TEL AVIV (Reuters) - Israel is easing export rules on offensive cyber weapons, despite accusations by human rights and privacy groups that its technologies are used by some governments to spy on political foes and crush dissent.
A rule change by the defence ministry means companies can now obtain exemptions on marketing licences for the sale of some products to specific countries, a source close to the cyber sector told Reuters.
Israel, like other big defence exporters, closely guards details of its weapons sales and its export rules are not widely known, but the defence ministry confirmed the change had gone into force about a year ago in response to Reuters’ questions.
Industry specialists say the change makes a speedier approval process possible for the sale of cyber weapons, or spyware, which are used to break into electronic devices and monitor online communications.
Israel’s defence ministry said the rule change “was made to facilitate effective service to Israeli industries while maintaining and protecting international standards of export control and supervision”.
It said a marketing-licence exemption was granted only under “certain conditions related to the security clearance of the product and assessment of the country towards which the product will be marketed” and that companies were still required to hold an export licence. The Israeli government and the companies declined to comment on which neighbouring states are among spyware customers.
In a sign the government could make more changes, the economy ministry – which is responsible for promoting economic growth and exports – is setting up a division to handle exports of cyber technologies that have offensive and defensive capabilities.
“This is part of a reform that is essentially allocating more resources to the economy ministry for this important issue,” a ministry spokeswoman said.
GROWING COMMERCIAL MARKET
Advanced cyber weapons were until recently deployed only by the most technically sophisticated government spy agencies, such as those in the United States, Israel, China and Russia.
But now a robust commercial market for powerful hacking tools and services has emerged, with former government cyber experts from the United States, Israel and other countries playing a big role in the trade.
That has brought new scrutiny to how cyber weapons are bought, sold and deployed, and the actions of governments in regulating the trade. Israeli companies, including NSO Group and Verint VRNT.O, and defence contractor Elbit Systems ESLT.O, are among the world leaders in the growing global market for cyber weapons. The software tools exploit vulnerabilities in cellphones and other tech products to gain access and covertly monitor users.
Some privacy and human rights groups say Israel’s controls on the sale of cyber weapons are inadequate. Earlier this year, Amnesty said the government should take a tougher line against export licences that have “resulted in human rights abuses”.
The Israeli government declined to comment on accusations of rights abuses.
Rights groups say neighbouring states including Saudi Arabia and the United Arab Emirates are among the Israeli firms’ spyware customers.
Diplomatic considerations can come into play and help speed sales. Tel Aviv University Professor Isaac Ben Israel, the father of Israel’s cyber sector and chairman of its space agency, said there was nothing wrong with using technology to form a bond with neighbours that have shunned formal ties.
“This is a legitimate tool in diplomacy,” he said.
Government officials in Saudi Arabia and the UAE did not respond to requests for comments regarding claims they had purchased spyware from Israeli companies.
Israeli companies say they comply with government export rules and vet customers to ensure the technology is used for legitimate purposes by foreign governments.
REGULATE LESS, GROW MORE
Prime Minister Benjamin Netanyahu told a cyber conference in June there were demands to regulate the sector more as it grows. “But I think we have to take the risk, and it’s a considerable risk, of regulating less in order to grow more,” he said.
Israel’s approval process for exporting cyber weapons is more rigorous than in some other countries such as the United States and Britain, said Daniel Reisner, a partner at law firm Herzog Fox Neeman who represents many Israeli cyber firms. That put Israel’s industry “at a huge disadvantage”, he said.
Under the rule change, the approval process can be up to four months quicker and this has been “a huge help”, he added. Previously, it could take close to a year for a new company to obtain approval, he said.
Ron Deibert, director of Citizen Lab at the University of Toronto, which focuses on digital espionage and has uncovered alleged spyware abuses in countries including the United Arab Emirates and Mexico, said it was “unfortunate” that Israel was loosening its rules.
“Our research shows there is a crisis in civil society because of the abuse of commercial spyware,” Deibert told Reuters in an email.
A United Nations report in June called for a global moratorium on the sale of cyber weapons until human rights-compliant safeguards are in place in Israel and other countries.
Globally, a 42-nation weapons export agreement known as the Wassenaar Arrangement covers “intrusion software” and internet surveillance systems. Israel is not a party to the agreement, but says it is compliant.
David Kaye, the United Nations special rapporteur on freedom of expression, criticised Israel’s controls as “shrouded in secrecy” and called for all cyber weapon sales to be conditioned on a human rights review. Citizen Lab has linked NSO cellphone hacking software known as Pegasus to spying scandals in Mexico, the United Arab Emirates and Saudi Arabia. NSO says all its sales are approved by Israel’s government. Reisner, who serves as a member of an ethics committee at NSO, said the company had voluntarily turned down $200 million worth of business between 2016 and 2018.
Software from Elbit has been linked by Citizen Lab to an espionage campaign targeting Ethiopian dissidents. Elbit declined to comment.
Additional reporting by Stephen Kalin in Riyadh and Ghaida Ghantous in Dubai; Editing by Jonathan Weber and Giles Elgood
Our Standards: The Thomson Reuters Trust Principles.