Global: 46 organisations call on states to prioritise protections against spyware during the 2023 Summit for Democracy
We, the undersigned organisations and individuals, call on the governments convening the Summit for Democracy 2023 to prioritise human rights due diligence for spyware technologies on the Summit’s agenda. We have witnessed and reported on how spyware has been repeatedly used to silence journalists, surveil human rights defenders, muzzle dissent, suppress freedom of expression of minorities, target LGBTQ+ persons and women, intimidate academia and discourage peaceful protests. To achieve greater transparency, accountability, peace and a more prosperous future for all, in alignment with the stated objective of the Summit, states and investors must act to prevent the proliferation and abuse of spyware...
...States and investors, including venture capital (VC) firms, have a critical role and shared interest in preventing the abuse of spyware.
Since 2017, the world’s largest 50 VC firms (three quarters of which are domiciled in the United States) have collectively raised 309.2 billion USD, which is larger than the GDP of most countries. Early-stage investors ultimately influence which tech startups receive funding and which ideas are deemed worthy of developing. VC firms help shape the future of technology, and with it the future of our economies, politics and societies, and the realisation of human rights.
In accordance with the United Nations Guiding Principles on Business and Human Rights, VCs have a responsibility to undertake human rights due diligence when investing in spyware due to the scope, severity of impact and low likelihood for remedy when the technology is abused. VCs, particularly those based in the Global North, must address the imbalance of power that spyware imposes on at-risk communities within their own countries and those in the Global South. This entails taking steps to identify, prevent, mitigate, remedy and account for human rights impacts through meaningful stakeholder engagement with affected communities—including during the iterative phases of product development prior to deployment.
However, there have been very few public responses and disclosures from technology investors about their human rights due diligence practices to prevent these abuses, and those that invest in spyware are even more opaque about their procedures. The responses that civil society has received rarely address the salient human rights risks at hand.
States have an obligation to regulate the spyware industry, as well as their investors, to prevent and mitigate human rights harms. States must therefore strengthen the collective enforcement of legal, operational and financial impacts for spyware companies who operate outside of international human rights standards. Towards this aim, we recommend that states:
- Ban the sale of spyware until a system of safeguards is in place to prevent human rights abuses and hold companies liable for their negative human rights impacts. Increase assistance, both preventative and reactive, for at-risk groups who are targeted by spyware, including human rights defenders.
- Ensure that all companies, including VC firms, domiciled in their countries are required to undertake human rights due diligence in respect of their global operations and investments. The same should apply for companies that seek to do business within their domestic jurisdictions. This includes comprehensive transparency requirements for investors, including public disclosures from VCs about their investments.
- Ensure that all companies, including VCs carry out stakeholder engagement with a wide range of actors, especially those most impacted by their products and services including at-risk individuals in the Global North and those disparately impacted in the Global South, to understand the implications of their investments and evolve their practices.
- Ensure that government agencies carry out effective human rights due diligence as a pre-requisite to contracting technology companies, especially surveillance-tech and cybersecurity companies.
- Hold corporate entities, including VC firms, accountable for human rights abuses that amount to criminal behaviour. Commit to cooperating in good-faith investigations about the abuse of spyware in other jurisdictions...
[Click the link above to view the full statement and list of signatories]
The statement is also available in Arabic via the Gulf Centre for Human Rights website.