DONATE: As many of you know, I support my blogging as a freelance journalist writing for publications like Middle East Eye, The Nation, Al Jazeera and Jacobin Magazine. It’s a precarious business since you are at the mercy of editors who you hope understand the importance of your work, but who sometimes don’t. You may pitch a story you believe is profoundly important and not even get a reply.
I’ve found that you go through troughs, periods when your work is valued and periods when you can’t buy a thrill. Periods when publications are interested and periods when they’re not. Right now, seems one of those periods. Recently, an editor commissioned this piece. When I produced the first draft, she said it “sounded like it was written for an Israeli audience.” Though the current published version is expanded and considerably different from the one I offered her, I’ll let you be the judge of that. She killed the piece. At least she offered a small kill fee.
That’s why I ask you, who has better appreciation of the importance of my work, to step up now and support it with a donation. When the going gets tough, I need to rely you to step into the breach. You understand how important this reporting is, the obstacles I face, and how few researchers and journalists are doing it. So take the next step. Please give generously via the Network for Good icon or Paypal button in the sidebar.
If you can’t donate, you can make friends, family and allies aware of this blog and encourage people to subscribe. It’s important to expand our audience and our presence in the media conversation.
Last June, Whatsapp revealed that the Israeli spyware company, NSO Group, used an exploit to compromise the communications of 1,400 users living mainly in Middle East countries (as well as Mexico, and the latest targeted country, India). The Financial Times profiled some of the victims here. Today, Reuters revealed that senior government officials in as many as 20 countries were also targeted:
Senior government officials in multiple U.S.-allied countries were targeted earlier this year with hacking software that used Facebook Inc’s WhatsApp to take over users’ phones, according to people familiar with the messaging company’s investigation.
Sources familiar with WhatsApp’s internal investigation into the breach said a “significant” portion of the known victims are high-profile government and military officials spread across at least 20 countries on five continents.
The hacking of a wider group of top government officials’ smartphones than previously reported suggests the WhatsApp cyber intrusion could have broad political and diplomatic consequences.
This takes the attack beyond the realm of individual victims into the realm of state-against-state espionage; a far more serious breach than previously known. Whatsapp also announced that it had reported the incident to the FBI. Facebook has taken further punitive action, deleting all accounts of NSO employees on its platform.
It was previously known that Intelligence agencies in Bahrain, Saudi Arabia and the UAE have used NSO’s Pegasus malware, the most powerful product of its kind on the market, to spy on targets they view as threatening the security of their dynastic regimes.
When Whatsapp first announced the NSO attack, I wrote this piece for Jacobin in which I argued that it was imperative for the former company and its corporate parent, Facebook, to sue the Israeli firm and hold it accountable for its behavior. I also encouraged the federal government to assume a role in protecting U.S. companies and the privacy of American citizens who use their technology. It’s not surprising that the Trump Justice Department has taken no action against the Israeli firm. But luckily, Whatsapp announced yesterday that it was suing NSO in federal court in San Francisco.
Its leader explained the company’s position in this Washington Post op-ed. This takeaway echoes my own views in Jacobin:
…Far more needs to be done to define what amounts to proper oversight of cyber weapons. NSO said in September that “human rights protections are embedded throughout all aspects of our work.” Yet it maintains that it has no insight into the targets of its spyware. Both cannot be true. At a minimum, leaders of tech firms should join U.N. Special Rapporteur David Kaye’s call for an immediate moratorium on the sale, transfer and use of dangerous spyware.
At the time the exploit was originally exposed, NSO published this non-response response:
“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation.”
Note the severe disconnect between creating the malware and knowing precisely what its ultimate use will be; while claiming that releasing it to your customer absolves you of any responsibility for what they do with it. An amazing game of moral hocus-pocus.
In response to the lawsuit, NSO stated:
“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” NSO said in a statement. “The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime.”
Yes, but you yourself refuse to guarantee that those are the actual uses made of Pegasus. So what good is such a statement?
In my earlier story, I urged governments to develop regulations which laid out proper and improper uses of the technology. Currently, there are no such regulations in place anywhere. It is the wild west out there. But given how many hundreds of millions of cell phones are in use and the pervasive impact of the technology on every aspect of modern life, it’s astonishing that we’ve let things go this far. If governments don’t take action, we private citizens and NGOs whose mission is to protect digital privacy must mount effective campaigns to educate the public about the critical need for such rules.
The only Israeli government agency monitoring NSO is the defense ministry’s export control committee, which approves Israeli technology for commercial purposes. It has offered the company licenses to sell its products around the world. The ministry has no interest in what clients do with the technology and does not monitor this. In fact, Israeli weapons exports are one of the most powerful drivers of the Israeli economy. The country ranks 9th in the world in total value of its arms exports. So would the defense ministry mess with a goose laying golden spyware?
This is not the first lawsuit targeting the NSO Group for the nefarious use of its technology. A Palestinian lawyer in Britain is suing the company on behalf of a Saudi dissident targeted by Saudi intelligence. He was one of the colleagues of murdered journalist Jamal Khashoggi, whose infected cell phone offered his killers details about his movements and played a key role in his death. And Amnesty International is suing NSO after one of its staff, whose job was to monitor Saudi human rights violations also was targeted.
While this may be the beginning of a rough patch for the spyware developer, its first five years of existence have been truly golden. Started by two IDF veterans in 2012 as part of serial start-up attempts after they ended their military service, most of which failed, they happened to be at the right place at the right time. Just as international consumers took to cell phones on a mass scale, its founders realized that there would be a commercial niche both to protect the security of the phones and to compromise them. Within two years, their company was worth $100-million, and earlier this year, a UK venture capitalist made the company a unicorn by paying $1-billion to buy it outright.
In Stephen Peel, NSO found the perfect buyer. A young trendy venture capitalist whose wife ran a modern art museum, Peel was a board member of Global Witness, a British anti-corruption NGO. Once the purchase of NSO was made public, a furor arose over this seeming conflict of interest. Peel resigned from the board and was offered a glowing au revoir by its director who called him “typically selfless.” Unfortunately, he couldn’t seem to understand the conflict between NSO’s products and his own organization’s mission.
Peel immediately sought ways to kasher NSO’s bad reputation. He inveigled Amnesty and other human rights NGOs to sit down and recommend ways in which the company’s products could be transformed from treif to kosher. The NGOs smelled a rat and wanted nothing to do with what they perceived as an empty exercise.
Stymied by the international human rights community, Peel then turned to an Obama official with the Department of Homeland Security, Juliette Kayyem. Despite her having no experience with ethics in the field of technology and social policy, she was tasked with developing ethical guidelines for NSO’s products. Keep in mind as well, that NSO declares almost as a point of pride that it does not monitor its customers’ uses of its products. That’s how it absconds from any responsibility for the crimes committed by security services using Pegasus.
Given this, one wonders how a bona fide ethicist (which Kayyem is not) would feel comfortable developing ethics guidelines when the company itself refuses to accept any responsibility for how the products are used?
Kayyem began her career as a homeland security advisor for Massachusetts Gov. Deval Patrick, She then made the move to DC during the Obama administration working first as a trial lawyer in the Justice Department and later as a senior official in the Department of Homeland Security. Her bio offers no trace of any experience developing corporate ethics policies:
Juliette Kayyem has spent over 15 years managing complex policy initiatives and organizing government responses to major crises in both state and federal government. A national leader in homeland security, resiliency and safety, she is currently the Senior Belfer Lecturer in International Security at Harvard’s Kennedy School of Government, where she is faculty chair of the Homeland Security and Security and Global Health Projects.
…She was President Obama’s Assistant Secretary for Intergovernmental Affairs at the Department of Homeland Security. There she played a pivotal role in major operations including handling of the H1N1 pandemic and the BP Oil Spill response; she also organized major policy efforts in critical infrastructure protections and community resiliency.
She has served as a member of the National Commission on Terrorism, a legal advisor to US Attorney General Janet Reno, and a trial attorney and counselor in the Civil Rights Division at the Justice Department.
Recently, the Washington Post named her to its stable of columnists. The most bitter irony here is that NSO may be an accessory to Jamal Khashoggi’s murder. Many in the media speculate that Saudi intelligence was able to know the journalist’s plans and whereabouts based on this surveillance. It enabled his Saudi killers to ambush him at the Saudi embassy in Istanbul. At the time of his murder, he too was a columnist for the Post. Both Jeff Bezos and the senior editors railed against the Saudis for their perfidy and demanded action from the Trump administration to hold them accountable. Unfortunately, that never happened.
Despite this disappointment, no one would expect that the Post’s opinion editor, Fred Hiatt would make such a tone-deaf decision to hire Kayyem. There were a few days of uproar, during which the Post and Kayyem attempted to argue that she was not personally responsible for the Israeli company’s actions because she didn’t serve in direct capacity in the company’s operations. But that made it seem like her work on the ethics guidelines had nothing to do with the company at all. Recently, she bowed out of her position saying she didn’t want to be a distraction from the worthy journalism of the Post.
I’ve addressed several questions to Dr. Kayyem about her work for NSO including how much they paid her in consulting fees; what expertise she has in the field of ethical use of technology. I also asked whether her guidelines offered guidance on the specific uses of Pegasus by NSO clients. Did they offer any restrictions on its use or caution against applications that would violate her guidelines? She has not responded and I will update here if/when she does.