On October 13, 2014, Privacy International filed a formal criminal complaint asking the National Cyber Crime Unit of the NCA to investigate Bahrain’s alleged infection with Finfisher malware of the computers and cell phones of three Bahraini human rights activists living in asylum in the UK: Moosa Abd-Ali Ali, Jaafar Al Hasabi and Saeed Al-Shehabi. FinFisher gives its user full access to a target’s device, enabling documents to be copied and transmitted, cameras and microphones to be remotely turned on, and emails to be sent from the target’s account.
In August, Bahrain Watch and WikiLeaks had published evidence of exchanges between Bahraini officials and Finfisher technical support staff. Finfisher was a subsidiary of UK-based Gamma International at the time of the alleged infection, but it has since become an independent German-based firm.
The complaint alleges that Bahraini authorities engaged in unlawful interception of communications under section 1 of the Regulation of Investigatory Powers Act 2000 (“RIPA”). Gamma International is alleged to be an accessory under the Accessories and Abettors Act 1861 and/or to have violated the Serious Crime Act 2007 by encouraging and assisting Bahrain in illegal surveillance.
Privacy International’s Press Release is available at https://www.privacyinternational.org/?q=node/84.
Should the NCA decline to investigate the Ethiopian and/or Bahraini FinFisher complaint, Privacy International could bring actions in court.