The Spyware Scandal Runs Deeper Than Pegasus
The Spyware Scandal Runs Deeper Than Pegasus

By Ken Silva

Much attention has been paid this week to bombshell allegations that Israeli-created spyware may have been used to target journalists, dissidents, and other enemies of the state—but the Pegasus scandal is a mere microcosm of the larger issue of governments using private companies for surveillance operations.

On July 18, the Guardian and 16 other media outlets began publishing a series of stories about the Israeli-based NSO Group, alleging that foreign governments used the company’s Pegasus software to surveil at least 180 journalists and numerous other targets around the world.

Developed by former members of the elite Israeli Unit 8200—comparable to the U.S. National Security Agency—the Pegasus software allegedly infects iPhones and Androids, enabling operators to extract messages, photos and emails, record calls and activate microphones in secret.

Alleged possible targets of Pegasus surveillance include the slain Washington Post writer Jamal Khashoggi, France president Emmanuel Macron, and Indian opposition legislator Rahul Gandhi, along with numerous others. NSO explicitly denies its software was “associated in any way with the heinous murder of Jamal Khashoggi.”

Allegations about the NSO Group’s wrongdoing have been in the media for years. Facebook sued the NSO Group in U.S. federal court in 2019 for allegedly exploiting a vulnerability in WhatsApp, allowing Pegasus users to spy on the calls and messages of victims, including journalists and human rights activists. This case is pending appeal in the Ninth Circuit, where the NSO Group has argued that it should have sovereign immunity from civil litigation.

But while Pegasus was already public knowledge, this week’s reporting casts doubt on the NSO Group’s longstanding contention that it only intends for the software to be used in counterterrorism and other major criminal probes. The Guardian and other media reportedly obtained a copy of the NSO Group’s targeting database, which has a list of 50,000 phone numbers that clients may have targeted for surveillance—suggesting that the only way the NSO Group did not know the identity of its clients’ targets was through willful ignorance.

The NSO Group has continued to deny wrongdoing, saying that the media outlets misinterpreted the data.

“The [reports are] full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and are far from reality,” the NSO Group has said publicly. “After checking their claims, we firmly deny the false allegations made in their report. Their sources have supplied them with information which has no factual basis, as evident by the lack of supporting documentation for many of their claims.”

“In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit,” the Israeli company added.

Law enforcement in France and Hungary have already launched investigations into the use of Pegasus, and the Israeli parliament’s Foreign Affairs and Defense Committee has formed a committee that will look into the matter.

Meanwhile, the Moroccan government has hit back against some of the Pegasus reporting, filing a defamation lawsuit in Paris against two French-based organizations for allegedly publishing false claims that Moroccan investigators illegally used Pegasus to target government officials.

The Moroccan government “does not intend to let the multiple lies and fake news spread these past few days go unpunished,” the government’s lawyer reportedly said Thursday.

The NSO Group may be the object of wrath after this week’s reporting, but NSO is hardly the only company in the business of selling surveillance equipment to governments. Before the Pegasus scandal hit the headlines, the Canada-based research group Citizen Lab released a report on the Israeli company Candiru—named after the infamous fish known for swimming up a man’s urethra—alleging that the firm has engaged in many of the same activities as NSO.

Nor are private surveillance firms exclusive to Israel. In the United States, a company called Clearview AI has received notoriety over the last year, after the New York Times reported that the company was scraping billions of photos to develop facial recognition software for law enforcers at home and abroad. It was also revealed last year that the Department of Homeland Security (DHS) and other agencies had been purchasing data in bulk from private companies.

Legal scholars have raised concerns that surveillance companies pose a particularly onerous threat to privacy in the United States, because the Fourth Amendment restrictions on surveillance do not apply to private companies.

“If law enforcement agencies can buy their way around the Fourth Amendment’s warrant requirement, the landmark protection announced by the Supreme Court in Carpenter will be in peril,” the American Civil Liberties Union (ACLU) said in a public statement last December. “Despite federal agencies spending hundreds of thousands of dollars on access to cell phone location databases, those agencies have not publicly explained their legal justifications or internal limitations on access to this invasive information.”

U.S. Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) introduced legislation in April intended to address some of the constitutional issues presented by emerging surveillance technologies. Their Fourth Amendment is Not for Sale Act would place warrant requirements on government purchases of bulk data, and would take away the U.S. attorney general’s ability to give civil immunity to companies that unlawfully sell bulk data to government agencies.

But even though the Fourth Amendment is Not for Sale Act has the bipartisan support of 19 cosponsors, the bill has yet to receive a hearing.

Affiliate News Feeds

  • Hardware
  • Internet of Things
  • Networking
  • Industry News
  • Software

The tech titan Amazon used its show in Las Vegas to talk about watery matters, supply chains and much more. The post AWS re:Invent 2022: A tiered tour of technology… [...]

In a recent interview with Ravi Pendekanti, SVP of Product Management & Marketing at Western Digital, he explained how they have expanded their HDD technology to lower total cost of… [...]

Our picks for the top Amazon Cyber Week deals to ease the stress of those who work from home. The post 5 Amazon Cyber Week deals sure to make remote… [...]

IIoT can be a revelation when implemented successfully, but companies may run into obstacles. Here’s what IIoT is and the top five obstacles associated with using it. The post Top… [...]

Learn how Internet of Things technology has continued to support digital transformation for organizations across industries. The post Top 5 trends to watch in industrial IoT appeared first on TechRepublic. [...]

UK-based IoT connectivity platform provider seeks élan and style by snapping up French firm. The post Wireless Logic continues acquisition spree with IoThink Solutions deal appeared first on TechRepublic. [...]

Consider securing your remote work setup with a three-year subscription to a top VPN. Windscribe Pro is more than 70% off today only. The post Lock in 3 years of… [...]

Virtualization platforms are available from a number of vendors, but it’s still critical to maintain your virtualization environment to avoid unnecessary resource consumption, out of-compliance systems or applications, data loss,… [...]

The company’s products seek to address real-time data transport, edge data collection instruments. The post NVIDIA unveils supercomputing and edge products at SC22 appeared first on TechRepublic. [...]

An account takeover (ATO), in which criminals impersonate legitimate account owners to take control of an account, are on the rise in Asia and across the world. Fraudsters are swindling… [...]

Experts warn that API attacks will soon become the most common type of web application attack. As a result, organizations and their security vendors need to align across people, processes,… [...]

Research shows that web applications and API attacks continued to explode in the first half of 2022. Does your organization have the best defense today? Akamai recommends deploying a holistic… [...]

See how to integrate the Trello software with Google Mail for a much simpler project management workflow. The post How to integrate Trello with Gmail appeared first on TechRepublic. [...]

Read how to install the Trello app in macOS and why it will make your project management even easier. The post How to install the Trello app on macOS and… [...]

Find out if one of these top seven Wrike alternatives are an ideal project management solution for you and your team. The post Top 7 Wrike alternatives for project and… [...]