In the context of Modi government snooping on diplomats, activists, political opponents and the media, U.S. lawmakers are growing increasingly alarmed by reports that the Israeli firm NSO Group leased military-grade spyware to authoritarian regimes around the world, who allegedly used it to hack the phones of politicians, journalists, human rights activists and business executives.
Rep. Tom Malinowski, who has been at the forefront of demands that Saudi Arabia be held accountable over the murder of Jamal Khashoggi, told Haaretz that he is considering legislation aimed at regulating the private spyware industry. “I’ve been following this for a while, so I’m not at all surprised that the reporting has uncovered evidence of what any rational person would have assumed to be true given the NSO Group’s client list and potential uses of sensitive technology,” the New Jersey Democrat said.
“I’m glad it’s getting the attention it deserves because this is an industry that is currently completely unregulated — which is a scandal in itself. This kind of sensitive hacking and surveillance technology should not be sold by private companies to the highest bidder on the open market,” Malinowski added. “The problem goes well beyond one company. There’s an industry that has been created to meet a demand for this technology and it’s enabled by the lack of regulation. What they are doing is technically legal; the point is it should not be,” he noted.
Malinowski, who serves on the House Foreign Affairs and Homeland Security Committees, said NSO Group needs to come clean following the company’s firm rejection of the revelations. “The categorical denials, combined with a refusal to provide any information about who their clients are, should be unacceptable to the U.S. government and other governments seeking to prevent the proliferation of this technology,” he said, adding that “their denials suggest either unbelievable credulity or arrogant dishonesty. “A fundamental principle should be that authoritarian governments cannot receive this kind of technology. What NSO Group is saying right now is equivalent to saying ‘we sold silencers to the mafia, but don’t worry, they’re only using it for target practice,” Malinowski continued. “I don’t care what promises are signed on a piece of paper, these are governments that do not distinguish between dissent and terrorism.
When they say they will use the technology against terrorists, they are saying they will use it against journalists.” “I do think responsibility is first and foremost with the United States government. I’d love to see Israel work with the U.S. and other democratic countries to establish some rules governing this trade, but I wouldn’t expect the Israeli government to do this alone,” said Malinowski, who also previously served as Assistant Secretary of State for Democracy, Human Rights, and Labor. “The U.S. should lead this effort, and I expect this to be the case moving forward.” While Malinowski is calling for the swift development of rules that would enable companies like NSO Group to be held accountable, he notes there are already tools that can be implemented — namely the Khashoggi Ban, a sanction and visa restriction established by the Biden administration that would target anyone believed to have targeted dissidents outside the borders of their country on behalf of a foreign government.
“The U.S. does have tools to prohibit companies and investors from doing business with entities like NSO Group. Sanctions should be explored and possibly implemented. We can’t deal with this on a case-by-case basis, however,” Malinowski said. “We need much more clear rules for the industry that signal that people cannot be monetizing their talents by selling sensitive technology to authoritarian states. Malinowski is not the only U.S. lawmaker to call for action following the reporting on NSO Group. Sen. Ron Wyden, who has previously called for investigations into whether technology sold by NSO Group and other foreign surveillance companies was involved in the hacking of U.S. citizens, raised the topic during a Senate Intelligence Committee hearing this week.
“There’s got to be some accountability for spies for hire. And that is going to be a central part of this discussion,” Wyden said, echoing his comments to the Washington Post that “these spy-for-hire firms are a threat to U.S. national security, and the administration should consider all options to ensure that federal employees are not targeted.” A U.S. State Department official told Haaretz that they have no announcements concerning visa restrictions. “The United States condemns the harassment or extrajudicial surveillance of journalists, human rights activists, or other perceived regime critics,” the official said.
“Just as states have the duty to protect human rights, businesses have a responsibility to respect human rights. Thus, they should ensure that their products or services are not being used by end users to abuse fundamental freedoms,” the official added. Rep. Joaquin Castro, a member of the Permanent Select Committee on Intelligence and vice chair of the House Foreign Affairs Committee, called on Congress to investigate “this threat to democracy,” adding that his office is working with the San Antonio-based family of Paul Rusesabagina, currently imprisoned in Rwanda. His daughter’s phone was among those hacked by NSO Group’s Pegasus spyware, according to The Guardian.
He said he did not want to speculate without evidence regarding linkage between NSO Group‘s client list and countries with whom Israel improved diplomatic ties under former Prime Minister Benjamin Netanyahu, but noted that he “would assume if the Israeli government assumes export licenses, that it knows where products are being exported to.” Democratic lawmakers have called on the Biden administration to consider placing NSO Group on an export blacklist, saying that recent revelations of misuse reinforced their conviction that the “hacking-for-hire industry must be brought under control”.
The statement by four members of Congress followed reports by the Pegasus project, a collaboration of 17 media organisations including the Guardian, which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world. The leak at the heart of the Pegasus project contained tens of thousands of phone numbers of individuals who are believed to have been selected as candidates for possible surveillance by clients of NSO. The numbers included those of heads of state such as the French president, Emmanuel Macron, government ministers, diplomats, activists, journalists, human rights defenders and lawyers.
NSO has also said the data has “no relevance” to the company, and has rejected the reporting by the Pegasus project as “full of wrong assumptions and uncorroborated theories”. It denied that the leaked data represented those targeted for surveillance by the Pegasus software. NSO has said the 50,000 number is exaggerated and said it was too large to represent individuals targeted by Pegasus. The company has also said that its government clients are contractually mandated to use Pegasus to target suspected criminals and terrorists and has said it would investigate any allegations of abuse.