Amnesty International has released a report detailing alarming allegations of unlawful surveillance targeting activists and journalists in Serbia. The report claims Serbian authorities are employing sophisticated mobile device hacking tools, including technology developed by Israeli company Cellebrite, to gain unauthorized access to individuals’ phones and install spyware for tracking purposes. This practice, Amnesty International argues, constitutes a grave violation of privacy and freedom of expression, undermining the fundamental rights of those targeted.
The report outlines how individuals, including journalists and civil society members, have been subjected to prolonged detentions under various pretexts, during which their phones were confiscated and examined. While in custody, some individuals underwent additional procedures like drug testing and psychological evaluations, seemingly designed to prolong the detention period and provide authorities with more time to access their phones. During this time, police allegedly installed “Novispy,” suspected state-developed spyware, onto the confiscated devices. In some instances, access was gained through exploiting vulnerabilities in phone software, such as a now-patched flaw in Qualcomm chips.
One specific case highlighted in the report involves Slaviša Milanov, deputy editor of Serbian news outlet FAR, and the outlet’s editor-in-chief. The two were stopped by authorities while driving, detained, and had their phones seized. Upon returning the phones, the journalists noticed suspicious activity, including toggled data and Wi-Fi settings and unusually high battery consumption. Milanov reported discovering additional software on his Android device, a Xiaomi Redmi Note 10S, suggesting data extraction despite not disclosing his password. He estimated that 1.6GB of data had been taken from his phone.
These revelations raise serious concerns about the potential misuse of powerful digital forensic tools. While designed to assist law enforcement in legitimate investigations, such tools can be readily abused in the absence of robust oversight and accountability mechanisms. The Amnesty International report emphasizes that the Serbian government must take immediate action to halt this illegal surveillance, provide redress to victims, and ensure those responsible are held accountable. The organization also calls on Cellebrite and other digital forensic companies to strengthen their due diligence processes, ensuring their products are not employed in ways that facilitate human rights abuses.
Cellebrite has responded to the allegations, maintaining that its products are strictly licensed for lawful use, requiring a warrant or legally authorized investigation, as stipulated in their end-user agreements. A senior director at Cellebrite, Victor Cooper, assured both Amnesty International and media outlets that they are investigating the alleged misuse of their technology in Serbia. The company claims to be prepared to impose appropriate sanctions in conjunction with relevant agencies should the allegations of misuse be substantiated.
The core issue highlighted in the report is the delicate balance between legitimate security needs and the protection of fundamental human rights. While law enforcement may require access to digital devices in specific circumstances, the use of powerful hacking tools must be strictly regulated and subject to robust oversight. The unchecked use of such tools, as alleged in Serbia, poses a significant threat to freedom of expression, privacy, and the right to a fair trial, ultimately undermining the foundations of a democratic society. The international community must exert pressure on governments engaging in these practices to ensure they adhere to international human rights standards and uphold the rule of law. Similarly, companies developing and selling these powerful tools bear a responsibility to prevent their misuse and ensure their products are not contributing to human rights violations.
