* Mexico was testbed for Pegasus software abroad
* Investigation has not found those responsible
* Prosecutors say they are close to taking a case to court
By Avi Asher-Schapiro and Christine Murray
LOS ANGELES/MEXICO CITY, Aug 9 (Openly) - A decade after Mexico became a testbed for the global spy tool now known as Pegasus, prosecutors still cannot say who ordered the mass surveillance of innocent civilians and government critics, people familiar with the investigation said.
What is more, the office leading the probe was one of the entities that first bought the military-grade Israeli spyware, whose global reach - enabling the remote surveillance of smartphones - has raised fears of unprecedented snooping on civilians.
Mexico alone spent more than $160 million on Pegasus over a decade, the government says, giving ministries the power to spy on ordinary people and opponents of the then-government alike.
"Again and again these tools are being abused everywhere," said Luis Fernando Garcia, executive director of digital rights nonprofit R3D.
"This is not a few bad apples or a few bad public officials."
There have been no arrests or announcements of sackings over the Mexican revelations, despite forensic evidence showing the software had been widely used to target government critics.
Pegasus software, developed by Israeli company NSO Group, was used globally to try to hack the phones of journalists, activists and government officials, found an investigation published last month by a group of 17 international media organisations and Amnesty International.
But Mexico had a four-year headstart to probe the explosive allegations: years that critics say were - at best - squandered.
Authorities frittered away time, they said, checking to see if any of Mexico's 2,000 municipalities had bought Pegasus, even as documents showed the big buyer was likely central government.
They also ran into a number of roadblocks, such as a lack of cooperation from Israeli authorities, according to documents and people familiar with the investigation.
"In four years, the investigation has not produced any type of meaningful results," said Garcia, whose work led to the Pegasus investigation that began in Mexico in 2016.
The person in charge of the government investigation, Ricardo Sanchez Perez del Pozo, head of the Special Prosecutor for Crimes against Freedom of Expression, defended his team's work and said they were close to taking a first case to court.
"This is a really complex investigation," he said. "It has advanced significantly."
The NSO Group did not respond to several requests for comment.
The Israeli software targets a smartphone surreptitiously, exploiting flaws in its operating system or apps to steal a wide array of private data, track user movements or record calls.
In July, journalists working with Amnesty International revealed that the phone numbers of 50 people close to Mexico's President Lopez Obrador were on a leaked list of numbers selected for possible surveillance by NSO Group's clients.
Between 2016 and 2017, Garcia and other digital rights groups, working with University of Toronto researchers, revealed that Mexican journalists, lawyers, and other campaigners had received suspicious text messages, indicating a Pegasus attack.
That discovery led to a government probe - yet the attorney general's office tasked with running the investigation is one of the very entities that first bought then abused the software.
From the beginning, investigators dragged their feet and weren't focused on who ordered the spying and why, Garcia said.
In 2017, after the first revelations were published, Mexico's then president Enrique Pena Nieto said alleged victims couldn't prove they had been harmed by the practice.
One of the officials from his government responsible for buying the Israeli software - Tomas Zeron - has taken refuge in Israel and is now the subject of an extradition request by Mexican authorities, the government has said.
Lopez Obrador, who took office in 2018, says his government doesn't spy on people and the probe was the prosecutor's job.
'ZERO PUBLIC ACCOUNTING'
The NSO Group says it makes technology to help combat crime and terrorism, with its sales to governments requiring approval by Israel's Ministry of Defense.
Yet digital rights researchers say Pegasus is used to spy on civil society, an invasion of privacy that has spawned lawsuits, and a 2019 call by the U.N. Special Rapporteur for Freedom of Expression for a global moratorium on such technology.
Mexico was NSO's first state client outside Israel, with contracts dating back to 2011.
Santiago Aguirre, director of Centro Prodh, a human rights NGO, was targeted with Pegasus while representing the parents of students who had disappeared in Guerrero state in 2014, according to University of Toronto's Citizen Lab, which researches digital threats to society.
A recorded phone conversation between him and one parent was published in 2016 in a double blow to the families hoping for help from government.
Aguirre said for the parents it was outrageous that technology whose stated aim was to catch criminals had been turned on victims, adding: "It makes you feel very vulnerable."
David Kaye, former U.N. special rapporteur for freedom of expression who called for the spyware moratorium, said he thinks NSO's technology falls foul of international human rights law.
"There's been zero public accounting of how it was that all of these agencies got hold of this intrusive spyware in Mexico, and were able to use it without any constraint," he said.
Victims of the spyware and lawyers working on their behalf said the investigation was deficient.
Digital rights activist Garcia said his group had to file legal challenges just to push prosecutors to carry out basic housekeeping, such as submitting some victim evidence.
Garcia said the final years of the previous administration were characterised by foot-dragging and a failure to address the most basic and pressing fact - who ordered up Pegasus and why.
"Everything was done very reluctantly, and a lot of time was lost on meaningless investigative acts," he said.
Case documents seen by the Thomson Reuters Foundation show prosecutors asked states to find out if they or the more than 2,000 municipalities had bought the software, even though its multimillion-dollar price tag was likely out of reach for many.
Sanchez Perez del Pozo said that knowing who bought the software was essential for the probe.
In 2019, INAI - an independent Mexican institute that monitors public transparency and access to information - said the attorney general's office had broken data protection law.
Mexican authorities struggled to get information from the NSO Group. Requests to the Israeli Foreign Ministry to prod NSO for answers also went unanswered, according to documents and a source familiar with the investigation.
Sanchez Perez del Pozo confirmed they had not received a response from the government of Israel to requests for help.
Israeli human rights lawyer Eitay Mack said that to his knowledge Israel had never cooperated with a defense export probe outside its own borders and had no formal legal assistance treaty with Mexico.
"NSO worked in Mexico with a license from the Israeli government, when the Mexican authorities are asking about NSO they are also asking about the Israeli government - the government doesn't want to stand trial in Mexico City," he said.
In response to questions, the Israeli embassy in Mexico said Israel approves the export of cyber products exclusively to governmental entities to prevent and investigate crime.
"In cases where exported items are used in violation of export licenses or end use certificates, appropriate measures are taken," it quoted a government statement as saying.
After July's explosive revelations about Pegasus, Mexico's Public Security Ministry revealed details of 27 of 31 contracts worth more than $160 million it said its entities had signed with the company between 2011 and 2018.
Garcia wants investigators to zone in on who the operators of Pegasus were, and get information from NSO Group.
"Victims deserve to know who attacked them," he said.
(Reporting by Avi Asher-Schapiro @AASchapiro and Christine Murray, editing by Lyndsay Griffiths. Please credit the Thomson Reuters Foundation, the charitable arm of Thomson Reuters, that covers the lives of people around the world who struggle to live freely or fairly. Visit http://news.trust.org)
Openly is an initiative of the Thomson Reuters Foundation dedicated to impartial coverage of LGBT+ issues from around the world.
Our Standards: The Thomson Reuters Trust Principles.