It would be wrong to think that concerns about the Pegasus spyware from NSO, the Israeli company, are behind us here in the UK, particularly in relation to lawyer confidentiality. 

Jonathan Goldsmith

Jonathan Goldsmith

The spyware raised its head in the autumn in the case between the ruler of Dubai, Sheikh Mohammed Al Maktoum, and his ex-wife, Princess Haya of Jordan. The High Court ruled that he gave his express or implied authority to the hacking of his ex-wife’s phone and the phones of two of her solicitors, Lady Shackleton and Nicholas Manners from Payne Hicks Beach.

In the High Court judgment, it emerged that Lady Shackleton was warned about the hacking from two sources on the same day. One of those sources was Cherie Blair, who, it was reported, acted as an adviser to NSO on business and human rights matters. Cherie Blair had been rung by NSO itself, which claimed that they were very concerned to discover that their spyware was being used against Lady Shackleton (that’s what the evidence said), and asked Mrs Blair to contact Lady Shackleton about it.

After that, NSO took steps to ensure that no further surveillance could take place on the solicitors’ phones, and indeed the High Court records that the contract which led to the surveillance – presumably with Dubai, but the client is never revealed – was stopped, likely leading to a loss to NSO of tens of millions of dollars.

It was reported at around the same time that NSO had taken steps to ensure that its Pegasus software would no longer work on UK numbers, beginning with +44.

I hope that Mrs Blair’s telephone has never stopped ringing since the night in August 2020 when she received the call about Lady Shackleton. That is because evidence contained in a statement released last week by the Council of Bars and Law Societies of Europe (CCBE) on the fall-out from the Pegasus scandal shows how lawyers have been targeted not only in the UK, but elsewhere in Europe (France, Hungary and Poland, for instance).

NSO does not use its software itself. It claims it is sold only to government intelligence and law enforcement authorities to enable those clients to identify, investigate and prevent serious crimes and terrorism, and otherwise protect public safety. Yet, funnily enough, an enquiry by the Forbidden Stories consortium and Amnesty International, which had access to 50,000 records of phone numbers selected by NSO clients in more than 50 countries since 2016, showed that many domestic journalists and lawyers were targeted. What a surprise!

The CCBE reports that in Hungary, the leaked data included the numbers of at least 10 lawyers, the President of the Hungarian Bar association among them. Just over six weeks ago, it was reported that Pegasus was used in Poland against a lawyer who is known for representing politicians from the Polish opposition. The President of the Polish Bar Council sent a letter on his behalf to the Polish government in protest.

American officials added the NSO Group to a commerce department blacklist in November 2021, banning US firms from trading with the NSO group. Of course, evidence then emerged just last week that the FBI had itself bought Pegasus, but swore it had never used it in support of any investigation.

Apple also announced in November 2021 that it was suing the NSO Group, seeking a permanent injunction to ban the company from using any Apple software, services, or devices.

What has this got to do with solicitors and the Law Society, particularly since it was announced that Pegasus would no longer be used against +44 numbers?

Well, for a start, there are thousands of solicitors who work abroad – over 10,000 of them at the last count. That is a considerable chunk of our profession at risk of being targeted by ill-intentioned governments. Our large firms abroad work on the most sensitive cases, putting their lawyers’ phones at particular risk.

Second, we are taking the say-so of a private company outside our jurisdiction that its software is no longer targeting us domestically. What it can give, it can also take away, without our even knowing it. The fact that a private company outside our jurisdiction has such power raises the same kind of questions as the control of Big Tech in general, which governments around the world are trying to bring to heel - only in the Pegasus case, governments have less incentive since they benefit from the software.

Late last year, 10 MPs wrote to our government asking it to follow in the US’s footsteps to blacklist the NSO Group. The CCBE has now similarly called on authorities in the EU ‘to protect and enhance the confidentiality of lawyer-client communications when modern technology is used’.

The Law Society should support similar targeted efforts on behalf of its members.

 

Jonathan Goldsmith is Law Society Council member for EU and international matters and a former secretary general of the Council of Bars and Law Societies of Europe. All views expressed are personal and are not made in his capacity as a  Law Society Council member, nor on behalf of the Law Society