spy saga

House hearing highlights U.S. concerns about Israeli NSO group spyware

Lawmakers indicated openness to withholding aid from countries that utilize the commercial spyware

MENAHEM KAHANA/AFP via Getty Images

The NSO Group company logo is displayed on a wall of a building next to one of their branches in the southern Israeli Arava valley near Sapir community centre on February 8, 2022.

The House Intelligence Committee scrutinized NSO Group, the Israeli tech company responsible for the Pegasus spyware that has been used by governments to spy on activists, journalists, political leaders and U.S. citizens, at a House Intelligence Committee hearing on Wednesday examining the company and other commercial spy software.

The hearing featured testimony from John Scott-Railton, a senior researcher at the University of Toronto’s cyber-focused Citizen Lab; Shane Huntley, who leads a security unit at Google; and Carine Kanimba, an activist who was targeted with Pegasus as she lobbied for Rwanda to release her father, activist Paul Rusesabagina, from prison. Among lawmakers, there was rare bipartisan agreement that spyware and its creators pose deeply concerning threats.

In response to comments by Kanimba highlighting Rwanda’s dependence on U.S. aid and that foreign aid makes up much of the country’s budget, multiple lawmakers indicated openness to leveraging aid to countries that use spyware.

“We’re doing this because we’re trying to figure out what our response may be, and you gave me an idea,” Rep. Jim Himes (D-CT) said. “It seems to me that the principle of, if you attack our people with these surveillance tools… maybe not just our people, but civilians or anyone else, you will not get one red cent from the American taxpayer.”

Google’s Huntley urged federal officials to work to make companies like NSO pariahs.

“Drawing attention where we can to who we consider these threats are… that sends a lot of message[s],” he said. “I think it is about incentives as well. I think one of the incentives that I’ve been pushing when I’ve been speaking externally is on the talent. I want to make it so… you really think twice before accepting a job with someone like NSO and you do something more productive with your life.”

Huntley also said he found it “difficult to believe” that NSO does not have access to data collected by its clients, noting the company’s “conflicting claims” that it strictly controls the use of its technology but also has no visibility into its use.

NSO claims, for example, that its software cannot be used on U.S.-based devices, but there have been numerous instances where it has been, including Kanimba.

Scott-Railton made a number of policy recommendations to the committee, including urging the U.S. to exert diplomatic pressure on the countries that act as “safe havens” for spyware companies including, but not limited to, Israel.

“When it comes to Israel, they have an export control authority. That authority has authorized many of the sales that have led to these problematic cases, and so I think there too, there is an opportunity for diplomatic engagement and pressure,” he said. 

Scott-Railton further urged the U.S. to take steps to counter the spyware firms, bar spyware companies from doing business with the U.S. government or being acquired by U.S. entities and expand accountability measures in cooperation with allies.

He also praised the U.S.’s move to place NSO on the “entities list” of companies engaging in activities counter to U.S. national security and foreign policy. That decision, Scott-Railton said, has scared off potential NSO investors and put the company into a “tailspin.”