[Geneva, Switzerland – September, 2023] — As the 54th session of the Human Rights Council unfolds in Geneva from September 11 to October 13, 2023, we issue a fervent plea to all members of the Council to address the serious human rights violations perpetrated by the United Arab Emirates (UAE), a fellow member of the Council. Specifically, we urge the Council to investigate the UAE’s flagrant misuse of Pegasus spyware, with the same resolute commitment it demonstrates when addressing human rights concerns in other nations.
The UAE’s deployment of Pegasus spyware represents a severe breach of privacy and fundamental human rights. Failing to address this issue will perpetuate violations and result in the continued suffering of individuals, who deserve the protection of their basic rights and freedoms.
Key data that underscores the UAE’s abuse of Pegasus spyware includes:
1. The UAE’s use of Israeli Pegasus software, which exploits zero-day vulnerabilities in Apple’s mobile operating system to transform iPhones into multifunction surveillance tools. This software allows for invasive, round-the-clock surveillance that, in the past, would have required extensive resources and operatives.
2. The shocking revelation that a UAE agency placed Pegasus spyware on the phone of Hanan Elatr, the wife of the late Saudi journalist Jamal Khashoggi, months before his tragic murder. This disturbing incident exemplifies the far-reaching implications of the UAE’s digital surveillance efforts.
3. The utilization of Pegasus spyware for ongoing surveillance, even after Khashoggi’s murder, targeting his family members, close associates, and Turkish investigators, including Istanbul’s chief prosecutor Irfan Fidan and his wife Hanan Elatr. Hatice Cengiz, Khashoggi’s fiancee, and his son Abdullah Khashoggi were also victims of Pegasus infections.
4. The hacking of well-known Gulf human rights figures, including Emirati human rights activist Ahmed Mansoor, late Emirati activist Alaa al-Siddiq, and Saudi’s Yahya al-Assiri, using Pegasus. Mansoor, who is currently serving a ten-year prison sentence, was targeted in 2016, with the spyware exploiting zero-day vulnerabilities.
5. The alarming case of Latifa bint Mohammed al-Maktoum, the runaway daughter of Dubai’s ruler, who was captured in 2018 with the assistance of Pegasus spyware, raising concerns about her safety and well-being.
6. Suspicions of hacking against Nasser al-Khelaifi, Qatari president of French football club PSG and CEO of beIN Sports, in 2018, amidst the Gulf rift between Qatar and the UAE, Saudi Arabia, Bahrain, and Egypt. The UAE’s investments in global surveillance technologies and their weaponization have escalated over the past two decades.
The Human Rights Council created the first mandate on privacy in 2015, with the goal of protecting individuals’ right to privacy, enabling the enjoyment of other rights, and bringing global surveillance under the rule of law. It is imperative that the Council:
1. Urgently investigates the UAE’s misuse of Pegasus spyware on its citizens and residents, ensuring accountability and justice for those affected.
2. Condemns the violation of privacy and fundamental human rights perpetrated by the UAE through the misuse of surveillance technologies.
3. Takes action to safeguard individuals from unlawful digital surveillance, recognizing the importance of privacy in protecting the free development and expression of one’s personality, identity, and beliefs.
4. Promotes international cooperation to address the challenges posed by digital surveillance and ensure that human rights are upheld in the digital age.
The Human Rights Council is tasked with protecting and promoting human rights globally. Addressing the UAE’s misuse of Pegasus spyware is critical to upholding these principles and ensuring the protection of individuals’ rights and freedoms.