Why did you decide that cyber security and surveillance deserved special coverage through your newsletter?
Media generally have been recovering technology the wrong way for a long time, as geek culture or through financial lenses. In Israel even more, because it’s a startup pornography nation. The idea of our desk is to consolidate a focus on technology and to make sure it’s coming from a political perspective. We’ve always been exposed to the Israeli high-tech scene, learning a lot about the offensive cyber industry over the past few years. But cyber is an empty word, it just means digital. The point is that we don’t yet have a language to talk about it. While we were familiarising with these cyber firms, we understood little of what they were and what they were doing. Of course, we reported that Israel was selling technologies to other countries, but digital weapons are not the same as selling an antivirus to Saudi Arabia, right?
When we joined the Project Pegasus, we learned more about digital arms, traded with government oversight for political reasons. It’s also when we understood that we have to work together, and that our ability as journalists to collaborate is really important because these surveillance firms are multinational trying to hide their fragmented operations: they produce the technology in Israel, the seller might be a Belgian businessman, the client might be Indonesian. You can’t cover the whole story alone, so working together really helps, because everyone has different skill sets. There’s a trend in journalism, what the New York Times calls visual investigations , which I think is a pretty good term, or what Bellingcat calls open-source investigations. Which is not exactly what we do: our desk is an open-source investigation desk focused on technology from a non-technological perspective. This is our mandate and what we try to do in our NatSec+ newsletter.
Take us a bit more into your newsroom. How many people are there? What are the different tasks and skills that you put in place? How do you cooperate each other, so I’ll get the picture of
Our desk is de facto a 3-man investigation team, with different sets of skills. Oded Yaron is the person leading this to operation, he covers arms technology and he’s our open-source expert in terms of documents, corporate structures, all these stuffs, very classic, hardcore Osint work. The editor of the Newsletter is a man called Avi Sharf and he’s been Haaretz’s expert plane watcher for many years. We used to treat plane watching only as leads, to feed other reporters, now it’s a stand-alone. And I do cyber and human, I deal with sources, and I try to corroborate the leads we get from the open-source activities, and that’s a really important thing. There are a lot of desks that are doing open source-work only, Bellingcat doesn’t talk to people. We’re trying to bring this digital know-how back to the core of journalistic practice. Plus the moment you open up to thinking of the digital space as a political space, it’s really like you have more stories than time.
A small example, one of the beats that I’m really involved in covering, is Wikipedia. It is not just an online encyclopaedia, but also an open-source arena, right? So I’m looking at the actual editors, who they are, and map the people trying to influence the public discourse in Israel. Wikipedia feeds Google, feeds ChatGPT, if you can manipulate that, it has massive effects. Wikipedia is seen as a geek culture product, no one would ever think it’s connected to surveillance, but it is another example of a technological arena with high political stakes. The challenge for a newsroom is that it takes time to understand and adapt the meta-narratives, then put forward coherent stories that will educate not only the public, but also the newspaper itself to think about these stories in a different way.
Can you elaborate more on this different way? How would you advise another young journalist covering these topics?
It touches on the key point of education. I think the biggest problem with technology is that it is wrapped up in this discourse of innovation, which prevents the public from understanding it, but also prevents journalists from properly covering and working with it. You ask any person in the public what they think about the proliferation of nuclear weapons and they have an opinion, even though they have no clue how nuclear fusion works. When it comes to digital technology, people will tell you that they don’t understand how it works, so I don’t have answers. I think it doesn’t matter how it works. We’re trying to move away from a discourse that comes attached with technology and says this is new, innovative, cutting edge, and we can’t regulate it because we don’t understand it. This stuff is new at some level, but it doesn’t pose a new regulatory problem. We’ve been regulating arms for close to a hundred years, you can’t buy a nuclear bomb on Amazon and that’s great. Let’s reach a point where you can’t buy digital spyware technologies in this manner. We’re not even having this discussion!
But I think the big lie with covering technology is that it is nowhere. Think of how we conceive cloud technology. No, cloud actually means servers in Iceland. If you’re covering cloud hacking, somewhere there’s an office, there are people. Many times, technology reporting is much easier than other fields because people in the business don’t perceive themselves as part of the defence apparatus. If I were to reach out to the head of the IDF’s military technology unit, he would hang up the phone. But if I’m calling a company whose clients are in the military, they think of themselves as a company, and they have a very specific vision of a journalist: as a troublemaker, or someone coming to do PR for them. The work is to break that dichotomy, people respond well if you know what the company does and you’re able to create a dialogue. Plus, they think they’re saving the world, right? That they’re inside this ethical tech club, they’re making the world a better place and they’re proud of what they do. You have an entry point here, because you can reach out to them, and they usually respond.
Of course, as an Israeli I was lucky, I come from a small country in which I am part of the élite: I’m white, I’m Jewish, and I’m from Tel Aviv. While some of my friends decided to go into media, many others did not, so there’s this elitist network all over this small country that you can tap into, which also includes family. But I still get tons of pushback, it’s okay that the people I write about disagree with me and explain that not all surveillance is bad and the like. It’s very important not to hide behind the keyboard, for example by making requests for comments face to face.
There is an urgence to define the ethics of surveillance technologies. How would you discuss that within your group?
The other interesting ethical debate is that not all surveillance is evil. If you were to look at the field there, everyone thinks NSO is terrible. In that sense I have a quite conservative position. I don’t think we should ban spyware and I’ve become convinced that it’s a legitimate form of technology that we want governments to have. We want to be able to track people who smuggle, who turn women into sex slavery, and track revenge porn. We want that technology and we need the law and the international understanding to govern it. What is not legitimate is that military-level technology is being privatised and sold on the market. That is a massive problem.
Governments were responsible for serious abuses. Can journalists or others be targets of legitimate surveillance by law enforcement agencies?
In our ethical debate, we thought spyware is terrible and, post Pegasus project, we realised that all governments use it. Now we’re at the very phase of legal versus not legal, which I find childish. Let’s take the Spanish example: the government lawfully used spyware against the Catalan movement . Whatever your political opinions are, they’re not blowing up buses, you might hate it, but it’s a political movement, not an armed military uprising, right? Then you have the Moroccan spying on the Spanish government, unlawfully we say. So the issue is not about lawfulness, in a context where national security is the skeleton key concept that is being used to justify almost everything. After many investigations, we realised that a lot of surveillance practices are not illegal at all. Instead, it should be shameful for a person to sit in a meeting with the politician and say they also have 500,000 avatars to twist the public debate. The normative approach lacks the ability to create stigmatisation of bad surveillance abuses. We need public debate for that.
In Israel, how the context affects people’s mentality and approach to the idea of technology as a saviour or a threat?
If Edward Snowden ’s case would have happened in Israel and he finds me, saying “I have a great story and I have documents: Israel is listening to everyone”, I’d respond “Great, but what’s the story?”. Israeli society is extremely jaded. People believe they’re under surveillance and they have zero problem with it, because they know the person surveying is their brother or cousin, and they accept that they must give up personal freedoms or that their rights might be exploited. This challenging mentality shapes the background of a lot of our journalistic work.
The second problematic aspect is that it creates an ethical framework in which a lot of Israelis think that whatever is good for Israel, maintains Israel’s security, or improves Israel diplomatic standing is okay. NSO sold surveillance tech to Saudi Arabia, and Saudi Arabia did terrible things with it. It’s fine, because maybe soon Israel will make peace with the Saudi. Pegasus was in the backyard of the Abraham Accords . We call it cyber diplomacy, the focus is not who you sell to or what they do with it, the problem is if it’s good or bad for Israel. This is the only question that matters.
Third interesting point is that all of my sources in all of these cyber firms belong to the Israeli left wing liberal standards: pro Lgbtq+, concerned by the environment, none of them is pro Netanyahu, and in theory they support peace and a government that was advancing a two-state solution of the Israeli-Palestinian conflict. But they think that if these tech trade agreements allow Israel to make peace with the Arab world, it’s a good thing. It’s an extension of a logic that is directly connected to the occupation [of the Palestinian Territories, ndA]. Within the army culture, there’s a say, which is called the good soldier at the checkpoint. Somebody needs to be at the checkpoint, and the question is if it’s going to be a nice white liberal, or an angry racist right winger. And the answer is that it’s always better that it be someone like me. I did go to the army, even though we didn’t support the occupation, because it’s better for us to be there. And this logic continues into the tech space.
And into journalism as well?
The Israeli media is very much connected to the army and the military radio is where a lot of young journalists start. This also makes us very knowledgeable about the military. Organically we’re all experts, we all have inside sources, and so on.
The army’s ability to control the narrative in Israel is reduced because I can always call my cousin, who’s on the front line right now, and he’ll tell me what’s happening. In that sense we’re perceived as a threat because we’re now exposing Israel’s military-industrial complex, and we’re doing it in a way that undermines Israel’s ability to use these technologies for its benefits.
For instance, all of these surveillance technologies are used nonstop in the West Bank, and that’s the elephant in the room: the fact that even for the most liberal Israelis, this is a given. Israelis don’t usually think their army may do something bad. Maybe the government is doing something bad with the army, but they trust the army and all its weaponry. This is extremely problematic, because the Palestinians living in the West Bank are not our civilians, they don’t have rights.
What kind of legal threats did you experience, what measures you implemented for your protection, and what kind of advice can you provide to other newsrooms who are willing to engage in this kind of reporting?
We always have a rigid legal process, even much more than most newspapers in terms of requests for comments. I really recommend telling companies at least a week or two before you’re publishing that you’re writing about them, and to give them the opportunity to meet you off-the-record to set the record straight. What concerns private companies may be different from what you are really interested in. Once you are within that dialogue, you can fact check and set the record straight on things that if you got wrong, you would get sued. We’re two years into this reporting on cybersec and we got zero lawsuits, which I think is a really good sign.
Also, this is really relevant for us, we live in a country with a military censor that has the right to tell me that I can’t publish certain things because they harm national security. It’s not a binding decision and the newspaper can challenge the decision. Ironically, really sensitive material will get flagged at that point: the fact that something will or will not be allowed for publication is actually a really big indicator of whether it’s true or not. So in that sense I can then rebuild my story in a way that it’s fine.
Is there a certain level of self-censorship in this sense when reporting on the tech surveillance industry?
I don’t think it’s self-censorship, not more than any other reporter who works with inside sources. Even if you write about the police right? You have to balance between maintaining your sources within the police but also be critical. But I think it’s the same challenges. Maybe that’s the real challenge: we have to cover the digital world like we cover everything else.
How do you manage your personal and digital safety? What kind of guidelines or protocols do you follow?
That’s the hardest stuff. I have two companies providing high-end, extremely expensive digital defence for me at a pro-bono level. I use a system of codes to maintain my notes, so if you were to open my phone notebook you wouldn’t be able to understand who I’m talking to. We do use 2-step verification. We once did an entire project completely on paper, the worst thing we’d ever done, it was terrible, it drove us crazy. The more you learn, the more you realise how much you’re exposed. You’re constantly updating and changing, but the sad answer is that you can’t stay safe. We have this joke that we like to tell ourselves: remember, in the end it’s going to be in a newspaper! There’s a phase for secrecy, then we have to let it go. And we have kind of reached the point of making peace with the fact that some information may leak.
My final question is more about the psychological burden of doing this work. How do you cope with that, at personal level and at newsroom level?
A lot of journalists go through this kind of ups and downs. As a very internal newsroom dynamic, editors can be very demanding, and you need someone who actually understands you. As an investigative reporter, you step into very scary, crazy worlds. It’s scary to be inside them, but also it’s also very hard to carry the burden of knowledge, and the consequences of being unable to publish and people won’t know anything. If your editor doesn’t understand your urgency and the weight you’re carrying, and is just thinking about headlines and deadlines, then you’re going to reach a bad place. It’s also very important to share, you need other reporters that you can talk with, and I also say that I’m a very big fan of going into therapy. I do go to therapy, and while it’s not stigmatised in Israel, it’s also not that common in the newsrooms. The debate on mental health is now opening, there is a shift to that. And my newspaper has once sent me on vacation, telling me listen, I think you should take a few days off. That is the nice kind of thing that can happen, isn’t it?