Cyber-intelligence firm NSO Group tries to boost its reputation

Governance and risk management, Confidentiality

Critics wonder if movements in Israeli society will have an impact

Akshaya Asokan (asokan_akshaya) •
September 12, 2019

Israel-based cyber espionage firm The NSO group, which has been accused of selling technology that allows governments to spy on citizens, is committed to adopting the human rights guidelines developed by the United Nations.

See also: Live Webinar | A buying guide: what to consider when evaluating a CASB

But a critic of the company argues that NSO must prove that its actions are more than just “money laundering” to iron out the controversies that have plagued its business.

NSO says it plans to adopt the United Nations Guiding Principles on Business and Human Rights, a framework for ethical business behavior. In addition, the company released its own human rights guidelines as well as rules to protect whistleblowers who have concerns about NSO’s technology and how these products are used by governments and customers.

The company also said it plans to review its sales process as well as the way customers use its technology to ensure its tools are only used to aid serious crime and terrorism investigations.

“This new policy publicly affirms our unequivocal respect for human rights and our commitment to mitigate the risk of abuse,” said Shalev Hulio, co-founder and CEO of NSO.

History of the controversy

In recent years, NSO has come under fire for how its products, which include spyware and hacking tools designed for use by law enforcement and the military, have been used by governments against their own. citizens.

In November 2018, for example, Amnesty International called on the Israeli government to revoke the company’s export license after NSO’s Pegasus spyware was allegedly used to target some of its members. Israel has taken no action on the request, according to the human rights organization.

In May, Facebook issued a warning to users of its WhatsApp messaging app after NSO’s Pegasus spyware was used to remotely execute code on targeted phones. According to WhatsApp, the attackers were facilitated by “an advanced cyber actor” (see: Attackers exploit WhatsApp Flaw to automatically install spyware )

Additionally, NSO’s software has been used to support government efforts against activists in Mexico and the United Arab Emirates, according to Citizen Lab, a research group at the University of Toronto. The group is investigating the use of software exploits by governments with questionable human rights records to monitor activists and dissidents (see: Apple fixes zero-day flaws used to target activist).

Critics’ reaction

Critics of NSO say the company still has a lot of work to do to clean up its reputation.

Siena Anstis, senior legal counsel at Citizen Lab, took to Twitter to speak out against several issues NSO still faces, including a lack of disclosure about who is buying the company’s tools and whether governments that use NSO’s services have a history of human rights violations.

“Citizen Labs and Amnesty [International] research shows spyware is abused and deployed against human rights defenders, civil society and journalists. NSO Group has not made a commitment to refuse to sell to states that have recorded such abuses, ”Anstis wrote on Twitter.

In another response, Danna Ingleton, deputy director of Amnesty International technology, argues that NSO must prove that its latest actions are more than just “whitewash” to iron out the controversies that have plagued its business.

“Although at first glance it seems like a step forward, NSO has a habit of refusing to take responsibility,” said Ingleton. “The company has sold invasive digital surveillance to governments that have used these products to track, intimidate and silence activists, journalists and critics.”

NSO did not respond to a request for comment. In previous statements, however, the company has claimed that its software is designed for use by law enforcement and that it cannot control how governments and other customers use the technology.

Control of Congress

Meanwhile, U.S. lawmakers are considering legislation that would require U.S. companies that sell offensive cyber weapons to other countries to notify Congress (see: Bill would help Congress track offensive sales of “cyber tools”).

This provision was introduced after a Reuters report on the sale of offensive cybertechnologies to the UAE, which then used those capabilities against militants as well as activists and journalists in an operation called Project Raven.


Source link

About Donald J. Beadle

Check Also

Can collecting cyber intelligence support human rights?

In November 2021, the Biden administration added Israel’s NSO Group to the U.S. Commerce Department’s …

Leave a Reply

Your email address will not be published.