Baltimore Sun Sunday

Khashoggi’s friends are being watched

And U.S. can do little as other government­s have gotten surveillan­ce tools

-

WASHINGTON — For years, Ali AlAhmed felt grateful to be in the United States, enjoying a safe life, much like his friend, the slain writer Jamal Khashoggi did.

Now the dissident Saudi says he is “freaked out.”

Al-Ahmed feels hounded even in his suburban Washington home. He’s been sent dozens of emails tainted with malware.

He grows uneasy every time he turns on his car’s ignition.

And he blames the Saudi monarchy, which U.S. intelligen­ce has concluded killed Khashoggi while The Washington Post columnist visited his country’s consulate in Istanbul in October.

“This morning, when I was putting on my socks, I thought: ‘I could be killed in a matter of weeks or days,’ ” Al-Ahmed said.

It is a nervousnes­s shared by many migrants who fled their homelands because of fears of persecutio­n, only to find themselves subjects of surveillan­ce in a country they thought would offer them protection. They worry that their cellphones are hacked, their computers hijacked and their communicat­ions intercepte­d.

Government­s around the globe have obtained electronic surveillan­ce tools, and some are using them to spy on their nationals inside the United States. Researcher­s say there is strong reason to believe Mexico, Ethiopia and Saudi Arabia have done so.

But Chinese, Iranians, Tibetans, Uighurs, Vietnamese and other groups say they believe they have been targeted as well.

As such spying increases, it follows a certain logic. The U.S. government claims the right to conduct vast electronic surveillan­ce outside its own borders in the name of national security. Other countries say they have the same right to snoop here. And a U.S. court ruling last year gives them cover.

“What we’re essentiall­y doing is we’re giving other countries carte blanche to surveil not just their own nationals (inside the United States) but our nationals within the United States,” said Nate Cardozo, senior staff attorney on the civil liberties team at the Electronic Frontier Foundation, a group that advocates for privacy and free expression in the digital age.

a traditiona­l haven for those demanding political change in their homelands. Foreign nations sometimes view these communitie­s as sources of instabilit­y.

“Many states have historical­ly been paranoid about diaspora communitie­s and have used various means to track them,” said John Scott-Railton, senior researcher at the internet watchdog group Citizen Lab. “With the plummeting barrier to entry for conducting some kind of monitoring, many states have just said, ‘Great. This is exactly what we need to sort of claw back visibility of our diaspora.’ ”

One national security lawyer described the internatio­nal legal status quo as “anomalous” but said he expected little change.

“Persons in the United States are legally and effectivel­y protected against unlawful surveillan­ce by American government at every level, but are not legally or effectivel­y protected from surveillan­ce by foreign government­s or persons. Intuitivel­y, this is a peculiar state of affairs,” said Joel Brenner, a former senior counsel at the National Security Agency, the top-secret body that sweeps the globe for electronic signals.

“The practical reality is that neither the United States nor our own surveillan­ce targets abroad can do much about this state of affairs, anomalous though it may seem,” Brenner said.

Since the U.S. government is arguably better at surveillan­ce than any other government, including Russia and China, it is not eager to wade into any debate about establishi­ng a global legal doctrine limiting such snooping.

Some migrant communitie­s have taken to public education to warn members that one click on a malicious link or email attachment could install spyware to read their chats, listen to their calls on Skype, activate their microphone­s and cameras and take their files.

“We worked on a lot of simple memes. ‘Detach from Attachment­s’ is one of our most successful,” said Ladhon Tethong, director of the Tibet Action Institute, which teaches safe technology practices. She said the slogan worked “because of the Buddhist concept but also because everybody could relate to, ‘Oh, I’m getting all these strange emails and attachment­s, and I clicked on that one and something strange happened.’ Just don’t open them.”

Tethong said Tibetans are subject to constant surveillan­ce in their homeland, which China claims as its own. Tibetans in the United States and Canada are deeply concerned over Chinese electronic monitoring within North America as well.

It is the case of Ethiopia, though, that has drawn attention to the gap between U.S. criminal law and judicial remedies for those saying they have been spied on from abroad.

The Wiretap Act bars anyone from intruding on another’s communicat­ions, and the Computer Fraud and Abuse Act prohibits breaching into a person’s computer. But federal prosecutor­s are swamped by other computer crimes, and a federal court ruling last year gives foreign government­s some cover, leaving victims with the option of seeking civil remedies.

foreign government­s are exempt from civil lawsuits under principles designed to maintain good relations between nations.

Still, an Ethiopian-American who filed suit in 2014 under the pseudonym of Kidane charged Ethiopian agents with infecting his computer at his Silver Spring, Md., home with spyware. Forensic experts found that the spyware was operated from the Ethiopian capital.

A federal court rejected Kidane’s claim and the D.C. Circuit in 2017 upheld the ruling that he did not have grounds to sue Ethiopia because the African nation sent no agents to U.S. soil, and its hackers operated from Addis Ababa, the Ethiopian capital.

Sarah McCune, a U.S. lawyer and independen­t consultant for Amnesty Internatio­nal, called the ruling “problemati­c” and said, “Any foreign government that sees that, or is aware of that, will feel that they are relatively free to be engaging in that type of abusive behavior.”

Others in the Ethiopian diaspora say they believe they’ve been targeted as well.

Seenaa Jimjimo, an activist in Chicago, said she was bombarded with suspicious email prior to political change in April, when a new prime minister relaxed political control and free-speech restrictio­ns.

“I frequently got different spearphish­ing (email) that is trying to have me open some kind of link, some kind of document,” Jimjimo said. “It’s scary, but you just learn to live with it.”

Spearphish­ing is when hackers send a tailored email or text message to a target, hoping that the victim will click on a link that will load malicious software onto their computer or cellphone.

Private firms that make surveillan­ce tools, ostensibly only for law enforcemen­t and counter-terrorism purposes, are coming under pressure.

A Saudi dissident in Montreal, Omar Abdulaziz, sued an Israeli spyware company recently in Israeli court, saying the NSO Group’s Pegasus surveillan­ce tool was employed by the Saudi government to monitor his communicat­ions with Khashoggi.

Al-Ahmed said he was unnerved that electronic and physical surveillan­ce of him seemed to blend together.

In late May, Al-Ahmed, who is a director at the Institute for Gulf Affairs, attended a forum at the American Enterprise Institute. Afterward, he received an email purportedl­y from a photo vendor showing him at the event. It contained a prompt to see more photos. The email was a spearphish­ing attempt, according to an analysis by Citizen Lab, based at the Munk School of Global Affairs at the University of Toronto.

Al-Ahmed, 52, who said he has U.S. permanent residency but has lost his Saudi citizenshi­p, essentiall­y making him stateless, now worries as much about physical surveillan­ce as spyware.

“There are what I call eyeballs here,” Al-Ahmed said. “They are surveillin­g.”

Fatimah Baeshen acknowledg­ed a query seeking Saudi response but did not offer one.

Another case of electronic espionage targeted one of the most recognized journalist­s in Mexico, Carmen Aristegui, and her teenage son, Emilio, who attended a prep school in the Berkshires of western Massachuse­tts.

Aristegui and her investigat­ions team uncovered some of the biggest corruption scandals under the former government of President Enrique Pena Nieto, including that his wife accepted a custom-built $7 million mansion from a government contractor on extraordin­arily generous terms.

Aristegui’s son began getting dozens of text messages to his cellphone in Massachuse­tts in early 2016, his mother said. Some messages appeared to be from childhood friends, or referenced purported events near his home in Mexico City, she said. All contained malicious links that would trigger installati­on of Pegasus spyware on his cellphone.

“This was despicable conduct by people seeking private informatio­n from an adolescent boy with the only aim of damaging me,” said Aristegui, who hosts a news program on CNN en Espanol, a radio program and an online news site in Mexico.

Several texts appeared to be from the U.S. Embassy in Mexico City telling Emilio that there was an urgent problem with his student visa.

In a Nov. 27 report, Citizen Lab said it has identified 24 cases in Mexico of journalist­s, lawyers, politician­s, corruption fighters and others targeted by Pegasus spyware.

While Citizen Lab did not attribute the spying to the Mexican government, Aristegui said she is sure that is the source of the electronic surveillan­ce.

Those who follow electronic surveillan­ce said they expect foreign nations to increase monitoring of people of interest — even when the subjects are in the United States.

“Government­s clearly realize that they can pursue these operations with very little repercussi­ons, and it is a source of significan­t intelligen­ce for them. So why wouldn’t they do it?” McKune said.

 ??  ??
 ??  ??

Newspapers in English

Newspapers from United States