Yesterday, British news agencies reported that Bahraini officials remotely monitored and interfered with the private communications of three Bahraini expatriates and human rights activists living in the United Kingdom. Through the use of FinFisher software, Bahraini authorities were able to download malware onto the personal devices of Dr. Saeed Shehabi, Mohammed Moosa Abd-Ali Ali and Jaafar al-Hasabi. Abd-Ali Ali and al-Hasabi had been imprisoned and tortured in Bahrain prior to seeking asylum in the UK, while al-Shehabi was sentenced to life in prison in absentia for his human rights activism.
Details of the men’s case are deeply unsettling. According to The Independent, Bahraini officials remotely accessed Mr. al-Shehabi’s email, sending pornographic material to political contacts in Bahrain. Although the extent of the interference is difficult to assess, FinFisher technology would have permitted Bahrain’s government to monitor the men’s email, social media accounts, personal documents, and even to turn on device cameras and record their activities.
In response to the cyber-attack, Privacy International (PI) has leveled a complaint against Gamma Group, the U.K-based firm which owns FinFisher. PI alleges that, in helping the Bahraini government target the expats, Gamma has violated British law, including the Regulation of Investigatory Powers Act and the Computer Misuse Act. PI based their allegations on leaked FinFisher logs published by Bahrain Watch and Wikileaks over the summer. The leaked information confirmed the Bahraini government’s targeting of the aforementioned men and revealed that FinFisher employees assisted Bahraini officials in their repression of the Arab Spring protests.
While the information exposed by the PI complaint is alarming, this is not the first time that FinFisher has come under scrutiny for its role in targeting Bahraini human rights defenders and opposition figures. In 2012, Bahraini officials hacked the phone of Husain Abdulla, Director of Americans for Democracy and Human Rights in Bahrain (ADHRB). Since its inception, FinFisher has been a boon to repressive governments and an added burden for human rights defenders. Britain’s National Cyber Crime Unit should fully investigate the allegations brought forward by Privacy International, while the U.K. government should utilize the leverage provided by its close alliance with Bahrain to push back against the harassment of expats living under British protection.
Eric Eikenberry is an Advocacy Intern with ADHRB