Amnesty International has revealed that a prominent female journalist in the Dominican Republic has been targeted by NSO Group’s Pegasus spyware. Nuria Piera’s mobile device was infected with Pegasus, which provides complete and unrestricted access to a device, three times between 2020 and 2021, according to Amnesty International’s Security Lab analysis. Piera, who has focused on issues of corruption and impunity in the country throughout her career, was conducting high-profile investigations around the time her device was infected. The Dominican Republic is the third country in the Americas, after Mexico and El Salvador, where Amnesty International has confirmed the use of Pegasus to target journalists and human rights defenders.
Amnesty International’s investigation found evidence that Piera’s device was first compromised with Pegasus in or around July 2020. She was also notified of the spyware’s presence in September and October 2021. Piera stated that she had never received a judicial order or formal notification from the Dominican authorities that she was under surveillance. The revelation means that there are now at least 18 countries where it has been confirmed that journalists were targeted with spyware, although the actual scale of the abuse of surveillance technology is likely to be much higher. Amnesty International is calling on states to adopt a global moratorium on spyware.
The lack of transparency around the use of surveillance and spyware makes it challenging for victims to obtain information or seek accountability. Amnesty International spoke to dozens of journalists and human rights defenders in the Dominican Republic who suspected they had been targeted for surveillance because of their work. Most thought that intelligence officers were targeting them using traditional forms of surveillance, such as wiretapping. In the Dominican Republic, there are no clear avenues for adequate remedies in the event of unlawful targeted surveillance. The constitutional avenue for data and privacy protection, Habeas data, and the criminal remedy available under Law 53-07 on Crimes of High Technology (Ley 53-07 sobre Crímenes y Delitos de Alta Tecnología), can only be used when the identity of the surveilling party is known, which is not always possible without the necessary technical skills.
