Wed, July 3, 2013 10:36 am
Dear Respected Authorities Instituto Federal de Acceso a la Información y Protección de Datos México:
On June 21, two requests for verification, identified with the numbers IFAI/SPDP/DGV/544/2013 and IFAI/SPDP/DGV/545/2013 were submitted to the competent authorities in Mexico.
The request for verification refers to findings on the use of FinFisher in Mexico, as it was published by recent academic investigations by the Citizen Lab. They are an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto. I am unaffiliated directly but work on similar research, often collaborating with Citizen Lab.
It is absolutely imperative to identify and to monitor these kinds of malware systems. While they may be used for so-called legitimate surveillance, they are fundamentally indistinguishable from almost all criminal computer compromises.
As independent experts on the security field and advocates for privacy and freedom of expression – many of us in the larger community – encourage IFAI according to its mandate, to open the verification process as requested by multiple human rights organizations.
A verification by the competent authorities will shed the light on the real deployment, use, outreach and responsible actors on the allegedly used surveillance technology in Mexico. This verification will seek to understand the balance and proportionality of such computer and network breakins. Such system compromises jeopardize the privacy and personal data of Mexican citizens.
Do not hesitate to contact me if you need more information about this investigation.