US puts new controls on Israeli spyware company

The company has broadly denied wrongdoing and issued a statement Wednesday, saying its tools “support U.S. national security interests and policies by preventing terrorism and crime.”

By Associated Press

The Biden administration announced last week that it is putting new export limits on Israel’s NSO Group, the hacker-for-hire company, saying its tools have been used to “conduct transnational repression.”

The company, whose spyware researchers say has been used around the world to break into the phones of human rights activists, journalists, and even members of the Catholic clergy, said it would advocate for a reversal.

The U.S. Commerce Department said the NSO Group and three other firms are being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports. The department said putting these companies on the entity list was part of the Biden administration’s efforts to promote human rights in U.S. foreign policy.

“The United States is committed to aggressively using export controls to hold companies accountable that develop, traffic, or use technologies to conduct malicious activities that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad,” U.S. Secretary of Commerce Gina Raimondo said in a statement.

The announcement was another blow to NSO Group, which was the focus of reports by a media consortium earlier this year that found the company’s spyware tool Pegasus was used in several instances of successful or attempted phone hacks of business executives, human rights activists and others around the world.

Tech giant Facebook is currently suing NSO Group in U.S. federal court for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with its spyware.

The company has broadly denied wrongdoing and issued a statement Wednesday, saying its tools “support U.S. national security interests and policies by preventing terrorism and crime.”

“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based (on) the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products,” the company said.

In an interview in July with Israel Hayom, Shalev Hulio, CEO of the NSO Group, fought back against reports that the company had knowingly exported its technology to be used against activists and political opponents of governments across the world.

Hulio charged that the allegations that his company intentionally armed governments with its Pegasus cellphone hacking spyware, knowing that it would be used to infringe on people’s civil liberties, are part of an orchestrated anti-Israel campaign aimed at hurting the Jewish State’s cybersecurity industry.

Hulio said that the company sells its technology to governments under strict conditions and that they must the technology only for preventing terrorism or fighting crime.

The full impact of being put on the entity list is unclear. Kevin Wolf, a lawyer at the firm Akin Gump and former top Commerce official, said being placed on the entity list can have a broad impact on a company.

“Many companies choose to avoid doing business with listed entities completely in order to eliminate the risk of an inadvertent violation and the costs of conducting complex legal analyses,” he said.

Stewart Baker, a cybersecurity lawyer and former general counsel at the National Security Agency, said it remains to be seen how big an impact Wednesday’s announcement will have on the NSO Group’s long-term health.

“We could see a situation in which the sanction has been granted and it has a great symbolic significance and some practical significance for NSO, but certainly isn’t a death penalty and may over time just be really aggravating,” he said.

World Israel News contributed to this report.