Has NSO finally been caught violating human rights?

Human-rights groups and governments alike have investigated NSO for alleged human rights violations using its technology known as The Pegasus Project. Is this the final straw?

JULY 20, 2021 13:25

Computer hacking (illustrative) (photo credit: REUTERS) — Computer hacking (illustrative)

(photo credit: REUTERS)

Some 50,000 phone numbers belonging to journalists, human rights activists, and others living in countries known to spy on their citizens have been compiled by the Pegasus Project report, it was revealed over the weekend. This is not the first time the NSO Group Technologies’ hacking spyware, Pegasus, has been accused of being used to violate human rights.

While the Herzliya-based company says its software is used exclusively by governments and intelligence agencies use to hack the cell phones of terrorists, drug rings and pedophiles, Amnesty International and other human-rights groups have long accused NSO of selling its services to governments that abuse human rights.

Among them, NSO’s Pegasus has been fingered for playing a role in the murder of Saudi dissident Jamal Khashoggi by agents of the Saudi government in 2018.

SECURITY SURVEILLANCE monitors. Privacy advocates argue that even if the official transfer of data does not identify individuals, anyone who wants to abuse the information to invade an individual’s privacy can do so with ease (photo credit: KAI PFAFFENBACH/REUTERS)

Facebook has also sued NSO in the United States for exploiting a flaw in WhatsApp messaging service to hack 1,400 users. The US Justice Department, among others, is also said to be investigating the company.

NSO has repeatedly denied any role in these and other attacks, saying it only sells its technologies to law enforcement and intelligence agencies of vetted governments for the purpose of saving lives. The company has also claimed success in blocking ISIS terror attacks and cracking drug and pornography rings in Europe, Africa and Oceania.

In 2020, the Tel Aviv District Court rejected Amnesty’s lawsuit to cancel NSO’s export license, saying that the Defense Ministry’s process for vetting NSO clients was sufficient.

However, the Pegasus Project, a collaboration by more than 80 journalists from 17 media organizations in 10 countries, says it has found the smoking gun proving the company’s connection to dangerous regimes. It says that 50,000 phone numbers of potential surveillance targets were gathered by potential NSO clients in 11 countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates.

While being included on the list does not necessarily indicate that a person’s device was infected with the spyware, Pegasus Project partners believe the list identifies potential past and future surveillance targets.

Close up of a man using mobile smart phone (photo credit: INGIMAGE)

“The Pegasus Project lays bare how NSO’s spyware is a weapon of choice for repressive governments seeking to silence journalists, attack activists and crush dissent, placing countless lives in peril,” said Agnès Callamard, Secretary-General of Amnesty International, which says it conducted forensic tests on mobile phones where it identified traces of the spyware.

“These revelations blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology,” Amnesty said. “While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse.”

NSO denied the report’s charges vociferously, saying it “is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources.” The company recently began making efforts to clear its reputation, and last month it released its first Transparency and Responsibility Report as a foray “into the public conversation about the interplay between public safety and security, and the preservation and protection of human rights.”

“This Transparency and Responsibility Report illustrates for the first time, and in deep detail, how NSO Group strives to guarantee that our products are used as intended – safely, effectively and ethically, and it further describes what options are available to us if we find that one of our customers has acted in bad faith, despite our extensive vetting process, by using one of our tools to monitor the electronic communications of someone who falls outside a prescribed investigative scope,” NSO Group Founder and CEO Shalev Hulio wrote in the report.

The company added that it had refused contracts worth as much as $300 million in cases where the client did not pass its human rights-focused due diligence process.

Amnesty was not impressed by NSO’s counterclaims. The Pegasus Project demands that “as a first step, NSO Group must immediately shut down clients’ systems where there is credible evidence of misuse,” along with an immediate moratorium on the export, sale, transfer and use of surveillance technology.