Even though Pegasus-maker NSO Group has denied any misuse of its technologies after an expose by a consortium of media organisations found that the spyware was used to snoop on Indian journalists and politicians, the Israel-based company, in a policy document, released three weeks before the controversy, is said to have hinted that clients of the software may be “tempted to limit fundamental freedoms”.
According to a report in Indian Express, the policy report titled ‘Transparency and Responsibility Report 2021’ said that the NSO Group had around 60 clients, mostly states governments and state agencies, in 40 countries. While 51 per cent of the clientele constituted intelligence agencies, 38 per cent was law enforcement agencies and 11 per cent was military.
The IE report said that in its policy report, the NSO did identify the chances of the spyware being misused against politicians, journalists, NGOs and lawyers among others in the “most salient human rights risks” section.
The report said that the spyware may be misused “for reasons unrelated to national security or law enforcement, such as in support of litigation or to obtain information that may be embarrassing to individuals.” It said the people misusing the spyware could be “unauthorized personnel associated with state and state agencies.”
“There are a wide variety of additional government-driven risks that could flow from our technologies. These could include rights associated with the legal and judicial process, such as freedom from arbitrary arrest and detention and similar abuses… as well as invasions of freedom of thought, conscience and religion, restrictions on freedom of movement or participation in civic life,” the report read, as quoted by IE.
NSO in the report said that while it has probed 12 reports of misuse of Pegasus in 2020 and between May 2020 and April 2021, it rejected around 15 per cent of “potential new opportunities” over human rights concerns. It added that the company since 2016 has rejected potential clients and a revenue worth USD 300 million as part of its review process. These potential buyers included five customers, who were “disconnected from the system” after investigation found them to be misusing the technology.
The company also admitted in the report that monitoring client activity still remained a key challenge for it due to the absence of “immediate insight into the use” of its products even though it is mandatory for a customer to provide information on the product usage in the customer’s systems logs in a tamper-proof manner. Refusal to comply with company guidelines will lead to immediate suspension of the customer’s right to use the system, the report said.
The NSO group, which so far had been calling the expose by 17 media organisations on the misuse of its spyware by its clients as a “well-orchestrated media campaign” has now assured that it will investigate any misuse of its technologies and even “shut down the system when necessary.”