NSO Group has always shied away from the misuse of its Pegasus spy software. The company claims that it does its best by controlling in advance who it gives its tool to, but that it cannot monitor the “highly sensitive” use that is made of it.
If the “Pegasus Project” emerges as the biggest scandal facing the publisher NSO Group, it is far from its first. Since 2016, numerous surveys have cited the misuse of surveillance technology against journalists or political opponents. And during all this time, the line of defense of the Israeli company has always relied on the same two pillars:
- Its spyware would only be used to monitor criminals;
- She would check to which governments she is selling her tool (but could not monitor the exact use made by customers).
In its first transparency report in 12 years of existence, published on June 30, 2021, the publisher of Pegasus once again hammered out these arguments: “ To be clear, we do not operate this technology [Pegasus, ndlr]. We only license it to law enforcement and intelligence agencies of sovereign countries. We have no information about who the states might investigate or what plots they try to stop. “
But, a rare occurrence, the company also half-heartedly admitted the existence of improper use of the monitoring software: “ We recognize that on occasion, clients may fail to meet their obligation as a state to protect human rights and meet their contractual obligations ”. This is why the 32 pages of the report set out to detail the various committees, clauses and other training put in place by the Israeli company to limit the misuse of Pegasus.
NSO Group even presents a scale of the dangerousness of potential customers, with the additional measures put in place for those considered to be the most risky. Result: the company refuses the sale of Pegasus to no less than 55 countries, for reasons related to ” human rights, corruption and regulatory restrictions. Despite these preventive measures, the list of client countries cited by the Pegasus Project is long: Morocco, Hungary, Mexico, Rwanda, Azerbaijan… All are accused of having used Pegasus to spy on journalists or political opponents.
“Make the world a safer place”
However, in its course, the NSO Group, the company explains that it has only one objective, ” make the world a safer place “. On paper, its surveillance software should only be operated by government authorities, as part of legal investigations, the purpose of which would be to ” protect the security of citizens in the face of major crimes and terrorism. “
The Israeli company presents Pegasus as a useful tool in the ” dismantling of terrorist organizations “, From” drug cartels “, From” human trafficking “Or” pedophile circles “. Extreme cases where, according to the publisher, the invasion of the privacy of the targeted persons would be justified. Over the past year, Pegasus would have been used to arrest 50 drug traffickers, and ” dozens of suspected terrorists “, While suspicions of misuse only represent” 0.5% “of cases. A record strongly questioned by the recent survey.
Pegasus, the anti-encryption
According to the company, Pegasus would be the perfect counter-weapon to ” encryption capabilities offered by mobile communication messaging applications Like WhatsApp or Signal, used by a vast majority of the population… and by criminals. By accessing messages directly at their point of receipt and sending, the monitoring software bypasses end-to-end encryption, the technology that prevents the content of intercepted communications from being read. ” These technologies offer criminals and their networks a safe haven, allowing them to disappear and avoid detection, communicating through impenetrable mobile messaging systems. ”, Insists NSO Group. Before the popularization of end-to-end encryption, authorities could easily set up wiretaps on telephone lines. For the company, spyware would be the modern version of ” traditional listening system “.
Whether or not the customer triage operated by NSO Group is sincere, it is largely not enough to prevent misuse, with the list of 50,000 target numbers uncovered by Project Pegasus as proof. Still, the publisher rightly repeats in its report that it meets the conditions necessary for the export of its technology in several jurisdictions.