The legal watchdog NGO iLaw, along with activists whose electronic devices have been infected with the Pegasus spyware, filed a petition on Wednesday (17 July) with the House Standing Committee on National Security, Border Affairs, National Strategy, and National Reform calling for an investigation into the Thai government’s use of spyware against citizens.

MFP MP Rangsiman Rome (second from left) receiving the petition from iLaw manager Yingcheep Atchanont. (Photo from iLaw)

The petition was received by activist-turned-Move Forward Party (MFP) MP Rangsiman Rome, Chair of the Committee. He said that evidence was previously found linking Thai anti-drug agencies with NSO Group, the Israeli developer of the Pegasus spyware, leading to budget adjustments during the previous government’s term. He noted that there is no record of the current government’s Pegasus spyware purchase in budget documents, but it is unclear whether similar spyware has been purchased.

Rangsiman said that the Committee will be summoning government agency representatives to testify and find a solution. If the mechanism available through the Committee proves ineffective, however, he said that there are other mechanisms available, such as forming a working group specifically to tackle the issue.

In 2022, iLaw found that at least 35 activists, students, academics, NGO workers, and politicians had their phones infected with the Pegasus spyware, which is often used for surveillance and only licensed by the NSO Group to government agencies with the approval of the Israeli government.

The spyware can infiltrate a target’s device without the use of click bait lures employed in other hacks, and an automatic tracking record erasure that removes software footprints. It allows attackers to gain complete control over an infected phone, providing access to photos, videos, messages and call records. It can also be used to turn on phone cameras and microphones, allowing hackers to observe real-time situations without the knowledge of the phone owners.

A report by Citizen Lab was released around the same time alleging that there is internet activity linking the Internal Security Operations Command (ISOC) national security agency with the NSO Group.

During a parliamentary censure debate on 19 July 2022, Chaiwut Thanakamanusorn, then Minister of Digital Economy and Society, said he was aware that Pegasus was being used in Thailand in cases related to “national security” and drug trafficking.

Since the use of spyware against dissidents is a serious violation of privacy, iLaw noted that several governments are being sued by their own citizens for using the spyware. In June 2023, a group of activists filed a lawsuit with the Administrative Court against nine government agencies for using the spyware to steal private information. The Administrative Court has yet to rule whether it will accept the lawsuit.

Meanwhile, activist Jatupat Boonpattararaksa, whose phone was also infected with the spyware in 2022, filed a lawsuit with the Civil Court against the NSO Group for 2,500,000 baht in damages for violation of privacy. Jatupat has refused a settlement of the lawsuit with the company, and witness examination has been scheduled in September.