scorecardresearch
Follow Us:
Wednesday, August 04, 2021

Project Pegasus: 3 weeks ago, NSO admitted misuse risk, said secrecy barred it from gatekeeping

Prepared on June 30, the policy document said NSO Group has 60 customers — states and state agencies — in 40 countries. Of these, 51% are intelligence agencies, 38% law enforcement entities and 11% military.

Written by Jay Mazoomdaar
New Delhi | Updated: July 22, 2021 7:36:35 am
The Pegasus tool is one of the NSO Group’s mainstay product

Barely a fortnight before the global expose on the alleged misuse of its flagship spyware, Israel’s NSO Group, in a policy document, acknowledged that “the customers for Pegasus are states and state agencies” who may be “tempted to limit fundamental freedoms”.

Prepared on June 30, the policy document said NSO Group has 60 customers — states and state agencies — in 40 countries. Of these, 51% are intelligence agencies, 38% law enforcement entities and 11% military.

Titled ‘Transparency and Responsibility Report 2021’, the policy document identified the potential misuse of NSO Group’s spyware against politicians, NGOs, journalists, lawyers etc among the “most salient human rights risks” associated with it.

These human rights risks, the NSO Group report noted, also include potential misuse “for reasons unrelated to national security or law enforcement, such as in support of litigation or to obtain information that may be embarrassing to individuals” or “by unauthorised personnel associated with states and state agencies”.

60 customers in 40 countries

“There are a wide variety of additional government-driven risks that could flow from our technologies. These could include rights associated with the legal and judicial process, such as freedom from arbitrary arrest and detention and similar abuses… as well as invasions of freedom of thought, conscience and religion, restrictions on freedom of movement or participation in civic life,” the Group said in the report.

Admitting that strict confidentiality restrictions limit its “ability to do much more,” the report said the company “cooperates with states to try to ensure that when abuses occur within their jurisdictions those affected have access to effective remedy”.

The Israeli firm claimed it investigated 12 reports of misuse in 2020 and, between May 2020 and April 2021, “approximately 15% of potential new opportunities for Pegasus were rejected for human rights concerns”. Since 2016, the Group claimed to have rejected over USD 300 million in opportunities as a result of its review process. This includes five customers, worth USD 100 million, who were “disconnected from the system” following investigation of misuse.

As a safeguard, the Group report said, the company requires, at a minimum, human rights compliance clauses in all customer agreements, along with commitment from customers “to only use NSO’s systems for legitimate and lawful prevention and the investigation of serious crimes and terrorism”.

The report, however, admitted that effective monitoring of customer activity remained a significant challenge in the absence of “immediate insight into the use” of its products, adding that a customer is contractually required to provide this information maintained in the customer’s systems logs in a tamper-proof manner. “Refusal to cooperate shall lead to immediate suspension of the customer’s right to use the system,” it said.

The Indian Express wrote to Chaim Gelfand, Vice-President (Compliance), NSO Group, asking if the company has launched an investigation into the latest reports on the misuse of Pegasus across the world and if its conclusions will be made public. A response is awaited.

Claiming that allegations of misuse amounted to less than 0.5% of the instances in which the

Pegasus system was used by its clients over the last three years, the NSO Group said it pre-barred over 55 countries as clients for reasons such as human rights, corruption, and regulatory restrictions.

The Group report claims the firm is strictly monitored by the Defense Export Controls Agency under the Israeli Ministry of Defense for licensing of Pegasus and its application for export licences were denied “in quite a few cases”. The company also exports its products from Bulgaria and Cyprus.

The Group claims to have completed reviewing 10 of 12 reports of misuse received in 2020. Of these, three were found to be actionable. While “additional mitigation measures” were implemented in two cases, NSO Group terminated relationships with one end-customer. For the remaining seven, the Group’s preliminary review “could not identify sufficient information to conduct investigations” or found the misuse report to be unrelated to company products.

In a media release Wednesday, NSO Group reiterated that “the list (of phone numbers published by a consortium of media houses) is not a list of targets or potential targets” of Pegasus.

“Enough is enough! In light of the recent planned and well-orchestrated media campaign led by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter,” the release stated.

📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines

For all the latest India News, download Indian Express App.

  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by indianexpress.com.
Advertisement

Advertisement
Advertisement
Advertisement