Saudi human rights activist Loujain al-Hathloul is suing spyware firm DarkMatter Group and three former U.S. intelligence officials for their role in a scandal that helped land her in a Saudi Arabian prison.
Former DarkMatter Group executives Marc Baier, Ryan Adams, and Daniel Gericke pleaded guilty in September for their role in Project Raven, in which the government of the United Arab Emirates (UAE) hired a group of former U.S. intelligence agents to develop surveillance technology that was often used against human rights activists and other dissidents.
Baier, Adams, and Gericke have been identified by the Department of Justice (DOJ) as “former employees of the U.S. intelligence community or the U.S. military,” and Reuters named Baier as a former National Security Agency employee in its exposé on Project Raven.
According to al-Hathloul’s Dec. 9 lawsuit against the former intelligence officials, their activity led to her 2018 arrest in the UAE, where she was transferred to Saudi Arabia and held without charges or a trial for 10 months.
Al-Hathloul, a leader in the Saudi women’s rights movement, said her phone was initially hacked by DarkMatter in 2017, giving them access to her text messages, emails, and real-time location data.
“Later, al-Hathloul was driving on the highway in Abu Dhabi when she was arrested by UAE security services, and forcibly taken by plane to the KSA [Kingdom of Saudi Arabia], where she was imprisoned twice, including at a secret prison where she was subject to electric shocks, flogging, and threats of rape and death,” Electronic Frontier Foundation (EFF) said in a statement announcing that they’re representing al-Hathloul in the lawsuit.
When she was finally tried and convicted in Saudi Arabia in 2019, the charging documents referenced private communications that were stored on her iPhone. She was released from prison in February.
“These included private communications between Ms. al-Hathloul and other human rights activists that had been transmitted via Telegram and WhatsApp, both end-to-end encrypted messaging services,” the lawsuit reads.
“Al-Hathloul’s arrest and rendition by the UAE, as well as her detention and torture by Saudi Arabia, were facilitated by Project Raven’s hack of her iPhone using an iOS exploit, the resulting surveillance, and the access to and sharing of information exfiltrated as a result of the hack between or among Project Raven, UAE, and Saudi Arabia.”
Al-Hathloul is accusing DarkMatter and the executives of violating the federal Computer Fraud and Abuse Act, which outlaws unauthorized uses of computers. The lawsuit, filed in a federal court in Portland, Oregon, seeks damages and costs.
EFF said in its statement that DarkMatter’s conduct is more egregious than that of another controversial company, the Israeli-based NSO Group, because the former actively assisted in targeting government dissidents.
“Project Raven went beyond even the behavior that we have seen from NSO Group, which has been caught repeatedly having sold software to authoritarian governments who use their tools to spy on journalists, activists, and dissidents,” said EFF cybersecurity director Eva Galperin, referencing the Israeli spyware vendor that was recently sanctioned by the United States and whose software was found to be used against State Department officials. “DarkMatter didn’t merely provide the tools; they oversaw the surveillance program themselves.”
The defendants couldn’t be reached for comment; their attorneys in the DOJ proceedings didn’t respond to an email inquiry from The Epoch Times. According to EFF, Baier resides in UAE, Adams is a resident of Oregon, and Gericke lives in Singapore.
Al-Hathloul said fighting spyware companies is key to the work of human rights activists.
“No government or individual should tolerate the misuse of spy malware to deter human rights or endanger the voice of the human conscience. This is why I have chosen to stand up for our collective right to remain safe online and limit government-backed cyber abuses of power,” she said.
“I hope this case inspires others to confront all sorts of cybercrimes while creating a safer space for all of us to grow, share, and learn from one another without the threat of power abuses.”