.
Argentina: Dangerous Attempts to Legalize Indiscriminate Government Hacking
2018 saw dangerous legislative efforts to authorize the unregulated use of government hacking by both the city of Buenos Aires and at the federal level. The Centro de Estudios Legales y Sociales, Asociación por los Derechos Civiles, la Asociación Civil por la Igualdad y la Justicia, Fundación Vía Libre, and others fought back against a reform to the Buenos Aires’ Criminal Procedure Code and the Federal Criminal Procedure Code to enable "special investigative measures," such as the government use of malware in criminal investigations. In a win for privacy, those provisions were dropped. These technologies are invasive and surreptitious, and raise far different privacy and security concerns than traditional wiretapping. Each of these new powers is a ticking time-bomb for potential abuse. The dangerous bill failed to provide even basic controls necessary to constrain its use, an independent judiciary who will enforce those limits, or any public oversight mechanism that would allow the general public to know what its country's most secretive government agents are doing in their name.
Chile: Creating False Evidence
"Operation Hurricane," run by police in Chile's La Araucanía region, prompted the 2017 arrest of eight Mapuche community members, an indigenous group in South Central Chile, accused of forming an illicit terrorist association, using electronic chats as evidence. This year, Operation Hurricane thrust state surveillance into the digital age to the forefront of Chilean public opinion. In a shocking turn, the Chief Prosecutor (Fiscal) of the High Complexity Unit of La Araucanía confirmed the prosecution of officials from the Police Intelligence Directorate of Carabineros for obstruction of justice by producing false evidence to incriminate the Mapuche community members.
The Latin American digital rights group Derechos Digitales has been demanding the truth about Operation Hurricane, calling for reforms of Chilean intelligence services, and stressing the need to adopt laws that comply with Chile’s human rights obligations.
The Fight Goes On
This year, privacy rights have faced unprecedented attacks from Latin American governments and companies—attacks that the Latin American digital rights community has been instrumental in repelling. In addition those we've already mentioned, these groups include: the Karisma Foundation in Colombia, which is fighting against facial recognition and CCTV cameras in Colombian subway stations; TEDIC from Paraguay, which raises awareness of surveillance practices such as the use of biometric systems; and international organizations such as ARTICLE 19, with regional offices in Mexico and Brazil, supported by an international office in London.
While concerns and actions in Europe and the United States often get the international headlines, local groups in Latin America are doing the vital groundwork of investigating transgressions, lobbying for change, and litigating for justice. We hope that, as the public begins to recognize the growing threats, they will also do more to support organizations doing important work in Latin America.
This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.
Like what you're reading? Support digital freedom defense today!