The laws in many Latin American countries haven’t kept pace with the increasing power of surveillance technology, creating the potential for serious abuses, according to a new report from a privacy watchdog.

Despite recent revelations of widespread use of spyware capable of infiltrating phones and computers by many governments in the region — including, in some instances, against political opposition and journalists — not a single Latin American country surveyed in the report has specific laws on the use of such invasive technology. Many countries, including Brazil, Colombia, Chile, and Mexico, require companies to log detailed data on their customers and give law enforcement access to the information on demand. Colombia has a ban on encryption, and El Salvador requires communications providers to decrypt traffic at the government’s demand.

The report, written by researchers for the San Francisco-based Electronic Frontier Foundation, looked at surveillance laws in 12 countries in Central and South America. It opens with a stark reminder of what is at stake: a history of the collaboration among military dictatorships in Argentina, Chile, Paraguay, Bolivia, Uruguay, and Brazil in the 1970s and ’80s known as “Operation Condor.” Files discovered later documented torture, disappearances, imprisonment, and executions, enabled through a regime of informants and surveillance.

Many intelligence agencies in the region were formed under these military dictatorships, and even after transitioning to democratic rule, most Latin American countries maintained strong executive branch powers “without well-placed controls or public oversight mechanisms.” Given the power vested in many presidents in the region, the report says, “intelligence agencies in Latin America have been powerful tools in presidential politics, specially used to spy on dissident groups, opposition politicians, or independent journalists.”

Colombia’s national security agency under former President Álvaro Uribe was found to have illegally wiretapped calls and hacked the emails of his political opponents. The revelation of the scandal in 2011 led to the dissolution of the agency and various reforms — though the authors of the EFF report still think the country’s broad intelligence law leaves room for abuse.

“We’re especially concerned with laws requiring data retention on the whole population for future use by law enforcement,” said Katitza Rodriguez, one of the authors of the report. “Colombia has a retention period of five years, and there are no clear rules of who can access the data and how it will be deleted after the fact.”

While Mexico’s Supreme Court recently put some safeguards on the country’s data retention law, limiting who could access the information, Paraguay was the only country EFF found that had rejected data retention policies entirely.

