Media coverage: The RegisterThe GuardianBBCWiredABC News, and The International Business Times.

Privacy International (PI) has filed a criminal complaint with the National Cyber Crime Unit of the United Kingdom’s National Crime Agency, requesting police investigation into allegations that the computer and telecommunications data of Bahraini democracy activists were subject to unlawful surveillance. Allegedly, Bahraini authorities employed FinFisher software, a surveillance malware that allowed them to access the computer of Moosa Abd-Ali Ali, Jaafar Al Hasabi and Saeed Al-Shehabi.

PI alleges in their police complaint that this interception of data is illegal under section 1 of the United Kingdom’s Regulation of Investigatory Powers Act 2000. Further, it argues that Gamma International, the company that produces and markets the software, acted as an accessory that assisted the crime. PI undertook similar action in  February 2014 when a UK-based Ethiopian activist Tadesse Kersmo cited Citizen Lab findings in a report titled “You Only Click Twice: FinFisher’s Global Proliferation” to allege that his computer had been unlawfully infected with a FinFisher Trojan.

The October 2014 complaint cites reports authored by Citizen Lab on the presence of FinFisher in Bahrain, as well the global proliferation of the software. Research suggests that FinFisher is employed by government agencies in nearly twenty-five countries, including Australia, Bangladesh, Ethiopia, Vietnam and the United States.

Marietje Schaake, Dutch member of the European Parliament, submitted a series of written questions to the European Commission regarding the export of FinFisher technology to Bahrain. The questions, submitted on October 29, also probed the Commission’s assessment of whether the alleged spying violated the territorial sovereignty of the UK and other EU member states.