Skip to main content


November 26, 2022 | Expert Insights

The pandemic brought a paradigm shift in the way we engage with the internet on a day-to-day basis. As the web intrudes on every aspect of our lives, our exposure to digital surveillance becomes a real threat to our privacy and freedom of speech.

It is no secret that the state is increasingly using electronic surveillance techniques to keep an eye on its citizens. This phenomenon is not entirely the preserve of authoritarian regimes but is increasingly also being used by democracies, albeit at a lesser scale and somewhat less blatantly.


State surveillance of its citizens is not new, and during wars, established democracies like the U.S. and Great Britain were not immune from pressing their state organs into service to keep an eye on the citizenry. However, the internet is on an entirely different level, and its vulnerability to intrusion makes it an idle tool to snoop on actual, perceived, and potential troublemakers in a country. Now the authorities have exponentially scaled up their prowess and agility in the cyber domain to maintain order and keep watch.

In the last decade itself, there have been cases of misuse of spyware in more than 65 countries, raising questions on the fundamental right of a citizen to privacy. As digital surveillance tools and spyware proliferated exponentially, a lucrative grey market emerged where both state and non-state entities shopped extravagantly. Using software linked to AI-assisted search engines, state agencies surreptitiously collected a humongous amount of data on individuals in the name of national security justified by the adage “the needs of the many before the needs of the one". The lack of a legal framework, an opaque system of checks and balances, poor accountability and a lack of oversight allowed law enforcement agencies to run amok. From AI-powered face recognition and surveillance cameras to restricting internet access and monitoring social media activity, there seems to be no way out of this incessant spying; the question remains – who watches the watchmen?

The Iranian experience is particularly interesting. The internet first arrived in the country in 1993. On July 9, 1999, a peaceful protest by students of Tehran University was crushed brutally by law enforcement, and several protestors died in police custody. The news went viral on the internet, triggering a nationwide student protest. This was a new experience in a controlled society like the Islamic Republic of Iran, and the ruling clergy was initially unable to comprehend the power of the web. However, within a week, the paramilitary Islamic Revolutionary Guard Corps (IRGC) restored the situation in their own inimitable style.

The Iranian regime was quick to put in place an elaborate mass surveillance system and state control of internet providers, a practice that grew more and more stringent with the horizontal proliferation of internet applications and the vertical proliferation of internet providers. 

The ongoing Hijab protests have also relied mainly on the internet to spread messages and organise flash protests, despite the state doing its utmost to control the digital space. Technological advancements in video-capturing and social media platforms that provided the Iranian civil dissent movements in 2014, 2019, and 2022 with their worldwide audience are once again being used by the regime as evidence to catch and try dissenters, while the internet bans veil the actions of law enforcement from the scrutiny of the international community.



The technological origin of the spyware prevalent with national governments today is varied, from software companies in Canada, the US, Israel, France, China, and Russia, among others. The users of spyware are even more varied, with a list that includes the United States, Italy, India, Saudi Arabia, Sudan, and the UAE, amongst many others. In 2022, 27 European Union countries were investigated by the European Commission for extra-legal usage of spyware on civilians.

At a cursory glance, Iran's abuse of internet bans and surveillance methods during the protests might seem less threatening than an outright application of spyware such as Pegasus and Black Cube in democracies. However, both fall under the increasingly complex debate between state security and civilian privacy. The internet is a powerful multiplier, as was visible in the Black Lives Matter movement of 2020, and many social movements seek to capitalise on its inherent amplification powers. As the women of Iran came under attack, the internet bans and state surveillance of social media allowed the regime to target the strongest leaders and activists of the movement, a tactic that achieves the same effects as the misuse of spyware does. Additionally, due to a lack of substantiated evidence, the facts of the movement are being easily fudged, restricting international support and response.

What variables hinder a government from turning its spyware and surveillance capacities inwards? Efficient and timely regulation, perhaps even a code of conduct, would be the first logical step. However, the exploration of rules on this issue has been reluctant and asymmetric, with the burden largely falling on international and regional organisations, which have little real authority within sovereign boundaries. Additionally, a deficiency of cross-functional expertise that can provide evidence-based analysis and advice to governments is a leading cause of reduced civilian oversight in this area.

Technology-savvy and innovation-inclined Denmark has shown a way. The Danish government’s initiative towards creating technology diplomacy stands to innovate foreign policy in tune with the needs of the times. Tech diplomacy, as envisaged by the Danes, seeks out a space for socially conscious adaptation of technological tools like spyware by equalising the ethical burden on the shoulders of both tech companies as providers and governments as customers.

There is a tendency with technocrats to value national security over human security and dignity. However, to retain sanity and the most basic human values in our society, irrespective of the nature of our political system, the state must realise that both are intricately entwined and cannot be judged separately, especially in the cyber domain.


  • A government's leanings, whether authoritarian in the 2020s or democratic in the 1970s, does not significantly affect its intention to implement state surveillance. Given a chance, both will opt for the easy route of covert electronic surveillance, with or without legal sanctions.
  • As a government builds their idea of the “nation”, which is at times defined as an exclusive group, they become compelled to protect this idea of exclusivity with stronger efforts towards defence that possibly disregard civil liberties. Given the right catalysts, it becomes easier for governments to cross a line that is already quite blurred and lacks regulations and transparency.
  • Effective regulation, civilian oversight, and technological diplomacy are some of the pathways towards a more transparent national and cyber security domain.