Suspects accused by the state to have taken part in the filming of BBC documentary Blood Parliament now allege that the Kenyan government secretly installed surveillance software on their devices while they were in police custody.
A forensic analysis by the University of Toronto’s Citizen Lab confirmed that the phone of one suspect, Nick Wambugu, was infected with the commercial spyware FlexiSPY during the period it was held by authorities.
According to the report, police seized Nick’s phone on May 2, 2025, and returned it on July 10, 2025. Citizen Lab found that FlexiSPY was installed on May 21, 2025, at 17:17 GMT while the device was still in state custody.
FlexiSPY, a powerful surveillance tool, can secretly record calls, read messages, track locations, take screenshots, activate microphones, and even alter or delete data. It has been previously linked to operations against activists, journalists, dissidents, and criminal networks.
Citizen Lab based at the Munk School of Global Affairs & Public Policy specializes in uncovering digital threats targeting civil society. While the lab confirmed the spyware’s presence, it warned that other forms of surveillance or tampering could also have occurred during the period the phone was held.
The four filmmakers associated with Blood Parliament were arrested in May 2025 and detained at Muthaiga Police Station, just days after the BBC aired its 40-minute exposé on how Kenyan security forces opened fire on anti-tax protesters outside Parliament in June 2024, killing and injuring several people.
The Directorate of Criminal Investigations (DCI) later arraigned the suspects under a miscellaneous application that remains ongoing. They are currently out on bail under court-imposed conditions.
The matter was scheduled for mention today but did not proceed as the trial court was not sitting. It shall be mentioned on 15 September 2025.
