More is needed from NSO Group than self-serving claptrap
NSO Group has finally responded to civil society’s continued questions regarding the use of the company’s products in surveillance of journalists and human rights defenders. The Israeli spyware company has faced criticism from multiple organizations for the sales and support of its malware product, Pegasus, to governments who abuse it, including UAE and Mexico.
On July 4, the Business and Human Rights Resource Center (BHRRC) formally requested a response from NSO to reports that Pegasus software had been found on the mobile phones of Mexican journalists and research scientists. This was similar to reports from Saudi Arabia and Turkey, where spyware has been used to infiltrate the devices of private citizens and human rights defenders. Then, on August 3, after reports surfaced that investment firms Blackstone Group and ClearSky were considering acquiring 40 percent of NSO from its current owner, Francisco Partners, BHRRC asked the financial firms to comment on their human rights safeguards.
While Blackstone has yet to comment, NSO, by way of a public relations company, has issued a press release responding to BHRRC’s initial report.
“NSO Group traffics in human rights violations – that’s what we understand from the reports on surveillance victims that are still emerging from Mexico and beyond,” said Peter Micek, Access Now General Counsel.
“For months, journalists, lawyers, and human rights defenders have come forward with horrifying stories of targeting, threats, and harassment. To have NSO Group issue this measly, self-serving statement in the face of a mountain of evidence of human rights violations offends the decency and dignity of their victims,” he continued.
“So many questions are left unaddressed, and this response only raises more: Is NSO still servicing its products in Mexico? Can the victims initiate an ‘official investigation,’ or only the governments NSO sells to? When will the company actually open up and face its critics?”
NSO Group stands to profit off its pending acquisition by Blackstone Group, a major international finance house, according to Reuters.
NSO writes in the statement that its surveillance products are to be used only for “early warning of multiple terrorist attacks, reuniting abducted children with their families, and catching narco-criminals,” and that, “Any other use is a violation of the terms our customers agree to be bound by.” However, as multiple organizations have reported, NSO’s customers — “select governments” — appear to have employed the company’s technology for purposes that stray far beyond these terms of use. We therefore believe that NSO ought to publish its internal documents regarding corporate governance, and be transparent about any violations of terms of use by its customers.
Furthermore, NSO discusses its policy of acting only after “official investigations into the misuse of (its) product” begin, but does not define those terms nor address the apparent conflict of interest in waiting for governments to investigate their own misdeeds. We question whether NSO regularly performs any sort of investigation into misuse of Pegasus software, and request that the company begin publicly announcing future inquiries. NSO should make available its own examinations of service violations, and should interact with its customers to ensure that they also announce any transgressions.
“Anyone investing in NSO Group can no longer ignore its record on human rights,” said Deji Bryce Olukotun, Senior Global Advocacy Manager at Access Now. “The company is making and selling tools that enable spying on individuals through, among other things, sneaky phishing tricks. We question NSO’s implication that it is wholly ignorant about human rights violations that are being perpetrated until it learns about them through news articles and public exposés. These aren’t cheap, shrink-wrapped products that you buy in a knock-off market. They are expensive tools, and NSO has a strong commercial interest in knowing whom it is selling to and how the technology is being deployed on a daily basis in order to maintain and update it.”
Access Now is circulating a petition calling on Blackstone Group to respond publicly here.