Category Archives: Renata Avila

Renata Avila is a Guatemalan lawyer specializing in human rights and intellectual property and an advocate for freedom of expression, privacy, digital rights, transparency, and indigenous rights.

Cyber Stewards at the IGF14 in Istanbul

Members of the Cyber Stewards network are participating this week at the 2014 Internet Governance Forum (IGF) in Istanbul, Turkey.

The IGF is taking place from 2-5 September, 2014 at the Lütfi Kirdar International Convention and Exhibition Center (ICEC). The overarching theme for the meeting is: “Connecting Continents for Enhanced Multistakeholder Internet Governance”.

Cyber Stewards Reem Al Masri from 7iber in Jordan, Walid al Saqaf from Yemen, and Renata Avila from Guatemala are participating in various panels at the event.

In addition, Francisco Vera from Derechos Digitales will be discussing intermediary liability issues with Malcolm Hutty (European Internet Service Provider Association (EuroISPA), Anriette Esterhuysen (Association for Progressive Communications (APC), Nicolo Zingales (Tilburg University) and Elonnai Hickok (Centre for Internet and Society).

For more information about the week’s events, click here.

Cyber Stewards Network 2013 Year in Review

Introduction

Since 2012, the Citizen Lab with the support of the International Development Research Centre (IDRC) has been working on building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels. This space emerged as the Cyber Stewards Network, and since then, members from the global South have been involved in key cybersecurity and Internet governance debates, policy discussions, litigation and advocacy campaigns. The following is a review of major outcomes in advocacy, litigation and public policy in 2013.

Research and Advocacy

Advocacy is broadly defined and in this context, Stewards who engage in advocacy are deeply rooted in evidence-based research as a foundation from which any good advocacy campaigns are developed.

Stewards speak out against Snowden revelations

Following the United States’ National Security Agency (NSA) spying revelations, the Cyber Stewards Network partners were involved in awareness-raising activities on issues of cyber surveillance and privacy.

Partners in the Cyber Stewards Network joined the chorus of voices speaking out against the NSA program and its implications on domestic safeguards for data protection across the world. Alberto Cerda, International Program Director of Chilean NGO Derechos Digitales, wrote in an op-ed that the “violation of fundamental rights has a global character. What good is it for me to be protected in Chile if it’s actually the US government that’s violating my rights?” Derechos Digitales has cautioned users to be mindful of what content they upload on any network.

Ramiro Alvarez Ugarte, Director of Access to Information for Asociación por los Derechos Civiles, has also suggested that the PRISM revelations should force netizens in countries outside of the US—such as his native Argentina—to look at the powers that domestic intelligence agencies wield, especially where governmental oversight of these organizations is lacking.

CIPESA criticized the Ugandan government for its plans to use surveillance technology to monitor the social media accounts of citizens. On May 30, Ugandan Security Minister Muruli Musaka announced that the government would establish a “Social Media Monitoring Center”as a matter of national security. To assuage the public’s fears, a government spokesperson later clarified that the surveillance centre would only target cyber criminals. Civil society remains skeptical given the government’s track record of shutting down media or removing online content under the pretext of terrorism or other security grounds.

7iber challenges online censorship in the Middle East

In early 2013, 7iber started a blog series titled Wireless, where they continue to publish regular blog and multimedia content on media, censorship, and cyber security issues in the Middle East. This ongoing series includes short updates, articles, creative infographics, and videos that deal with relevant issues from the region.

Besides the busy research work, the group received significant media attention when in June, their website was blocked in Jordan along with over 250 other news sites. Subsequently, in July, 7iber was recognized as one of the top ten Arabic Blogs of 2013 [Arabic]. In December, the group worked closely with Global Voices to coordinate the 4th Arab Bloggers Meeting, which took place in Amman.

Training, Education, and Capacity-building worldwide

In 2013, the Tibet Action Institute (TAI) participated in several panel discussions to discuss cybersecurity and targeted threats as part of their “Safe Travels Online” campaign. In June 2013, TAI hosted an event in Dharamsala, India. This “Safe Travels Online: Tech Meet” with Cyber Steward and TAI Field Coordinator Lobsang Gyatso Sither and other TAI staff explaining security concepts and the use of security tools to members of the Tibetan community. Citizen Lab Research Manager Masashi Crete-Nishihata gave a presentation on the Lab’s Targeted Threats research and what they have learned about online threats targeting the Tibetan community. Lhadon Thetong, the director of the Tibet Action Institute, then gave a talk on the importance of digital security, activism and action in the Tibetan community in the context of the movement and struggle for independence. A second “Safe Travels Online: Tech Meet” was held in Toronto and was hosted by Students for a Free Tibet Canada. The meeting revolved around online targeted threats against activists, the Tibetan diaspora community, and their supporters.

As part of the “Safe Travels Online” campaign, TAI has developed a video series hosted on their website. The series stars Tibetan comedian Sonam Wangdue and shows him promoting security best practices for users of digital technology.

In Pakistan, Bytes for All continued their “Access Is My Right” advocacy campaign, which calls on Pakistani citizens to raise awareness about  Internet censorship, privacy, and freedom of expression in the country. B4A describes the campaign as “a call for [a] larger human rights movement in the country and [for] citizens to fight the ongoing censorship as it will further take its toll on already compromised civil liberties in the country.” In the past year alone, the campaign produced posters criticizing the blocking of mobile phone services to prevent sectarian terrorist attacks, highlighting research by the Citizen Lab with the assistance of B4A on the presence of Netsweeper in Pakistan, and supporting privacy rights in Pakistan after research showed the presence of surveillance software FinFisher in the country.

In Colombia, Colnodo held a public cybersecurity workshop in in September 2013. The workshop brought together participants from women’s organizations, civil society organizations, government bodies, and the private sector in order to raise awareness and capacity building for women leaders and defenders of human rights regarding online security issues.

In India, the Centre for Internet and Society (CIS) launched its CIS Cybersecurity video series, a video documentary project featuring interviews with cybersecurity stakeholders from various sectors on hotly debated aspects of cybersecurity. The project aims to encourage wider public discussion around cybersecurity issues. Interviewees include: members of European Parliament, Mariejte Schaake and Amelia Andersdotter; Chief Security Officer for ICANN, Jeff Moss; Director of the Tibet Action Institute, Lhadon Tethong; Executive Vice President and Chief Technology Officer of Afilias Limited and member of the ICANN Board of Directors, Ram Mohan; Principal Technologist and a Senior Policy Analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union, Christopher Soghoian; former Policy Advisor to the Netherlands government, Jochem de Groot; and Global Policy Analyst at the Electronic Frontier Foundation, Eva Galperin. CIS’s Cybersecurity series has informed the producton of a full-length documentary called DesiSec: Cybersecurity and Civil Society in India.CIS released a trailer for DesiSec in November 2013 and held a special screening for the documentary in December 2013.

Research and Litigation

Several members of the Cyber Stewards Network have adopted public interest litigation (PIL) as part of their research strategy. Regardless of whether a given lawsuit proves successful, civil society organization may use PIL to bring issues like violations of human rights and free speech to the forefront of national attention. Moreover, PIL can serve to educate a country’s judiciary on issues about which they may not understand.

Bytes for All lawsuits

B4A currently has several cases before the Pakistani courts and one before the UK courts in conjunction with Privacy International.

In January 2013, B4A submitted a petition to the Lahore High Court claiming that the rights of Pakistanis have been violated through the government’s censoring of various popular sites on the Internet. The censorship of YouTube as a consequence of the site hosting the controversial “Innocence of Muslims” video was highlighted in this case. This petition was initiated in collaboration with the Media Legal Defense Initiative, a non-governmental organisation which supports the rights of journalists and independent media. The Youtube case has received 19 hearings over the past year and a half. Most recently, B4A met with the Federal minister and other stakeholders, and the National Assembly passed a  resolution on unbanning the popular video-streaming site, however the site remains blocked. B4A remains committed to their long-standing anti-censorship/no-filtering stance and will oppose any options promoting censorship as a solution as they continue their advocacy work on this case.

Along with the so-called “YouTube case,” B4A filed a petition with the Lahore High Court on the possible use of the FinFisher product suite in Pakistan. The first hearing took place on May 13, 2013 and resulted in a court decision ordering the Pakistan Telecommunication Authority (PTA) to investigate the use of FinFisher software in the country. The court order further stipulated that the PTA must make a statement to the court by June 24, 2013. In October 2013, B4A submitted a contempt charge against the government for not reporting to the court with regards to the petition. B4A’s case is based on evidence revealed by the Citizen Lab on the presence of FinFisher software in 36 countries across the globe, including Pakistan.

B4A is also actively collaborating with Privacy International to sue the UK government over its Tempora surveillance program, which would allow GCHQ to wiretap networks passing through the UK. B4A and PI are arguing that the program violates the European Convention on Human Rights’ privacy safeguards as well as the limits of lawful surveillance outlined in the Regulation of Investigatory Powers Act. The suit, which was filed with the UK’s Investigatory Powers Tribunal, asks that the program be made illegal and that GCHQ destroys all unlawfully obtained material.

For these and other efforts, B4A and its Director, Shahzad Ahmed, have received international recognition. In March 2013, B4A received an Avon Communications Award “for organizing campaigns for the betterment of women” through their Take Back the Tech campaign. One year later, Shahzad Ahmed won the Doughty Street Advocacy Award as part of the Index on Censorship’s 2014 Freedom of Expression Awards. The award recognized Ahmed as “one of the leading voices in the fight against online censorship in Pakistan.”

PIN vs. the Nigerian government

PIN initiated its own legal action against the Nigerian government. In April 2013, Premium Times, a Nigerian English-language newspaper, reported that President Goodluck Jonathan had awarded a USD 40 million contract to Elbit Systems, an Israeli company that markets itself as an “international defense electronics company.” PIN responded by filing a Freedom of Information (FoI) request, demanding that the Nigerian government provide details of the process through which the contract was awarded and any information that could shed further light on the substance of the contract itself. After the government failed to respond to the FoI request, PIN applied for an order of mandamus from the Federal High Court in Abuja, which in turn asked the National Assembly to amend Nigeria’s 2011 Freedom of Information Act to henceforth bar unjustified requests for information. PIN’s lawyers filed an appeal against the Federal High Court’s ruling, but on November 26, 2013, Premium Times reported that Elbit Systems officials had begun installing its surveillance system in Nigeria.

Data Privacy and Retention in Argentina

Members of the Cyber Stewards Network are active in efforts to raise awareness on the use of surveillance technologies such as the Federal System of Biometric Identification (SIBIOS) in Argentina. SIBIOS is a centralized biometric identification system created in 2011 as part of an upgrade to Argentina’s National Registry of Persons (RENAPER). It is designed to be used by several government agencies, including the Federal Police, the Argentine National Gendarmerie, the National Coast Guard, and the Airport Security Police, and connect them into one database. Ramiro Álvarez Ugarte of Asociación por los Derechos Civiles (ADC) in Argentina has warned that SIBIOS lacks accountability and independent oversight, and has been actively investigating the extent and scope of the system’s capabilities.

During Argentina’s 2013 presidential election, the country’s electoral registration took photo’s of Argentine’s citizens from RENAPER without obtaining permission. In October 2013, ADC  formally requested the Contentious Administrative Proceedings Tribunal to remove these photos from the electoral database. The vulnerability of this database was revealed in late October 2013 when a teenager discovered a way break into the database which hosts the photos of voters and circulated the information on his blog [Spanish] to highlight the government’s lax security measures around personal data. (A translation can be found here.) This issue was brought to the attention of United Nation’s Office of the High Commissioner for Human Rights in a report published in December 2013 and co-authored with Privacy International discussing surveillance and poor privacy protection in Argentina.

Research and Public Policy

One of the key goals of the CSN is to conduct evidence-based research with the goal of influencing local, regional and global policy debates. Over the past year, Stewards have engaged in direct meetings with high-level officials, participated in key decision-making conferences and engaged governments and the general public.

FinFisher in Mexico

In Mexico, Cyber Steward Renata Avila has joined the chorus of voices calling for government accountability regarding the its purchase of surveillance software. In March, the Citizen Lab published “You Only Click Twice: FinFisher’s Global Proliferation,” which found FinFisher command and control servers on two Mexican Internet service providers, including UniNet, one of the largest ISPs in the country. Following the release of “For Their Eyes Only: The Commercialization of Digital Spying,” two Mexico-based human rights groups, Propuesta Civica and ContingenteMx, filed a verification procedure with Mexico’s privacy authority (IFAI) regarding FinFisher’s presence in the country. The IFAI subsequently opened a preliminary inquiry asking ISPs whether they were hosting FinFisher servers, while Federal Deputy Juan Pablo Adame proposed a resolution before the Mexican Senate and Congress encouraging the IFAI to investigate the deployment of FinFisher. In July, documents leaked by YoSoyRed implicated the Mexican Federal Government in purchasing FinFisher software from a security contractor for up to USD 15.5 million. One month later, the Mexican Senate and Congress passed a joint resolution in which they demanded full investigation into the contracts for the purchase of surveillance and hacking systems capable of monitoring mobile phones, electronic communications, chats, and geolocation data. Congress also called for laws to regulate and restrict purchases of surveillance equipment, extensively quoting the Citizen Lab report in their request. The commercial entities named have not yet responded. IFAI also informed Congress that they would continue the investigation.

Regional and Global Internet Governance Discussions

In 2013, the Cyber Stewards were heavily involved in both worldwide and regional discussions on Internet governance. Cyber Steward and ICT Watch Director Donny B.U was one of the main organisers of the 2013 Internet Governance Forum (IGF) in Indonesia in late October. Donny spoke to Detik about Internet governance in Indonesia. ICT Watch used the 2013 Internet Governance Forum in Bali, Indonesia as an opportunity to facilitate involvement among Indonesian CSOs and call for government attention toward Internet governance issues. As part of the organizing process, Donny also established the Indonesian CSOs Network For Internet Governance (ID-CONFIG) as a forum for civil society organizations to exchange information and coordinate strategies to explore and address Internet governance-related issues in Indonesia. This forum united civil society organizations to participate in the IGF in a more cohesive way, and as a result, they were able to significantly influence the agenda and the degree to which the Indonesian government resisted pressure to comply with international norms on freedom of expression.

The CSN used the opportunity of the 2013 IGF to engage in a kind of “just-in-time” research project, by monitoring information controls in and around the IGF itself.  The exercise was undertaken by Citizen Lab researchers attending the IGF and remotely in Toronto and elsewhere, as well as local Indonesian CSN and Privacy International partner . We published a framework post, that set out the terms of the research, and then subsequently, Professor Sinta Dewi Rosadi (Faculty of Law, Padjadjaran University, Bandung, Indonesia), published our report and its initial findings during the IGF itself.

Almost every network member participated in the IGF. Immediately following the event, a coalition of civil society organizations and individuals (including other Cyber Stewards Network members Renata Avila and Paradigm Initiative Nigeria) delivered astatement to the co-chairs of the Open Government Partnership (OGP). The OGP aims to promote transparency and adopt new technologies to strengthen governance.The statement, which was informed by discussions at the IGF in Indonesia, calls for greater transparency among all governments, especially the OGPparticipating countries, regarding the use of surveillance technology and the export and import of such technology.

CSN members also played a key role in organizing or participating in regional Internet governance discussions. Walid Al-Saqaf participated in several high-level meetings, including the Second Arab Internet Governance Forum (AIGF) in Algiers, where he moderated a session on freedom of expression on the Internet in the Arab world. It was the highest level pan-Arab meeting that critically discussed violations against cyber activists in the region. He also co-founded ISOC-Yemen, the first ISOC chapter in Yemen, in order to advance Internet accessibility and awareness in the country.

PIN and CIPESA co-hosted a series of online internet freedom discussions during November and December 2013. Over four weeks, the discussions focused on a variety of online safety and Internet governance issues particular to Africa, including the African Convention on Cybersecurity and surveillance between countries on the African continent. Following the discussions, CIPESA published a report analyzing participants’ responses and making a number of recommendations.

Finally, B4A and ICT Watch participated in the “Asia Regional Consultation on ‘Freedom of Expression for Civil Liberties’” held in Bangkok, Thailand from November 21-23, 2013. The event focused on three issues relevant to free expression cyberspace in Asia: access to the Internet, online surveillance, and political-electoral communication. The event featured

It was attended by 137 participants from 26 countries, including Frank La Rue, Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression.

For more information on any of these events, campaigns and cases, visit the Cyber Stewards site as well as individual Stewards’ websites, which are listed here.

Argentina’s Biometric Identification System Causes Concerns

Governments’ use of biometric systems have raised privacy concerns and the need for greater transparency and accountability. This is because these systems collect and store individuals’ physical traits such as fingerprints, facial recognition, iris scans, and other personal characteristics. Several countries have already implemented biometric data collection in their national identification cards and passports. Finger-based voting machines have been used in elections in Brazil since 2008 and were introduced in municipal elections in Colombia in 2009. In 2005, Brazil also introduced machine-readable biometric passports. Ingenico, a global electronic transaction company, will be deploying devices where clients can withdrew funds through fingerprint identification in Colombia and the Dominican Republic. Biometric identification has been criticized as being error-prone and unreliable, as well as being fundamentally detrimental to privacy, free expression, and the right to anonymity, especially with regards to vulnerable individuals such as dissidents, whistleblowers, and journalists.

In 2011, Argentina’s President Cristina Fernández de Kirchner issued a decree for the creation of a centralized biometric identification system, called the Federal System of Biometric Identification (SIBIOS). Part of an upgrade to Argentina’s National Registry of Persons (RENAPER), the system will be used by several government agencies, including the Federal Police, the Argentine National Gendarmerie, the National Coast Guard, and the Airport Security Police, and connect them into one database. A promotional video of the system claims that it is capable of identifying physical characteristics such as fingerprints and faces, as a means of identification, and therefore, they claim, increasing the capability of these organizations to combat crime.

Members of the Cyber Stewards Network are active in efforts to raise awareness on the use of surveillance technologies such as SIBIOS. Ramiro Álvarez Ugarte of Asociación por los Derechos Civiles in Argentina, a Cyber Steward Network member, has warned that SIBIOS lacks accountability and independent oversight, and has been investigating the extent and scope of the system’s capabilities. In November 2013, a statement signed by several civil society organizations and individuals (including other Cyber Stewards Network members Renata Avila and Paradigm Initiative Nigeria) was delivered to the co-chairs of the Open Government Partnership (OGP). The OGP aims to promote transparency and adopt new technologies to strengthen governance.The statement calls for greater transparency among all governments, especially the OGP participating countries, regarding the use of surveillance technology and the export and import of such technology. It also advocates legal reform to existing laws to better protect privacy and human rights. The statement is one of many civil society efforts to raise awareness of the dangers of pervasive government surveillance and we will continue to provide updates as they become available.

 

Cyber Steward Network and Local Activists Investigate Surveillance in Mexico

by Renata Avila

While the Mexican government has long been suspected of purchasing surveillance equipment, the frequency of these purchases and the level of public funds allocated to them are rapidly increasing. Last February,  New York Times published an investigative report on a USD 355 million outlay by the Mexican Ministry of Defense for sophisticated surveillance equipment. Six months earlier, Carmen Artistegui, a renowned investigative journalist in Mexico, published a report documenting five contracts from the Secretariat of National Defense for the purchase of surveillance technologies. All five contracts were confidential and granted to a single company headquartered in the state of Jalisco called Security Tracking Devices, Inc.

On March 13, 2013, Citizen Lab published “You Only Click Twice: FinFisher’s Global Proliferation,” in which researchers conducted a global Internet scan for the command and control servers of FinFisher surveillance software. The Citizen Lab found FinFisher servers hosted on two Mexican Internet service providers: Iusacell, a small service provider; and UniNet, one of the largest ISPs in Mexico.

As part of my work investigating surveillance in the Northern Triangle, I recognized that the findings revealed potential legal violations. I quickly translated the findings and disseminated them to human rights groups and technology collectives in Mexico.

The findings were widely shared via social networks and later translated by the online activist group YoSoyRed. Shortly thereafter, Mexican magazine Proceso published an investigative report on the harassment of human rights defenders online. The report  asked Iusacell  and UniNet to explain the presence of FinFisher on their servers. Neither of the ISPs responded to any of the magazine’s questions.

I connected with human rights activists in Mexico City  to raise awareness about civil society efforts in other countries that have resulted in legal action against the use of surveillance technology by repressive regimes, including cases against Amesys in France and Finfisher in Pakistan. A coalition of human rights lawyers and international experts, including Citizen Lab, ISOC Mexico, Privacy International, and other organizations, discussed the possibility of taking legal action to reveal the identity of those parties responsible for the purchase and deployment of FinFisher software in Mexico. At the time, however, we did not have enough information to present a strong case.

On May 1, 2013 Citizen Lab published “For Their Eyes Only: The Commercialization of Digital Spying,” which once again implicated Mexican ISPs in deploying FinFisher surveillance software. Two Mexico City-based human rights non-governmental organizations, Propuesta Cívica and ContingenteMx, requested a verification procedure regarding FinFisher’s presence in Mexico with the Instituto Federal de Acceso a la Información y Protección de Datos Inicio (Federal Institute for Access to Information and Data Protection or IFAI), Mexico’s privacy authority. Their filing cited Citizen Lab’s FinFisher research.

IFAI is legally mandated to protect citizen data and investigate possible personal data violations by private sector entities, as provided by the Federal Law on Personal Data Protection Held by Private Parties. It is also mandated to impose sanctions if a law has been breached. IFAI has the ability to launch a procedure either on its own initiative or at the request of affected parties. If, after preliminary findings, the IFAI determines that there is sufficient evidence to proclaim that a data breach has taken place, a formal investigation and possible sanctions will follow.

IFAI subsequently opened an official preliminary inquiry asking ISPs whether they were hosting FinFisher servers and what measures they were taking to protect the data of their clients. At the same time, Federal Deputy Juan Pablo Adame proposed a resolution before the Mexican Senate and Congress encouraging IFAI to investigate the use of FinFisher with reference to Citizen Lab’s findings and the requests submitted by civil society to investigate the deployment of FinFisher (registered as IFAI/SPDP/DGV/544/2013 and IFAI/SPDP/DGV/545/2013). The Permanent Assembly approved Adame’s motion, thereby imposing an obligation on the data protection authority to answer all questions submitted by the government.

After the Congress and Senate passed a joint resolution, IFAI announced that it required further information from ISPs and government agencies with powers to acquire surveillance technologies before deciding whether it would open a verification process for Iusacell and UniNet. UniNet denied responsibility for any programs that clients run on their servers, while Iusacell made no comment.

Purchase of FinFisher is confirmed by authorities 

On July 6, 2013, following the Congressional resolution and an IFAI public statement announcing the inquiry, YoSoyRed published a leaked contract and other documents implicating the Mexican Federal Government in the purchase of FinFisher software. The Procuraduría General de la Nación (Office of the Prosecutor or PGR) purchased the surveillance tool from Obses, a security contractor, for up to USD 15.5 million. José Ramirez Becerril, a representative from Obses, unveiled details about the equipment provided to PGN and claimed that other Mexican governmental institutions purchased the software as well. Mexican authorities confirmed that the equipment was purchased directly rather than through the governmental bid system that usually characterizes defence contracts so as not to  “alert organized crime.”

The media heavily scrutinized the leaked FinFisher contracts. The press, however, was more concerned about the amount of public funds allocated to purchasing these technologies than about the technologies themselves. In circumventing the public bid procedure, FinFisher and another surveillance tool called Hunter Punta Tracking/Locsys were sold at an inflated price to Mexican authorities during the Felipe Calderon administration. In response, authorities indicated they would prosecute culpable individuals who conduct illegal surveillance activities. To date, no criminal complaint has been filed, despite strict provisions that prohibit the interception of communications unless authorized by a federal judge and a warrant. The full content of the contracts has not yet been made public.

As the scandal unfolded, Congress offered help to activists on the ground demand greater transparency and accountability. On July 11, 2013, the Mexican Senate and Congress passed a joint resolution in which they demanded a full investigation and disclosure of any contracts between the Secretary of Interior, the PGR, and any other relevant institution. They were asked to send a full report about the purchase of surveillance and hacking systems capable of monitoring mobile phones, electronic communications, chats, and geolocation data from Obses, Gamma Group, Intellego, and EMC Computer Systems, and its affiliates. Congress also called for laws to regulate and restrict purchases of surveillance equipment, extensively quoting the Citizen Lab report in their request. The commercial entities named have not yet responded. IFAI also informed Congress that they would continue the investigation.

Iusacell and UniNet continued to deny hosting FinFisher servers. Iusacell indicated that the servers were located in Malaysia. Further evidence indicates otherwise: Wikileaks’ and La Jornada’s Spyfiles 3 publication revealed that FinFisher developers visited and were active in Mexico.

All Mexicans enjoy a constitutional right to privacy according to the recently amended Article 16 of the Mexican Constitution and the Federal Law on the Protection of Personal Data held by Private Parties, a general privacy framework. IFAI’s mandate ensures full monitoring powers and verification of compliance with these laws. If IFAI fails to open a full investigation, criminal and constitutional complaints can follow and any failure to investigate will be challenged under the basis of flagrancy. Technical assistance is often necessary to test devices and find examples  of infected individuals to support any legal course of action.

IFAI’s investigation is currently ongoing. The Citizen Lab and Cyber Stewards Network will continue supporting the case and helping both the Mexican authorities and the citizens to understand how surveillance systems operates so that they can evaluate whether those employing them are breaking the law.