How the Mexican government puts citizens under systematic surveillance

Mexico's legal framework authorises interception of private communications for investigating crimes

Mexico has become a prime destination for the surveillance technology industry in the Americas. Trade fairs are held annually and relationships between manufacturers, distributors and the Mexican government has intensified rapidly throughout the administration of Mexican President Enrique Peña Nieto. We are now beginning to see the causes and effects of these espionage practices.

Journalistic and independent investigations carried out by civil society organisations as well as various leaks have brought this relationship to light since 2013.

Purchases of surveillance equipment

In 2013, University of Toronto's Citizen Lab reported that spyware company Gamma Group was operating in Mexican telecommunications, which led to an investigation by various civil society organisations. That investigation along with journalistic research, documented the fact that FinFisher/FinSpy spyware had been acquired by several Mexican authorities through the company Obses de México.

Following a massive leak in 2015, we learned that the Mexican government had also purchased spyware from the controversial Italian firm, Hacking Team, through the intermediary, Teva Tech México SA. Those documents revealed that Mexico was the firm's main client worldwide, having made multi-million dollar purchases of surveillance tools called Galileo and DaVinci, both of which are commercial names for Remote Control Systems or RCS.

Later in September 2016, the New York Times revealed that the Mexican government had entered into contracts with the Israeli firm NSO Group to acquire Pegasus surveillance software.

By the end of 2016, additional reports documented purchases of equipment with interception capabilities known as IMSI-Catchers from companies in Finland and Switzerland each year from 2012 to 2015.

The most recent scandal took place on June 19, 2017 when 76 new cases of attempts to use Pegasus malware against journalists and human rights defenders in Mexico were revealed thanks to research, documentation and publication of a report by Article 19 and Mexico City-based NGOs Red en Defensa de los Derechos Digitales (R3D) and SocialTIC, along with technical research by the University of Toronto's Citizen Lab.

The New York Times published a detailed report about the investigation that appeared on the front page of the US newspaper:

Ganamos primera plana en el NYT. Algo de corrupción? No, publican como nos espia el Gob de Pena a periodistas y activistas #GobiernoEspía pic.twitter.com/IujXLtx8OT

— Daniel Lizarraga (@danliza) June 19, 2017

We're on the front page of the NYT. Is it about corruption? No, they published about how Peña's government spies on journalists and activists #GobiernoEspia

How is this software used?

Mexico's legal framework authorizes interception of private communications for the purpose of investigating crimes — with previous approval from the federal judicial authority. The Mexican government has insisted that their use of surveillance technology has been authorized by relevant authorities. Ricardo Alday, spokesman for the Mexican embassy in Washington, confirmed this to the New York Times in a previous article about the Mexican government's million dollar contracts with the Israeli company NSO Group in 2013.

Nevertheless, evidence indicates that the tools have been used against activists, journalists and people who have expressed dissenting opinions or oppose the current government.

As a result of the multiple proofs of illegal digital surveillance utilizing software exclusively used by governments, on May 23, 2017, social organizations that were a part of the Secretariado Técnico Tripartita (Tripartite Technical Secretariat or STT) of the Open Government Alliance (AGA) stepped down from their positions in the group:

Por espionaje, sociedad civil deja participación en Secretariado Técnico Tripartita de Alianza para Gobierno Abierto pic.twitter.com/XxyBvhpFih

— Fundar (@FundarMexico) May 23, 2017

Due to espionage, civil society will cease participation in the Secretariado Técnico Tripartita for Open Government

Prior to the most recent revelation, the New York Times reported on February 11 that three members of organizations defending the right to health had all received text messages containing malicious links from Pegasus spyware, developed by NSO Group. They included Alejandro Calvillo, general director of El Poder del Consumidor (The Power of Consumers); Luis Encarnación, coordinator of the Coalición ContraPESO (Counterweight Coalition); and Dr Simón Barquera, a researcher attached to the Instituto Nacional de Salud Pública (National Institute of Public Health).

Research from the Citizen Lab confirmed the claim and detailed that during 2016, malware was used to take control of the activists’ devices in order to spy on their communications during a campaign to support a tax on sugar-sweetened beverages in Mexico.

According to the New York Times:

El descubrimiento de los programas espías en los teléfonos de los impulsores de un impuesto desata preguntas sobre si las herramientas están siendo usadas para promover los intereses de la industria refresquera de México.

The discovery of spyware on the phones of sugar tax supporters raises questions about whether the tools are being used to promote the interests of Mexico's beverage industry.

Citizen Lab's report on this case states that the same infrastructure of NSO Group was used in 2016 against Mexican journalist, Rafael Cabrera, while he was collaborating with Aristegui Noticias’ investigation on the “Casa Blanca”, which implicated the Mexican President and his wife in corruption. In August 2013, together with Lookout, they detected and reported on attempts to intercept Cabrera's cell phone as well as that of Ahmed Mansoor, a human rights defender in the United Arab Emirates.

In the special report Cyberespionage of journalists, the newspaper Proceso pointed out that the presence of companies that commercialize these kinds of surveillance tools is not new.

En julio de 2015, Proceso reveló que Hacking Team catalogaba a sus clientes mexicanos en la categoría de “ofensivos”, es decir, los que utilizan los programas espías para penetrar y manipular los aparatos de sus objetivos.

También reportó que el Cisen utilizó el programa espía de la empresa italiana con fines políticos: durante 2013 la instancia solicitó más de 30 veces a Hacking Team que contaminara archivos titulados, entre otros: “Propuesta reforma PRD”, “Reforma Energética”, “La policía secuestra”, “CNTE” o “Marcos y Julio Sherer” (sic). Para infectar al objetivo, éste debe abrir un archivo y para ello, el título le debe llamar la atención.

Los correos electrónicos mostraron que NSO operó en México antes que HT y que la empresa italiana tenía la firme intención de rebasar a su homóloga israelí, la cual había obtenido jugosos contratos con dependencias federales y estatales en la administración de Felipe Calderón.

In July 2015, Proceso revealed that Hacking Team cataloged its Mexican clients in an “offensive” category, that is, those who use the spyware to penetrate and manipulate the devices of their targets.

Proceso also reported that Cisen used the Italian company's spyware for political purposes: during 2013 they made more than 30 requests to Hacking Team to infect files named: “Proposed PRD reform”, “Energy Reform”, “Police kidnapping”, “CNTE” or “Marcos and Julio Sherer” (sic) among others. In order to be infected, the person targeted has to open a file [sent typically via email or SMS by the attacker]. Attention-grabbing titles are used for this purpose.

The e-mails showed that NSO Group had been operating in Mexico before Hacking Team and that the Italian firm intended to surpass its Israeli competition, who had obtained juicy contracts with both federal and state dependencies during the administration of [previous Mexican president] Felipe Calderón.

A detailed investigation carried out by independent media groups Animal Político and Lado B describes how surveillance tools in the hands of government are used to illegally monitor political opponents. Such was the case of the Puebla state government headed by Rafael Moreno Valle, who used Hacking Team software to spy on his opponents, along with journalists and even academics approaching elections.

It is clear that Mexico has become a paradise for the surveillance industry. Companies focused on development and commercialization of spyware products and surveillance of telecommunications can sell their products to agents of the state in an environment of little transparency and even less accountability.

---

This article, written by Jacobo Najera and Giovanna Salazar, was published on Global Voices on June 21, 2017