North Macedonia endorses human rights initiative, still allows development of Predator spyware
In December 2021, at the first Summit for Democracy, the United States, Australia, Denmark and Norway announced the Export Controls and Human Rights Initiative to counter misuse of technology that violates human rights. In a joint statement, the four governments committed to:
“... establish a voluntary, nonbinding written code of conduct around which like-minded states could politically pledge to use export control tools to prevent the proliferation of software and other technologies used to enable serious human rights abuses.”
Canada, France, the Netherlands, and the United Kingdom also expressed support.
The United States released the first version of the code of conduct this past March, at the second Summit for Democracy. Among other things, the code of conduct calls for governments to:
“Take human rights into account when reviewing potential exports of dual-use goods, software, or technologies that could be misused for the purposes of serious violations or abuses of human rights.”
Sounds great, right?
Well, here’s where things get interesting.
More than twenty governments have endorsed this code of conduct, including North Macedonia. The same North Macedonia which allows Cytrox to develop and sell its Predator spyware, despite research showing it has been used to target human rights defenders, journalists, and politicians in at least two countries since 2021.
Ten days before the release of the code of conduct, The New York Times reported that a former trust and safety manager with Meta, Artemis Seaford, had been targeted with Predator in September 2021. Seaford, a U.S.-Greek national, is one of dozens of alleged victims of Predator in Greece.
In her testimony to the European Parliament committee set up to investigate use of spyware, Seaford emphasized that victims still have no clear path to accountability. Speaking about the unfolding spyware scandal in Greece, Seaford said the victims have “no incentive to speak out, they have everything to lose and very little to gain."
Last year, The New York Times and Inside Story reported that Predator had been sold to Madagascar and Sudan, both countries with a history of repression. And in April, Inside Story wrote that “local regulators in North Macedonia have turned a blind eye to Predator’s development in the country.” Turns out one of the owners of Cytrox, Ivo Malinkovski, is a member of a family well-known for making wine – and dealing arms.
I have yet to see any meaningful response from other governments, though members of the European Parliament are asking questions about how the spyware ended up in Sudan. At the very least, I’d expect the four countries which created this human rights initiative to discuss the issue with their partners in North Macedonia.
While we wait for, let’s be honest—the next article about yet another Predator victim, here are some technical details about the Predator spyware from Cisco Talos for us to dig into.