Lawyers and experts have unveiled the methodological and scientific shortcomings of approaches adopted by Citizen Lab, Amnesty International, and Forbidden Stories regarding the alleged use of Pegasus software by some countries.
North American lawyers specializing in handling cybersecurity cases highlighted, Saturday in Tangier, the legal inadmissibility of the “pseudo-evidence” contained in reports by these organizations on the use of Pegasus software.
This came at hearings organized by Morocco’s Personal Data Protection Committee (CNDP) with the participation of scores of national and international technical experts who presented and shared their analyses and conclusions, based on rational methodologies and proven facts.
The American lawyer at the New York bar, Tor Ekeland, explained that the so-called evidence provided by these organizations was “inadmissible” by a US federal court because it was based on “junk science.”
“The first thing a US court does in reviewing scientific evidence is to see if that evidence meets the principle of reproducibility,” he said. However, he noted, the Citizen Lab results are not reproducible in any way, which is in itself a “red flag”.
Moreover, he added, “the first thing I noticed in this case is the particularly vague and ambiguous nature of the conclusions of Amnesty International (…)”
The report of these organizations merely cites “traces” of an alleged Pegasus presence, without giving any explanation as what these traces mean, Ekeland noted.
“What Amnesty and Citizen Lab are doing is, in my opinion, very dangerous, because they are promoting a kind of junk science and making accusations that they can’t back up (…),” he said.
New York-based Canadian lawyer Michael Hassard, who also specializes in computer science, explained that when scientific evidence is submitted for analysis, it can often be subject to “confirmation bias”.
“When fingerprints were first used in forensics, they were subject to this confirmation bias, and the same thing happened with hair analysis, dental records and even DNA analysis,” he recalled.
In this regard, he cited the book dealing with this issue and published by the lawyer of the American organization The Innocence Project, Chris Fabricant, entitled “Junk Science and the American Criminal Justice System”.
Scientific methods of analyzing evidence in cybersecurity and computer science are relatively new and far from foolproof, Hassard stressed.
The two lawyers concluded that it is important to establish ethical standards when it comes to methodologies in such cases.
US Computer Scientist Jonathan Scott on his part affirmed that Morocco is beyond reproach in the Pegasus case.
Scott underlined the methodological and scientific shortcomings in approaches by Citizen Lab, Amnesty International, and Forbidden Stories, which led them to adopt incorrect results.
He explained that analyzing an iCloud backup from the alleged victim’s phone is insufficient evidence to determine the existence of malware, and that only a complete examination of the physical phone can lead to the detection of a spyware.
The U.S. expert revealed the futility of MVT utilized by Citizen Lab to accuse Morocco of using Pegasus.
When Amnesty International discovered the MVT fault, it simply removed the expression “false positives” from its reports without informing the public, Scott said, adding that he has the original, unmodified version.
He said that Morocco is being accused of serious acts and is being denied the ability to defend itself, notably the ability to examine the evidence.
In the same vein, Head of CNDP Omar Seghrouchni said that the Pegasus accusations are “based on erroneous technical assessments” and premature assumptions in an attempt to accuse specific countries.