Journalists and human rights defenders have long been targets of invasive surveillance. A dizzying range of surveillance tech solutions make it easier than ever for authoritarian governments, nefarious corporate actors and malicious criminal groups to keep tabs on their critics. A recent US court ruling against NSO Group has confirmed just how deep the problem runs: the court held NSO liable over a WhatsApp hack targeting 1,400 devices using its Pegasus spyware in 2019 – two whole years before the company made international headlines over use of its products by repressive regimes – compromising the security of government officials, journalists, human rights defenders, political dissidents and diplomats. This decision follows an earlier court order requiring NSO to disclose its spyware code to WhatsApp as part of the lawsuit. The case marks a major victory for accountability in an industry that thrives on secrecy. Yet the threat persists – just weeks ago, Meta revealed that nearly 100 journalists and civil society members were allegedly targeted by spyware from Paragon Solutions.

These incidents are not isolated and reflect a much broader, systemic problem within the commercial surveillance industry. Targeted surveillance technologies pose a pervasive threat not only to human rights but also to national security, and other businesses. From spyware infiltrating journalists’ devices to surveillance tools tracking dissidents and human rights defenders, these technologies fuel repression while operating in the shadows. Their impact is devastating: endangering lives, undermining democratic processes, and even exposing companies to security risks. High-profile incidents, such as attackers exploiting vulnerabilities in WhatsApp, Google and Apple are case in point.

Our database of business-related human rights news has recorded over 1,500 entries related to surveillance technologies since 2011, including more than 400 entries involving spyware. We have reached out 144 times to tech companies regarding their alleged involvement in surveillance-related human rights abuses. Despite the significant human rights risks inherent in surveillance and our persistent attempts to engage companies, the sector’s response rate stands at 41% - lagging behind the average across all sectors (55%) and underscoring the fundamental opacity of the industry, pointing to critical gaps in transparency and accountability practices and the dangers this poses for society at large.

One of the key obstacles in addressing harms related to targeted surveillance is the challenge of getting to know the companies behind these technologies. To help bridge this gap, we are consistently monitoring targeted surveillance companies and keeping track of their human rights policies and practices.

Our freshly-updated resources on tech companies now include 41 dashboards monitoring key companies providing targeted surveillance products and services – companies selected based on two criteria: their existing alleged links to documented human rights abuses recorded in our database or their prominence in the provision of these services and products.

These dashboards serve as a critical resource for civil society and policymakers seeking to understand or address the corporate actors behind surveillance-related human rights abuses, and aid companies and investors to assess practices of these actors. Our aim is to make available comprehensive data on each of these companies, including allegations of abuse, corporate responses (or lack thereof), publicly available policies on transparency and human rights, and their status in different rankings or networks.

A close analysis of these 41 targeted surveillance companies reveals systemic gaps in corporate responsibility and human rights protections:

• 95% fail to publish transparency reports, obscuring how they handle government surveillance requests and enforce their policies.
• 80% lack publicly available human rights policies, offering no clear commitments to prevent misuse of their products.
• 61% do not have a business code of conduct, raising concerns about ethical governance.
• 86% are headquartered in Global North countries, reinforcing concerns about their disproportionate role impacting the rights of people, especially those in the Global South.

Looking ahead

These findings make one thing clear: while the legality and legitimacy of these operations are under scrutiny, their continued inaction poses serious legal, financial, and reputational risks – not just for these companies, but for those who may have business relationships with them. This is a wake-up call for investors to recognise the irreversible damage these companies can cause and demand stronger safeguards to prevent these risks from transferring to them. It is also a call for regulators worldwide to enforce due diligence requirements, accountability, transparency, and human rights protections in the commercial surveillance industry. Without meaningful action, the dangers posed by these firms will only intensify – threatening fundamental rights, security, and global stability.