Israel must revoke the export license of NSO Group whose spyware products have been used in malicious attacks on human rights activists around the world, Amnesty International said ahead of the latest court case to embroil the tech firm.
The best way to stop NSO’s powerful spyware products reaching repressive governments is to revoke the company’s export license.
Danna Ingleton, Deputy Director of Amnesty Tech.
On Thursday, a judge at Tel Aviv’s District Court will begin hearing arguments as to why Israel’s Ministry of Defence (MoD) should restrict the activities of NSO Group. The firm’s Pegasus software has been used to target journalists and activists across the globe – including in Morocco, Saudi Arabia, Mexico and the United Arab Emirates.
“NSO continues to profit from its spyware being used to commit abuses against activists across the world and the Israeli government has stood by and watched it happen,” said Danna Ingleton, Deputy Director of Amnesty Tech.
“The best way to stop NSO’s powerful spyware products reaching repressive governments is to revoke the company’s export license, and that is exactly what this legal case seeks to do.”
The legal action is being brought by approximately 30 members and supporters of Amnesty International Israel and others from the human rights community. The action is supported by Amnesty International as part of a joint project with New York University (NYU) School of Law’s Bernstein Institute for Human Rights and Global Justice Clinic.
“In authorizing exports by NSO –a company that has sold its invasive software products to governments known to abuse human rights—the Ministry of Defence has failed in its human rights law obligations to protect the rights to privacy, freedom of expression and freedom of opinion,” said Sukti Dhital, Executive Director of the Bernstein Institute for Human Rights.
Last week, the Ministry of Defence asked the judge to dismiss the case, or if it proceeds to grant a gag order to restrict reporting on national security grounds.
“It is overwhelmingly in the public interest and for press freedom that this case is heard in open court. The Ministry of Defence must not be allowed to hide behind a veil of secrecy when it comes to human rights abuses,” said Danna Ingleton.
Digital attacks
The hearing is the latest legal action involving NSO Group. Last October, Facebook announced it is suing NSO Group after the firm exploited a vulnerability in WhatsApp to target at least 100 human rights defenders.
Amnesty International and others have documented the repeated use of NSO Group’s Pegasus spyware to target civil society and stifle freedom of expression. In October 2019, Amnesty uncovered targeted digital attacks using Pegasus against two prominent Moroccan human rights defenders – academic and activist Maati Monjib and human rights lawyer Abdessadak El Bouchattaoui.
In August 2018, an Amnesty International staff member received a message which contained a link purporting to be about a protest outside the Saudi Arabian embassy in Washington. It was sent at a time when Amnesty International was campaigning for the release of Saudi women human rights activists. If clicked, the link would have secretly installed NSO malware, allowing the sender to obtain near-total control of the phone.
Previous research also exposed the use of Pegasus to target at least 24 human rights defenders, journalists and parliamentarians in Mexico; Saudi activists Omar Abdulaziz, Yahya Assiri, Ghanem Al-Masarir; award-winning Emirati human rights campaigner Ahmed Mansoor; and allegedly, murdered Saudi dissident Jamal Khashoggi.
Surveillance abuse
NSO Group claims it helps governments fight terrorism and crime, but it has failed to rebut mounting evidence linking its products to attacks on human rights defenders.
Although the company says it undertakes a rigorous review before sales of its products, these claims lack detail and, considering the number of attacks on civil society, appear to have been ineffective in numerous cases.
Despite announcing a new ‘Human Rights Policy’ in September, NSO has not accepted responsibility for the multiple reported instances of misuse of its surveillance technologies.
States have an obligation to protect human rights in the context of corporate activities, including through regulation and oversight. All companies have a responsibility to respect human rights throughout their operations and supply chains. This means they must avoid causing or contributing to human rights abuses and take steps to identify and address human rights risks in their operations.