At the end of the nineties, when we were studying the crime of theft in law school, we were learning concepts like the false key or the nightingale. Today, these instruments are far away when I teach at the university. We criminal lawyers face cybercriminals who use sophisticated phishing techniques, protect their identities through proxy servers, and hide loot in cryptowallets.
In the criminal law of the computer and internet age we are facing a new paradigm. We saw this recently when a Russian cybercriminal group paralyzed the activity of Hospital Clínic de Barcelona. Criminal booty is information, and criminal opportunity no longer needs physical space.
We are in the era of Crime as a service, there are companies that sell malicious computer programs (malware) ready to be executed. Cybercrime is a booming business and it is no longer necessary to know computer science to commit crimes. Anyone can be a victim: we all carry a computer in our pocket (and our life inside it). The risk to fundamental rights is huge.
As always, technology aligns with the interests of the most powerful. Private companies that exploit citizens’ data, and states that use spy programs (spyware) for their agents to monitor those they consider enemies. All too often, it includes organized citizens, human rights activists, popular movements, political dissidence, etc. We have seen it in Hungary, in Poland, and also in Spain, with the largest number of victims of political espionage ever discovered. Precisely, the Catalangate scandal is an example of the State’s monitoring possibilities on political objectives.
It is well known that the Pegasus spyware is designed and sold by the private Israeli company NSO. Also, this program is only sold to government agencies. The Spanish Ombudsman’s investigation into Catalangate concluded with a report on the good work of the Spanish intelligence agency, the CNI.
We therefore have all the actors identified: spyware creators (NSO), users (CNI) and victims.
The political system is hostage to the interests of the private companies that exploit our data, and neither the companies nor the State face effective control and accountability systems. In the absence of a true counter-power, states spy on us and will spy on us. There is no legal, political, national or international cost to encourage the State to stop spying on us.
Faced with this, citizens cannot do anything other than protect themselves, learn even more technology and put it at the service of the common welfare. It is necessary to denounce the populist drift of our rulers and their departure from democratic standards. At the same time, we must exploit the resources of the system itself to obtain victories in jurisdictions and international forums for the protection of human rights.
Using spyware like Pegasus is just the symptom. “Democracy dies in the cloud”, as Josep Maria Ganyet says, and Spain today is suspended in democratic quality. This is confirmed by the opacity of the institutions that should protect the victims.