Organizations file legal challenge against spyware contract

The case aims to block the contracting of Harpia, which won the bidding process organized quietly by the Ministry of Justice and Public Security

Foto: Marcelo Casal Jr./Ag. Brasil

Four civil society organizations filed on Tuesday, August 3, a petition for the Federal Audit Court to prevent the Ministry of Justice and Public Security from contracting the Harpia spyware system, which was recorded in an electronic auction of the federal government for the “acquisition of an Open Source Intelligence Solution for Social Media and Deep and Dark Web”. The petitioners are Conectas, Igarapé Institute, Sou da Paz Institute and Transparency International.

Harpia Tech, responsible for the service, won a bidding process staged by the Ministry of Justice for the contracting of spying services. To begin with, as exposed by an article on the UOL web portal, the ministry was interested in buying the Pegasus surveillance software. This system, developed by the Israeli company NSO Group, has been used by dozens of governments in different countries to hack the mobile phones of political opponents, journalists and human rights defenders. However, the company withdrew from the negotiations with the Brazilian government due to alleged irregularities. 

Read more: 

• Interview: The risks of digital surveillance to democracy
• In an open letter, organizations call for a moratorium on the use of surveillance technology

Lack of transparency in the bidding process 

In the petition, the organizations state that although NSO Group had already withdrawn, the main problem was the lack of transparency in the handling of this bidding process, preventing “the population from knowing the limits of exactly what is being contracted with public money”. In this regard, and again according to the petition, “we can see that the contracted solution, offered by the company Harpia Tech, is also potentially harmful to the public interest, which makes the investment of public funds in its purchase a highly questionable endeavor”.

The organizations went on to say that the Harpia tool is quite dangerous because “it can make use of data resulting from hacks, leaks and exploits, as well as virtual crimes” and because there are no control mechanisms planned to prevent potential abuse. Another point raised by the petitioners is that the possibility of making the service available to more than 200 public agencies, including the security forces, makes the potential damage even greater. 

In a prior complaint to the Federal Audit Court, the same organizations warned about possible irregularities in the federal government’s bidding process: inadequacy of the bidding model chosen; overstepping of authority and violation of the principle of legality; and illegality of the item contacted, since the system will be used for surveillance, which is incompatible with the Democratic State and may constitute a misuse of its power.