Share this article


The continuous evolution of cyber capabilities has proportionally raised the risk of cyber warfare, cybercrimes, cyber surveillance, etc. Advancement in cyber capabilities and their dual nature is perceived by many as a national security threat. ‘Dual nature’ means that cyber technology can be employed for the achievement of legitimate and illegitimate objectives. The role of private cyber industry has especially complicated the cyber security landscape.

A case in point is the Pegasus scandal. In 2019, the Niv, Shalev, and Omri (NSO) Group, a private entity working in the domain of cyber intelligence, was exposed for selling an intrusive software called ‘Pegasus’ to a number of foreign entities. The list of phone numbers exposed in the Pegasus spyware scandal mostly consisted of key political leaders, journalists, human rights activists, etc. The data leak exposed the extent to which any spyware could be misused. The Pegasus spyware manufacturer – the NSO Group – claimed that its software is designed to ensure state security and aid law enforcement agencies in tracking criminals and terrorists. However, the reality is rather ominous and obscure as governments, non-state actors, and militaries across the globe were involved in the purchase of this software to accomplish a range of political and ideological objectives. 54% of its customers were authoritarian or hybrid regimes, while hardly 8% comprised of democratic states/organisations. Various countries have raised their concern about the Pegasus project and its applications. The US Bureau of Industry and Security (BIS) declared the NSO Group as one of four foreign companies that poses a threat to America’s national security. The European Union, on the other hand, has called for a total moratorium on the sale of Pegasus spyware in Europe as a short-term measure. After detecting the presence of this software on an old cellphone used by Pakistan’s Prime Minister, the government requested the United Nations (UN) to investigate whether India used Israeli-made spyware to spy on the country’s leadership.

NSO is not the only wrongdoer as there are 528 other private firms generating huge profits by selling surveillance technologies to governments and other bodies. The open availability of such spyware has provided exponential opportunities to a multitude of threat actors to conduct cyber-related espionage and surveillance activities. Literature on cyber technologies is replete with examples where both authoritarian regimes and democratic states have been involved in the use of surveillance technologies. The use of such technologies depends on the purpose of end users. For instance, in the hands of authoritarian regimes, it can enable human rights violations; while in the hands of state actors and intelligence agencies, it can facilitate them in spying on dissidents and critics. States can also deploy such technologies to keep track of the activities of their rivals. This was ascertained in a recent investigation by 17 media news organisations which highlighted the prospective risks of unregulated sale of surveillance technologies and put forth the need for regulating the private surveillance industry. As way back as 2013, studies such as one published in the Harvard Law Review also summed up the dangers associated with use of privately developed and available cyber-surveillance technologies classified into three categories – ‘blackmail, discrimination, and persuasion.’

As per current estimates, over 80 countries now apply some form of digital surveillance against opposing states/entities. 40 of the world’s top 50 military spending countries use AI surveillance technology. The absence of effective checks and balances on the private cyber industry has given a free hand to known and unknown threat actors to purchase such surveillance tools openly available in the market for their interests.

According to the United Nations Special Rapporteur, the root of the problem lies in a private surveillance industry which is not transparent and operates under lax (or absent) legislation. The profit generation model adopted by private industry and lack of effective accountability/monitoring mechanisms have encouraged the cyber industry in particular to generate profits by conducting illegal and unlawful export of such technologies. Hence, there is a need for instituting a global authority for regulating the mechanisms being followed by the private surveillance industry.

Regulating the use of the latest surveillance technologies would be a challenging task due to the involvement of multiple stakeholders and their profoundly diverse interests. Some of the many recommendations within this domain that can be useful in this regard include:

  • Framing a legal code of conduct for the private surveillance industry dealing in the transfer of these technologies.
  • A separate body consisting of experts dealing with technology, cyber security and human rights should be formed under the UN auspices to monitor the sales/purchase, registration, and use of intrusive technologies.
  • To stop unlicensed/illegal use, these technologies should be encrypted and only be available after a formal publically available sales/purchase agreement is made by the using party.
  • Moreover, private cyber-tech conglomerates should be under the scrutiny of the law and audit of countries in which they are operational.

The contemporary era will be dominated by emerging technologies and their dual potential. Since there are no binding agreements or rules that regulate their functioning, the threats emanating from them is real and present. Therefore, states should also focus on strengthening their own digital and cyber security framework and invest in more effective and advanced spyware countering technologies. The regulation of tech spyware has become a real test for democracies to either halt their sale or get caught in a global spyware arms race.

Amna Tauhidi is a researcher at the Centre for Aerospace & Security Studies (CASS), Islamabad, Pakistan. She can be reached at

Image Source: Rogal, Andreas.2021, “Poland comes under fire over renewed media law push and new Pegasus spyware revelations.”  Parliament Magazine, 22 Dec.

Recent Publications

Browse through the list of recent publications.

Daniel McDowell, Bucking the Buck

Daniel McDowell’s book Bucking the Buck: US Financial Sanctions and the International Backlash against the Dollar is a notable addition to the literature on the de-dollarisation trend and its underlying motives. In it, McDowell critically analyses the influence of the overuse of economic sanctions by the United States (US)


Read More »

Why is this a Ripe Time to Promote Solarisation?

A shift towards solar power use has been taking place across Pakistan recently, as declining prices of solar panels, coupled with frequent hikes in electricity tariffs, have galvanised end-consumers to embrace solar solutions. However, this rapid pace of solarisation has sparked concerns within some policy-making circles. Speculations regarding policy changes affecting solar photovoltaic (PV) participants


Read More »

Share Wisely: Protecting Data in the Digital Age

From the moment an individual  wakes up in the morning to the time s/he sets the alarm for the following day – and even while sleeping, one’s life is now being captured in a continuous loop of digital surveillance via tech gadgets. Individual actions, interactions, preferences, and nearly every aspect of the  digital life  is being monitored and converted into data points. This surveillance extends to personal data from sources such as search history, social media platforms, web page views


Read More »

Stay Connected

Follow and Subscribe

Join Our Newsletter
And get notified everytime we publish new content.


Developed By Team CASSTT

Contact CASS

CASS (Centre for Aerospace & Security Studies), Old Airport Road, Islamabad
+92 51 5405011

All views and opinions expressed or implied are those of the authors/speakers/internal and external scholars and should not be construed as carrying the official sanction of CASS.