A UK human rights watchdog group has issued a statement calling private surveillance software FinFisher a violation of human rights. Developed by British-German company Gamma International, FinFisher has been used by repressive governments across the world to spy on citizens while using it to suppress dissent.
The Organisation for Economic Cooperation and Development’s UK National Contact Point (“NCP”) found that Gamma has failed to adhere to human rights and due diligence standards, after a two year investigation into the company’s sale of surveillance technology to Bahrain. The country had originally purchased FinFisher as early as 2009, and has since used it to violate the human rights of three activists; an act that drew the attention of several international watchdogs including Privacy International and Reporters without Borders.
FinFisher is a commercially available spyware programme that can be installed to monitor the internet activity of individuals. It is often sold to law enforcement agencies and is capable of taking control of target computers while also capturing encrypted communications. It works in a manner similar to any of malware in that it uses the same attack vectors and exploits similar vulnerabilities to deploy the spyware package.
Unlike other malware that is used by criminals and bored programmers, FinFisher is most often used by governments to spy on private citizens. This situation has caused activist organisations to condemn its use and Gamma International for being “modern day mercenaries”. Among the repressive regimes that are FinFisher customers are Bahrain, Ethiopia, Turkmenistan, and a select number of Southeast Asian countries.
However, not all FinFisher customers openly use it to oppress citizens. It has also been identified under the control of “freer” countries like the United Kingdom itself and Germany.
While the human rights watchdog itself has no binding effect on the legal status of FinFisher, it is a step forward for spyware critics to build their case against commercially available tools. It could also hopefully prevent any similar services and spyware from appearing in the market.