In 2017, Laurent Richard, a French journalist, launched Forbidden Stories, a project that would aim to amplify and continue the work of murdered, or otherwise threatened, reporters around the world. “There is danger all the time. There is danger on the computer, there is danger on the devices, there is legal danger,” Richard told me at the time. “The best protection for this dangerous mission is a collaborative aspect. If we are together we are stronger.” In 2018, Forbidden Stories worked with news organizations around the world to dig into the murder of Daphne Caruana Galizia, a Maltese investigative journalist; in 2019, the group exposed the environmental damage done by mining companies on three continents, and the harassment faced by reporters investigating it. Last year, Forbidden Stories produced the Cartel Project, which picked up on the work of Regina Martínez—a journalist who covered crime and corruption for Proceso, in Mexico, before she was murdered at her home, in 2012—and highlighted threats to Mexican reporters more generally, including that of digital surveillance: at least ten journalists, including Jorge Carrasco, who worked on the Panama Papers and is now Proceso’s top editor, had had their phones targeted with Pegasus, a potent spyware tool marketed by an Israeli firm.
Yesterday, Forbidden Stories and sixteen media partners—including the Washington Post, PBS, the Organized Crime and Corruption Reporting Project, and outlets in the UK, France, Germany, Belgium, Mexico, India, Hungary, and Lebanon—dropped a new project focused much more closely on the “danger on the devices,” and on Pegasus, in particular. The group was able to review a leaked list containing more than fifty thousand phone numbers that state clients of NSO Group, the developer of Pegasus, marked for possible surveillance in countries around the world, including numbers belonging to at least a hundred and eighty journalists, as well as activists, businesspeople, and politicians, up to and including heads of state. The provenance of the list remains murky, and it’s not clear how many of the phones that appear on it were actually compromised—but an analysis by Amnesty International’s Security Lab confirmed the infiltration or attempted infiltration with Pegasus of thirty-seven listed phones, as well as a close correlation between those attacks and timestamp data on the list. “By sharing access to this data with the other media organizations in the Forbidden Stories consortium,” Richard and his colleague Sandrine Rigaud write, “we were able to develop additional sources, collect hundreds of documents, and put together the harrowing evidence of a surveillance apparatus that has been wielded ferociously against large swaths of civil society—outside of all legal restrictions.”
NSO Group has pushed back sharply on the reporting of Forbidden Stories and its partners in the “Pegasus Project.” The company has always maintained that it only licenses Pegasus for state actors to use against terrorists and other serious criminals, that it does not have insight into clients’ use of the software, and that it has moved to revoke access in cases where it has been shown to be abused. (It has also claimed that it takes human rights into account when licensing Pegasus to governments, despite its clients including repressive regimes such as Azerbaijan and Saudi Arabia; Forbidden Stories reports that Israel’s defense ministry pushed NSO to sell to the Saudis, a dynamic that NSO has denied.) In response to the Pegasus Project, NSO pledged to investigate the new claims of abuse. The company also, however, cast doubt on the project’s reporting, including the authenticity of the list of numbers. “Your sources have supplied you with information that has no factual basis,” NSO said. “NSO Group is on a life-saving mission, and the company will faithfully execute this mission undeterred.”
The journalists identified by the Pegasus Project as possible targets for surveillance work in twenty countries, many of which are known for their repressive (often increasingly so) climates for independent journalism. At least forty journalists in India were named as possible targets, including Siddarth Varadarajan and other reporters associated with The Wire, and Paranjoy Guha Thakurta, whose phone was hacked in 2018, while he was investigating the finances of a man who, prior to his death, was once India’s richest. In 2019, Szabolcs Panyi, an investigative reporter at Direkt36, in Hungary, was targeted with Pegasus. (Varadarajan and Panyi both contributed to the Pegasus Project.) An NSO client that appears to be the government of Morocco selected thirty-five journalists as possible targets, including Taoufik Bouachrine, a newspaper editor who is serving a prison sentence on rape charges that his supporters say were politically motivated; his wife’s number was also listed as a possible target, as were the numbers of at least five of his accusers, two of whom retracted their testimony. It had already been reported that Omar Abdulaziz, a friend of the Saudi journalist Jamal Khashoggi, was targeted with Pegasus prior to Khashoggi’s murder by the Saudi state, in 2018. The Pegasus Project found that other people close to Khashoggi were targeted, too, including, in the days after the murder, Hatice Cengiz, his fiancée. (NSO has denied any link to Khashoggi’s killing.)
As the Pegasus Project shows, spyware seems to be allowing authoritarian regimes to expand the scope of their repression overseas. The project’s analysis found that the phone of Hicham Mansouri, another Moroccan journalist, was infected with Pegasus more than twenty times this year, even though he now lives in exile in France; the phone of Edwy Plenel, a French journalist with Mediapart, was compromised in 2019, right around the time he visited Morocco to attend a conference, during which he criticized the Moroccan government. According to The Guardian, an NSO client that appears to be the government of the United Arab Emirates selected several foreign journalists as possible surveillance targets—including Roula Khalaf, the editor in chief of the Financial Times; Gregg Carlstrom, a Middle East reporter at The Economist; and Bradley Hope, an investigative reporter, then of the Wall Street Journal, who co-wrote a book about corruption in Malaysia that implicated a senior Emirati royal. Other possible targets on the list include reporters who have worked for the New York Times, CNN, the Associated Press, Reuters, Bloomberg, Voice of America, Al Jazeera, and Agence France-Presse.
When Carrasco, the Mexican journalist who worked on the Panama Papers, was targeted with Pegasus, in 2016, the attack took the form of a weird text message asking him to click through on a link—a mode of delivery that naturally strikes at least some targets as suspicious. Since then, Pegasus has become much more sophisticated; now it can compromise phones without the need for the target to click on a link, often exploiting a device’s hidden bugs in ways that can go completely unnoticed by its owner. Once installed, the spyware can access your messages, your location data, even your phone microphone and camera. The ramifications are truly chilling—as Khadija Ismayilova, an Azerbaijani journalist who was targeted, put it, “We’ve been recommending each other this tool or that tool, how to keep our phones more and more secure from the eyes of the government,” but “I realized that there is no way—unless you lock yourself in an iron tent—there is no way that they will not interfere into your communications.” Fighting back, it seems, requires the opposite of the iron-tent approach—the conviction that strength can be found in journalistic numbers, rather than working alone. As Richard has believed since the birth of Forbidden Stories, collaboration is a great shield against danger, however it manifests.
Below, more on press freedom around the world:
- Afghanistan: On Friday, Danish Siddiqui, a journalist with Reuters, was killed while covering fighting between soldiers and Taliban militants in Afghanistan. He was thirty-eight. Siddiqui, who had been embedded with Afghan special forces, was injured earlier on Friday during a burst of fighting; he was reportedly speaking with shopkeepers when the Taliban attacked again. In 2018, Siddiqui won a Pulitzer for his photography in Myanmar. Reuters described him as “a largely self-taught photographer who scaled the heights of his profession while documenting wars, riots, and human suffering.”
- Russia: Last week, authorities in Russia effectively outlawed Proekt, an independent news site; they criminalized working for the site by placing it on a list of “undesirable organizations,” and tagged several of its journalists, including the editor in chief, as “foreign agents.” Project Media, Inc., Proekt’s US-based publisher, has since moved to dissolve itself and sever its financial ties to Proekt journalists in Russia—though the journalists have pledged to continue their work, teasing a new, explosive investigation to be published this week. Meduza has more details.
- Cuba: On Friday, officials in Cuba released Camila Acosta—a journalist for Cubanet and the Spanish newspaper ABC, who was arrested while covering protests last week—from police custody, then placed her under house arrest instead. “They wanted me to sign a paper saying I admitted public disorder, but I refused,” Acosta told ABC. “I have done nothing wrong.” Also on Friday, Michelle Bachelet, the United Nations’ human-rights commissioner, urged Cuba to release other reporters and protesters. (ICYMI, I wrote about Cuba’s internet and journalism blackouts in Friday’s newsletter.)
- Egypt: Last week, Egyptian prosecutors referred Hossam Bahgat, an investigative journalist, for trial on fake-news charges, and a court began hearing the cases of six other journalists and activists. The Biden administration expressed concern about Egypt’s rights record; yesterday, the Egyptian government freed three journalists and three activists—including Esraa Abdel-Fattah, a blogger who played a leading role in the Arab Spring—from pre-trial detention, though they all face further investigation. The AP has more. (In 2019, Ruth Margalit tracked Egypt’s war on the press for CJR.)
- The US: On Saturday, Lois Beckett, of The Guardian, was violently attacked by right-wing extremists at an anti-trans rally in Los Angeles; Beckett filmed herself being thrown to the ground by protesters who “threw water at me and screamed about Jesus and said to grab my phone.” Officers eventually allowed Beckett to escape through a police line. Meanwhile, according to The Intercept’s Robert Mackey, a group of counterprotesters attacked Eric Levai, a reporter and podcaster, and stole his phone.
Other notable stories:
- In a special episode of CJR’s podcast, The Kicker, Akintunde Ahmad, a CJR contributor, spoke with Samuel Getachew about the media’s wrongheaded coverage of successful Black students, a trend they have both experienced firsthand, in Oakland, California. “I don’t wanna say that our stories could be clickbait, in a way, but they are very much feel-good stories that overlook these systemic issues that have existed for generations,” Ahmad said. Such coverage oversimplifies systemic issues by “highlighting these exceptional stories instead of actually examining what makes us the exception.”
- Last week, the Post’s Erik Wemple noticed that the Times had added an eyebrow-raising editor’s note to an article about the swimmer Michael Phelps: the story’s author, Karen Crouse, the note said, is co-writing a book with Phelps, yet did not inform her editors of the conflict. According to the Daily Beast, the Times has since suspended Crouse, yanked her from the swimming beat, and barred her from covering the upcoming Olympics; her future, per the Beast, is being “heatedly debated” by top Times editors.
- Last week, a jury in Annapolis, Maryland, held the gunman who killed five staffers in the Capital Gazette’s newsroom, in 2018, criminally responsible for the attack. Now the families of the victims, as well as numerous survivors of the attack, are suing the Capital’s owner, the Baltimore Sun, and the Sun’s parent company, Tribune Publishing, alleging that they failed to take steps to prevent the killings. (The Sun has denied this.)
- Kasie Hunt, an anchor and Capitol Hill reporter at NBC News, is leaving that network for CNN, where she will focus on content for streaming. Hunt revealed her departure on Way Too Early, her MSNBC show, on Friday, to the apparent surprise of many of her colleagues; according to Variety’s Brian Steinberg, CNN “is trying to hire dozens of people to help fuel its move into the streaming arena,” with Hunt central to the effort.
- On Friday, the Biden administration hit a media milestone, conducting its thousandth interview with a local news outlet; more than a third of those interviews have focused on the pandemic, and other common topics have included the economy and the climate crisis. An official noted to CNN’s Oliver Darcy that local TV is a leading news source for most Americans, and that Biden’s team wants to “meet people where they are.”
- NPR’s David Folkenflik has the stories of Sonia Gutierrez, Lori Lizarraga, and Kristen Aguirre—three Latina journalists who say they were forced out of KUSA, a TV station in Denver, after challenging the station’s coverage of their community. (KUSA denies that they were ousted for this reason.) Gutierrez says that managers tried to make her disclose the fact that she used to be a DREAMer in her reporting on immigration.
- Justin Baragona and Asawin Suebsaeng report, for the Daily Beast, that One America News, a pro-Trump network, is planning to launch a Spanish-language sister outlet later this year. The planned launch “comes amid a concerted push by right-wing media to appeal to a wider Hispanic and Latino audience after Trump’s electoral gains among such voters” in 2020. (ICYMI, Andrew McCormick profiled OAN for CJR last year.)
- Nicholas Kristof, the Times columnist, is weighing a run for governor of Oregon; he grew up on a farm there, and his name has been included in polling ahead of the Democratic primary. “I have friends trying to convince me that here in Oregon, we need new leadership from outside the broken political system,” he told Willamette Week’s Rachel Monahan. “I’m honestly interested in what my fellow Oregonians have to say about that.”
- And forty-one candidates will run in California’s gubernatorial recall election later this year—a much smaller field than pundits expected. Larry Elder, a conservative talk-show host, did not make the final list of candidates, likely due to a paperwork issue, though he says he still expects to run. On the Democratic side, Kevin Paffrath—a YouTuber with a channel, Meet Kevin, that focuses on real estate and investing—did make the cut.