JERUSALEM (Reuters) - The Israeli-based NSO Group said on Tuesday it would abide by U.N. guidelines to prevent rights abuses, following accusations by cyber experts that its software was used in a number of government surveillance scandals.
Human rights group Amnesty International, which has asked Israel’s government to revoke NSO’s export license, was sceptical that NSO’s new policies would make a difference.
NSO is best known as a supplier of surveillance tools to governments and law enforcers, and says its products tackle and prevent serious crimes and support search and rescue operations after natural disasters.
But its cellphone hacking software, Pegasus, has been linked to political surveillance in Mexico, the United Arab Emirates and Saudi Arabia, according to University of Toronto’s Citizen Lab, which researches digital surveillance, security, privacy and accountability.
Shalev Hulio, co-founder and chief executive of NSO, said: “NSO’s products provide governments with the tools to help stop the world’s worst terror attacks and most dangerous criminals. But (we) also understand that misuse could represent human rights violations.”
NSO said it would from now on systematically apply U.N. procedures set in 2011 to identify risks that its technology could harm human rights, and then prevent or mitigate them.
It also plans to evaluate its sales process and contractually oblige customers to limit the use of its products to the prevention and investigation of serious crimes, and to ensure that they will not be used to violate human rights.
NSO needs to turn words into action, Danna Ingleton, deputy director of Amnesty Tech, the technology and human rights division of Amnesty, told Reuters.
“NSO is a company that has a history of saying one thing and doing another,” she said. “The reason why they are doing this is to whitewash violations.”
She said that NSO and the industry as a whole needs more accountability and to do more due diligence when selling to oppressive regimes so human rights defenders are not targeted.
A Saudi dissident close to murdered journalist Jamal Khashoggi filed a lawsuit last year alleging that NSO had helped the royal court to take over his smartphone and spy on his communications with Khashoggi. Hulio has denied that NSO technology was used in Khashoggi’s murder.
In May, the electronic encrypted messaging service WhatsApp said a security breach on its app showed signs of coming from a government using surveillance technology developed by a private company, and may have targeted human rights groups.
WhatsApp told rights groups it had some reasons to believe the spyware had been developed by NSO. The firm at the time did not comment on the incidents but said it would investigate any “credible allegations of misuse” of its systems.
NSO, which Francisco Partners sold seven months ago to NSO managers and the European private equity firm Novalpina Capital, said the rules also provide mechanisms to enable reporting and investigation of suspected misuse of its products.
“This new policy publicly affirms our unequivocal respect for human rights and our commitment to mitigate the risk of misuse,” Hulio said.
A source close to NSO said the company remains steadfast in its belief that it does not know how its products are used by governments, while the firm strives to find a balance between helping governments save lives and potential abuses.
The source said NSO rejected contracts of some $250 million in the last few years following internal review processes due to possible misuse of its technologies.
NSO said it had taken on Tom Ridge and Juliette Kayyem, former secretary and assistant secretary at the U.S. Department of Homeland Security, and former French ambassador to the United States Gerard Araud as advisers.
Reporting by Steven Scheer; Editing by Kevin Liffey, William Maclean