Last week, the US government blacklisted Israel’s NSO Group for engaging in “transnational repression” and “activities contrary to the national security interests of the United States.” These are serious charges. The uproar over NSO’s Pegasus spyware software has intensified since a July global investigative report revealed that Pegasus is being used by various governments (including repressive regimes) for surveillance of activists, journalists, political rivals and critics.
Pegasus is powerful. It is capable of reading text messages, accessing calls, discerning passwords, tracking locations, using a device’s microphone and camera, and collecting information from apps. In short, it provides virtually full access to a user’s data.
Not surprisingly, NSO maintains that Pegasus is an indispensable security tool, and that it requires customers to use its products only for criminal and national security investigations.
Responding to the American measures, a spokesperson claimed that NSO has “the world’s most rigorous compliance and human rights programs.” But just hours later, a Hungarian official confirmed that his government had purchased Pegasus software amid credible reports that the Hungarians use it to target reporters, business people, and opposition politicians.
Some in the tech industry have already rendered a verdict. Amazon Web Services has shut down NSO accounts. Facebook is suing NSO for allegedly hacking 1,400 WhatsApp clients. A prominent Israeli cybersecurity veteran has even called on tech companies not to hire former employees of companies like NSO.
Others claim that this is all politics, that NSO is being unfairly targeted as part of the broader campaign to delegitimize Israel. Numerous Israelis are persuaded that NSO is offering a product that is unremarkable in the world of spying, and that the outcry is only because NSO is Israeli. Many also think that the ethical responsibility for any harm that might be caused lies with those who buy and deploy the product, not with those who create and sell it.
But the US declaration raises the stakes for those who seek to dismiss the Pegasus controversy. Put simply, there is a clear-cut case to be answered. Troubling allegations regarding the conduct of Israeli companies should never be lightly dismissed, especially in a nation that aspires to ethical excellence.
All of this raises key questions: What does Judaism have to say on the issue? Where are the rabbis? How can it be that a high-profile public matter with international human rights implications is seemingly all but ignored by the teachers of Judaism? Judaism is obviously far more than kashrut regulations and ritual observance. It is a system of collective wisdom, especially when it comes to comportment. It cannot be silent when Jews are potentially involved in halachic misconduct that could hurt the innocent.
A thousand years ago, Rabbeinu Gershom issued a cherem (ban) against the unauthorized reading of private letters. That cherem is still in place, and today would forbid intentionally eavesdropping on private telephone conversations or monitoring private data. Depriving somebody of privacy is prohibited even if the targeted party suffers no adverse consequences, let alone if the surveillance results in financial or physical injury, or in personal information being revealed.
Jewish law makes exceptions to Rabbeinu Gershom’s ban where there are well-founded criminal or security concerns. But the decision as to whether such grounds exist is not up to those who have an interest in circumventing the ban. In the 13th century, Rabbi Shlomo ben Adret pointed out that the ban was instituted “to ensure that Jewish people act in a correct and modest manner.” Therefore, Adret wrote, if, in a certain situation, a court determines that violating privacy is unavoidable for worthy purposes, the court could authorize an exemption.
The default position is that the ban on privacy violation must be respected unless it can be shown that there is a compelling case to override it. The idea that Jews might facilitate invading the privacy of journalists, political rivals, and critics of the powerful – where there is no evidence that these individuals have done anything wrong – represents an ethical infraction that runs counter to Jewish law.
When it comes to perusing the contents of somebody’s phone, and weaponizing it to spy on them, Jewish law requires that those who propose such a course must demonstrate that a failure to intrude would lead to peril. Any spyware with safeguards so lax that transgressing Rabbeinu Gershom’s ban can become the normative behavior of those who deploy the software, functions in a manner that is at odds with Judaism.
Those who suggest that it is the Pegasus users who are guilty of misconduct, and not NSO, ignore Jewish sources that do not let weapons manufacturers off the hook.
“Jewish law recognizes that indiscriminate sale of weapons cannot fail to endanger the public,” Rabbi David Bleich wrote. “It is precisely because ‘morally blind’ criminals are disposed to crime that Judaism teaches that it is forbidden to provide them with the tools of their trade.” Weapons sellers do not have the luxury of evading moral responsibility for how their weapons are used.
It will not do to respond that “everybody does it” or that NSO is being unfairly targeted. Judaism expects more. It expects that businesses run by Jews will strive to have exemplary ethical standards with meticulous plans to protect the innocent, not to make them more vulnerable. It expects that Jewish businesses will be leaders in raising international ethical norms. It expects that human considerations will always outweigh the pursuit of financial gain.
The insights of Jewish tradition contain vital correctives with the potential to be more impactful in our digital age than ever before. It is that moral vision of a Judaism that insists on the pursuit of public virtue that our rabbis would do well to champion.
The writer, a rabbi, is foundation scholar at the Jewish Federation of Greater Pittsburgh. He divides his time between Pittsburgh and Jerusalem.