U4 Anti-Corruption Resource Centre

This Anti-Corruption Helpdesk brief was produced in response to a query from a U4 Partner Agency. The U4 Helpdesk is operated by Transparency International in collaboration with the U4 Anti-Corruption Resource Centre based at the Chr. Michelsen Institute.


Please provide a summary of the corruption risks and threats of surveillance malware, particularly when it is used against anti-corruption activists. What can be done to mitigate these risks?

The capabilities of modern surveillance software allow for the monitoring and tracking of people on a mass and automated scale (Richards 2013). Recent trends include “zero click” technology that allows spyware to be downloaded onto a device without the need for the victim to click on a link, and then provides unfettered access to the device’s camera, microphone, and other personal data. This unprecedented level of intrusion has been condemned as a breach of fundamental human rights, such as freedom of expression and privacy (UN 2019).

Currently, there is little transparency regarding the development and acquisition of these technologies. Studies show that technology companies developing surveillance software are just as likely to sell this software to autocratic states and criminals as they are to democratic governments (Schächtele et al. 2022). This is a concern as authoritarian regimes frequently claim that journalists, dissidents and human rights activists are criminals or a national security threat to justify subjecting them to intrusive surveillance (Corera 2021). Where civil society groups are targeted and intimidated by spyware, it reduces their capacity to hold governments to account and investigate cases of corruption, and it can lower political participation and undermines democracy.

International organisations, civil society and researchers have proposed several measures to mitigate the negative effects of spyware. Civil society and journalists have an important role in uncovering cases of spyware targeting activists, supporting the victims and advocating for change. Other safeguard measures include legislative actions to regulate the development and deployment of this software as well as its purchase and sale. Finally, to support and protect the work of civil society, international donors can provide funding for cybersecurity to be embedded into development and humanitarian aid projects.


  1. Background
  2. Examples of surveillance malware
  3. Opportunities for corrupt practices
    1. The development and acquisition of surveillance malware
    2. The deployment of surveillance malware
    3. Case studies
  4. Development projects and surveillance malware
  5. Risk mitigation of surveillance malware
    1. The role of civil society
    2. Strengthening export controls
    3. Increasing regulation and oversight of the use of surveillance software
    4. The role of international donors
  6. References


Caitlin Maslen (TI) [email protected]


Andrea Rocca and Matthew Jenkins (TI)

Pauline Lemaire (CMI)




Close search

Responsive versions of the site in progress.