Israeli spyware abuse
How to put profit before people
IThe world must not allow NSO Group to profit from human rights abuse.
SRAEL is in the news again. For yet another very bad reason. A collaborative investigation by Amnesty International, Forbidden Stories, a French journalism advocacy group, and 17 media companies into the use of Pegasus, an Israeli spyware, reveals a global human rights abuse of politicians, journalists and activists. Titled “The Pegasus project”, the report points to 10 governments being the clients of NSO Group, the Israeli manufacturer of the spyware. Happily, the Malaysian government isn’t one of the clients which the British newspaper, The Guardian, calls “authoritarian regimes”. The Guardian is one of the 17 media companies collaborating on “The Pegasus project”. How close to the truth the project is entails taking a look at what Hungary’s far-right government of Prime Minister Viktor Orban is up to, which is said to be a client of NSO Group. There, Pegasus the cyber weapon, as some experts call it, has a happy client. Orban, who is waging a war on the media, uses Pegasus in an invasive way. First, targets such as investigative journalists and independent media owners are identified. Next, the spyware is used to hack into the devices of the owners. Then on, everything is an open book to NSO Group’s clients. Every piece of content on the device, even messages with end-to-end encryption, photo album, location and what-have-you. Even if the iPhone or Android device is switched off, Pegasus records and reports everything you say and do.
Never has privacy been attacked so invasively before. NSO Group cannot pretend to not know this as its media statements often claim. Most recently, reacting to The Guardian’s revelation, NSO Group said it doesn’t operate the systems that it sells to its vetted government clients, and it is not given access to data of their targets. We join the 19 organisations of “The Pegasus project” to say this: Nonsense. It is not the vetting or the targets’ information that is in guilty play here, but the system designed by NSO Group. After all, didn’t NSO Group make the claim that Pegasus will make mobile devices an open book? The world must not allow NSO Group to profit from human rights abuse. NSO Group cannot plead ignorance. It designed a system to invade privacy. The United Nations Guiding Principles on Business and Human Rights are clear. Companies are prevented from causing or contributing to human rights abuses wherever they operate.
As recently as April 27, Reporters Without Borders, and eight other non-governmental organisations sent a letter to NSO Group accusing it of failing to keep many of the undertakings it had given to them to respect and implement the UN guiding principles. NSO Group’s recalcitrance is nothing new. It promised the same on Dec 23 to Citizen Lab, a centre that investigates technology threats to human rights. UN guidelines may have the bark, but not the bite. The European Commission may have to wave the stick at Novalpina Capital, a European company with a majority stake in the group. Governments, too, must act in concert against cyber weapons manufacturers like NSO Group and its shareholders. But first, they must put in place a legislative framework that imposes legal restrictions on cyber abuses as the United States has done. The 1986 Computer Fraud and Abuse Act that makes unauthorised access of devices illegal may be a good model. Next, is to do a “WhatsApp” on NSO Group. Take it to court.