Making Tech Surveillance a Reporting Beat

Editor’s Note: This is the third excerpt taken from GIJN’s in-depth report on “The Investigative Agenda for Technology and AI Journalism,” based on a day-long pre-conference event held on November 20 at GIJC25, where 100 investigative journalists, editors, tech experts, and researchers from nearly 50 countries and territories convened to examine the most urgent technology-related challenges and opportunities facing investigative journalism today. Credits and acknowledgments for this project can be found here.

One of the defining dimensions of the expansion of digital technologies in contemporary societies is the unprecedented surveillance capacity they offer to both state and private actors. This surveillance can be direct, through highly intrusive tools such as mercenary spyware originally designed for government use, or indirect, through the vast quantity of data footprints individuals leave as they navigate an increasingly digitized world.

For journalists, this transformation has profoundly altered the risk landscape. Investigative reporting relies on confidentiality, source protection, and the ability to work without interference. Surveillance technologies strike at the heart of these principles by enabling covert access to devices, communications, contacts, and professional networks.

During the pre-conference, John Scott-Railton, senior researcher at Citizen Lab, reminded participants that journalists are not incidental or collateral targets of surveillance: they are primary and recurrent targets, across political systems, including in countries commonly described as democratic.

As early as 2017, Citizen Lab documented the use of the Israeli spyware Pegasus, developed by NSO Group, to surveil Mexican journalists, including Carmen Aristegui.

In 2021, the Pegasus Project, coordinated by Forbidden Stories — whose editor-in-chief at the time is the author of this report — showed how Pegasus spyware had been used against 200 journalists alongside activists, lawyers, and political opponents across continents.

More recently, in 2022, journalists in Greece were found to have been targeted using Predator, another mercenary spyware product, highlighting the expansion of these practices within the European Union.

Forbidden Stories’ investigation looked into Pegasus spyware targeting of journalists across four continents. Image: Screenshot, Forbidden Stories

How to Make Tech Surveillance a Reporting Beat

While journalists are frequently victims of digital surveillance, the pre-conference emphasized that they have also increasingly turned spyware and surveillance systems into an investigative beat in its own right.

John Scott-Railton described the emergence of what he called a “spyware accountability ecosystem,” composed of journalists, technical researchers, and NGOs working collaboratively across borders. This ecosystem includes investigative outlets such as Lighthouse Reports, Paper Trail Media, Forbidden Stories, specialized journalists, alongside technical units like Citizen Lab and Amnesty International Security Lab, and advocacy groups like Reporters Without Borders or Access Now.

Several investigative entry points were highlighted:

• Technical investigations and notifications: Forensic analyses conducted by organizations such as Citizen Lab and Amnesty International play a central role in detecting traces of spyware on journalists’ phones and confirming suspected attacks. Threat notifications from companies such as Apple, Google, WhatsApp, and Microsoft can also act as a trigger.

• Contracts, procurement, and public records: Surveillance technologies leave paper trails. Journalists have exposed spyware deployments by examining contracts or procurement databases. One example discussed was the revelation, thanks to public procurement documents, that the US Immigration and Customs Enforcement (ICE) had contracted spyware technology from the Israeli company Paragon Solutions.

• Import-export data: In India, reporters from OCCRP demonstrated that India’s Intelligence Bureau purchased hardware matching Pegasus deployment infrastructure by analyzing import documents.

• Litigation as a source of evidence: Legal proceedings have become a major source of information. In a landmark case, WhatsApp sued NSO Group for exploiting its infrastructure to deliver Pegasus spyware. The ruling against NSO generated unprecedented disclosures about spyware capabilities, business models, and client practices.

• Leaks and collaborative investigations: Leaks remain central. Beyond the Pegasus Project, newer investigations such as “Surveillance Secrets,” coordinated by Lighthouse Reports and published in October 2025, rely on leaked documents to map the surveillance industry.

• Political accountability and requests for comment: Speakers highlighted the importance of directly questioning political authorities. Mexican journalist Nayeli Roldán from Animal Político showed how, following a thorough investigation, directly confronting then-President Andrés Manuel López Obrador was central to exposing the illegal use of Pegasus by the Mexican army, underscoring the role of evidence-based, adversarial interviews at the heart of investigative journalism.

Expanding the Threat Landscape: Beyond Spyware

Spyware is not the only digital threat facing journalists. As societies become more digitized, metadata and indirect tracing increasingly undermine investigative journalism and source protection.

A striking recent example concerned the arrest of a Washington Post source, whose identity was allegedly uncovered through printer metadata, demonstrating how seemingly mundane technologies can become surveillance vectors. Journalists and sources now generate extensive digital exhaust (location data, device fingerprints, login records) that can be reconstructed by authorities long after the fact.

AI-Amplified Risks and New Forms of Digital Threats

The pre-conference discussion also highlighted how artificial intelligence intensifies existing threats and creates new ones.

AI lowers the cost and expertise required to conduct surveillance, analyze large datasets, and identify patterns in communications and behavior. John Scott-Railton warned of the convergence between spyware and AI, where automated systems could conduct surveillance at scale, ask complex questions about journalistic networks, and flag “suspicious” relationships with minimal human oversight.

Beyond surveillance, AI has enabled identity-based attacks against journalists. Ukrainian journalist Nataliia Romanyshyn, an AI specialist at Texty.org.ua, presented work documenting the use of AI-generated deepfakes on TikTok, where female journalists’ faces and voices were cloned to spread disinformation. These videos, viewed millions of times, provoked harassment and reputational damage against journalists who never uttered the fabricated statements.

Image: Screenshot, Texty.org.ua

This phenomenon disproportionately affects women journalists and intersects with online harassment. A recent global study by ICFJ documented how online violence against women journalists creates chilling effects, undermining press freedom and professional participation.

Priorities identified:

• Strengthen collaborations between journalists, technical researchers, NGOs, and lawyers.
• Systematically use contracts, procurement, litigation, and trade data to investigate spyware deployment.
• Invest in digital security literacy within newsrooms.
• Document AI-enabled abuses, including deepfakes, impersonation, and automated targeting.
• Center political accountability, through persistent questioning of authorities and transparency demands.
• Re-think source protection strategies in light of pervasive metadata and indirect surveillance.

Sandrine Rigaud is the program director of GIJN. She is an investigative journalist, director, and Emmy-winning producer who served as editor-in-chief of Forbidden Stories from 2019 to 2024. In that position, she led international collaborations to continue the work of assassinated or under threat reporters, co-ordinating investigations involving up to 100 journalists and 30 media outlets, including Le Monde, The Washington Post, The Guardian, Der Spiegel, Haaretz, and El País. She teaches investigative journalism at the School of Journalism of Sciences Po Paris and is co-author of “Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy.” A Nieman Fellow at Harvard in 2024/2025, she worked on global investigative collaborations, leaked data management, and Artificial Intelligence.