Dark Reading Confidential: Cyber's Role in the Rapid Rise of Digital Authoritarianism

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Confidential Episode 11: Enterprise cyber teams are in prime position to push back against our current "Golden Age of Surveillance," according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF.October 31, 2025Becky BrackenHello and welcome to Dark Reading Confidential. It's a podcast from the editors of Dark Reading, bringing you real world stories straight from the cyber trenches. Today, we are thrilled to welcome two experts right on the heels of the 10th anniversary of the discovery of the Pegasus Zero Click commercial spyware and the current ratcheting up of digital authoritarianism across the globe. We are joined by Ronald Diebert, professor of Political Science and Director of the Citizen Lab at the University of Toronto; David Green, senior staff attorney, civil liberties director at the Electronic Frontier Foundation (EFF); and we are joined by Alex Culafi, who is a reporter extraordinaire for Dark Reading and who has been covering this topic very deeply for quite some time. Welcome to all of you. Thank you for joining us.Great, I'm going to get out of the way and hand this over to Alex and enjoy this conversation.Alex CulafiWell, thanks, Becky, and thanks, Ron and David, for joining me today. I want to start by using Pegasus as a jumping off point because we're at nearly 10 years since Citizen Lab brought the NSO Group's Pegasus spyware to light, capturing it and showing how commercial organizations sell surveillance software to countries to spy on dissident individuals as well as organizations. Since then, Citizen Lab and the EFF have brought to light many, many instances of countries using commercially sourced spyware.Related:Microsoft Backs Massive AI Push in UAE, Raising Security ConcernsSince the days of Pegasus, has the problem of commercial spyware gotten better, worse, or somewhere in between? Ron, I'll start with you.Ron DeibertSure, well, thank you for having me on. It's a pleasure to be here. Yeah, we're getting up to the 10-year anniversary of that case where we first discovered the exploits that were used to implant Pegasus spyware on a victim's phone and actually recover a copy of Pegasus at the same time. I think it's important to point out though that we, along with the EFF, actually had been tracking mercenary surveillance companies several years before that, including two Western European mercenary spyware firms, Gamma Group and Hacking Team, going back to like 2011, 2012. This is a market that began roughly around the time of the Arab Spring and the introduction of smartphones. And it makes total sense. I mean, at that time, people started entrusting a lot of their personal information to devices and there was a need for law enforcement intelligence to get inside those devices. This market began to emerge around that time, roughly coinciding with the observation a lot of autocrats made that people were becoming empowered by digital technologies using social media and smartphones to organize, and they wanted a way to neutralize it.Related:AI Agents Are Going Rogue: Here's How to Rein Them InAll of this led to this burgeoning marketplace. How things are going, I'd say it's a bit of a mixed picture actually. On the one hand, since 10 years ago, let's say, when groups like Citizen Lab, EFF, and maybe one or two others were orbiting around this topic, the community of people that are focused on it now is much larger, much more robust, much more professionalized. We have not only technologists looking into the issue, but people are interested in advocacy, policy promotion, and litigation. David will probably explain that there are many, many cases of litigation going on right now. People, victims, suing governments who use spyware to hack into their phones or suing the vendors of the technology that's used by governments to hack and harass them. And I think that's all, generally speaking, very positive.There are also some regulatory developments, especially under the Biden administration that brought some punishments to the firms, putting them on sanctions lists, including some of the principle owners of those companies. And of course, President Biden's executive order prohibiting 18 federal US intelligence agencies from procuring spyware that's used and abused in human rights violations around the world.Related:Government Approach to Disrupt Cyber Scams is 'Fragmented'That's on the positive side of the ledger. On the negative side, I think we really do have to begin with developments in the United States. The descent into a kind of techno-fascism in the United States is sending a very large signal, not only domestically in that country, but around the world. The United States has entered into a contract with a firm called Paragon, which is a competitor to NSO Group.Paragon at one point pitched itself as offering an ethical version of spyware. But as we discovered earlier this year, its technology was being used in Italy to hack the phones of migrant support workers and journalists. And to see that now ICE has a contract with Paragon is certainly something everybody should be worried about. But more broadly, just the dissent into authoritarianism in the United States sends a very bad signal for the rest of the world. The attacks on nonprofits and philanthropies, a lot of organizations in this space depend on support to the extent that that is under attack, it will affect groups around the world, as did the pulling out of funding to organizations like the National Endowment for Democracy or Freedom House. And I think now there's just so much more data available to feast upon by, not spyware companies per se, but the whole surveillance matrix that private sector companies operate in, especially things like location tracking, advertising intelligence, social media analysis, and surveillance. There's like a golden age of surveillance right now, and I fear that whatever progress was made over the last four years and trying to rein in that market is now quickly being reversed. So a bit of a mixed picture is how I would see it.David Greene I agree with that. I don't know how much I have to add. I would say from the activist point or the points of view of the targets, I do think that we, the human rights community more broadly, have been pretty good at educating people about spyware. And so we do have more savvy human rights defenders as well as others who are frequently targeted with better hygiene on their devices.At the same time, spyware technology continues to evolve. That makes it really hard to detect and prevent. With the advent of the zero-click exploits, where someone doesn't even have to open an attachment or even open a message. It just makes it harder even for someone who's being very careful to avoid becoming a victim of spyware. I agree with Ron. I see both steps forward as well as steps back.And it also just seems that the demand side from both democratic and non-democratic governments for this technology is so great that we seem to be seeing so many new players in the market. It's hard to talk about this just in terms of being one or two companies anymore.Alex Culafi I want to widen the focus a little bit because when we think about digital authoritarianism, techno-fascism, the first thing folks think of with good reason is spyware companies, countries, using spyware to spy on citizens, dissidents, what have you. But it's a much larger, more complex web, right? So you have things like the Chinese National Security Law, which enables the country to force organizations to share user data back with the state for national security reasons. What are some of the other ways, not just China, that enterprises, organizations can be swept up in digital authoritarianism, be it as victims or even as aggressors? And David, I'll start with you on this one.David Greene My habit whenever someone mentions the Chinese law is to point out that it's actually not that unusual. The US has a law that's not dissimilar. We have a system of national security letters that essentially requires online services to provide user information the same way, often accompanied by gag orders where they're not permitted to notify the users that their information has been requested and produced and actually really limiting how they can even talk about the fact that they've received these things except in sort of the largest categories. And so, don't think China is exceptional in any way about that. We see in the US, we see actually in most legal systems, even the ones that consider themselves the most democratic. The idea that governments want people's data is not something that is confined. It's widespread common practice, which should cause us all great concern. And again, this feeds into the idea that there's a huge market for these spyware tools on the national security level as well as with routine law enforcement. One of the things that seemed to be going in the right direction with some of the Biden administration actions in the US was at least trying to reestablish a norm that these [spyware tools] are bad, that they result in significant harm to human rights of those who are victimized by them and that they are just bad. And if they're going to be used, there should either be legal process around them or really reserved for exceptional circumstances. But we don't see that as a widespread norm globally. And spyware is just an incredibly powerful tool to where I think we're a few short steps away from it actually moving from the higher levers of national government and down to routine policing.Ron