While NSO CEO Hulio has gone on the offensive and disputed NSO’s connection with the leaked database of phone numbers, the Israeli firm has since said that it would no longer respond to any media enquiries on the allegations.
Israel-based NSO Group has repeatedly claimed that it supplies its Pegasus surveillance tool only to vetted governments for the purpose of addressing crime and terrorism. But recent revelations by Project Pegasus have shown evidence that some governments, including India’s, might be using the tool to target journalists, activists, opposition politicians, businessmen, among others.
The NSO Group has been vehemently denying the allegations made by Project Pegasus but has also indicated that it will investigate serious allegations. Its CEO has also appeared in multiple interviews to address the issue. Here is a compilation of what NSO has said so far and where it stands in terms of investigating the allegations.
What has NSO said so far?
The following comments were made in two public statements put out by NSO Group on July 18 (the day the Pegasus Project news broke out) and on July 22 (titled “Enough is Enough!”), and in statements submitted to the media bodies that are part of Project Pegasus. Some of the statements made to media companies were made before the news went public.
Full of wrong assumptions and uncorroborated theories: NSO stated that the report by Forbidden Stories is “full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and are far from reality.”
No factual basis: The group said that it checked the claims made by Forbidden Stories and found that the information obtained by them has “no factual basis, as evident by the lack of supporting documentation for many of their claims.”
Planned and well-orchestrated media campaign: In its latest statement, NSO Group called the revelations a “planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups.”
Leaked list is not related to NSO: Referring to the leaked list of 50,000 numbers alleged to be potential targets of Pegasus, NSO said:
- “NSO is not related to the list [of numbers], it is not an NSO list, and it never was.”
- “The list is not a list of targets or potential targets of Pegasus”
- “The numbers in the list are not related to NSO group”
- “Any claim that a name in the list is necessarily related to a Pegasus target or Pegasus potential target is erroneous and false”
- “The claims that the data was leaked from our servers, is a complete lie and ridiculous since such data never existed on any of our servers.”
NSO does not have access to customers’ data: “NSO does not operate the systems that it sells to vetted government customers, and does not have access to the data of its customers’ targets,” NSO said.
Can obtain data of customers for investigative purposes: Although NSO does not have access to the data of its customers, it can obtain them for investigation purposes, and governments are obligated to cooperate, the group said, clarifying instances where NSO was able to confirm that some people were not potential targets.
Will investigate all credible claims and shut down the system if needed: NSO said that it will “continue to investigate all credible claims of misuse and take appropriate action based on the results of these investigations. This includes shutting down of a customers’ system, something NSO has proven its ability and willingness to do, due to confirmed misuse, has done multiple times in the past, and will not hesitate to do again if a situation warrants.” NSO said in its transparency report published last month that it had terminated five clients following investigations of misuse since 2016.
- No clarification if current claims are credible: None of the statements by NSO acknowledges if the evidence submitted by the Pegasus Project is “credible proof,” but its CEO has said the current allegations will be investigated (more below).
Can confirm some alleged targets are not targets: “We can confirm that at least three names in your inquiry Emmanuel Macron, King Mohammed VI, and Tedros Ghebreyesus — are not, and never have been, targets or selected as targets of NSO Group customers. All of the French and Belgian government officials or diplomats mentioned in the list, are not and never have been, Pegasus targets,” NSO said in a letter Washington Post.
Will not respond to media enquiries: NSO also said that it will not be responding to any more media enquiries on this “vicious and slanderous campaign” that has “complete disregard of the facts.”
Consideration of defamation lawsuit: “In fact, these allegations are so outrageous and far from reality, that NSO is considering a defamation lawsuit,” one of the statements read.
Data obtained in the leak are overt basic information: NSO said that the data obtained by Project Pegasus are “from accessible and overt basic information, such as HLR Lookup services” and are “openly available to anyone, anywhere, and anytime.”
Exaggerated number of leaked phone numbers: “The alleged amount of “leaked data of more than 50,000 phone numbers” cannot be a list of numbers targeted by governments using Pegasus, based on this exaggerated number. The fact that a number appears on that list is in no way indicative of whether that number was selected for surveillance using Pegasus,” NSO said.
Leaked list not shared with NSO: “Forbidden Stories never shared the leaked list with NSO Group to allow it to verify or comment on the list,” NSO said in a statement.
Israeli government does not have access to data: “You falsely claim that the Israeli Government monitors the use of our customers’ systems, which is the type of conspiracy theory that our critics peddle,” NSO said in a statement to Washington Post.
NSO is subject to various export control regimes: “NSO is subject to various export control regimes including the Israeli MOD, as similar to existing regulations in other democratic countries,” NSO told Washington Post.
Cannot identify customers due to contractual obligations: “Due to contractual and national security considerations, NSO cannot confirm or deny the identity of our government customers, as well as the identity of customers of which we have shut down systems,” NSO said.
Not associated with the murder of Jamal Khashoggi: NSO also said that it had previously investigated the claim that its technology was associated with the murder of Jamal Khashoggi, and found that its technology was “not used to listen, monitor, track, or collect information regarding him or his family members.”
Correlation does not equal causation: “Even if Forbidden Stories were correct that an NSO Group client in Mexico targeted the journalist’s phone number in February 2017, that does not mean that the NSO Group client, or data collected by NSO Group software, were in any way connected to the journalist’s murder the following month. Correlation does not equal causation, and the gunmen who murdered the journalist could have learned of his location at a public carwash through any number of means not related to NSO Group, its technologies, or its clients,” NSO said.
NSO tech cannot be used to target US phone numbers: NSO said that its products “cannot be used to conduct cyber surveillance within the United States, and no foreign customer has ever been granted technology that would enable them to access phones with US numbers.”
NSO tech helped prevent crime and terrorism: “The fact is NSO Group’s technologies have helped prevent terror attacks, gun violence, car explosions, and suicide bombings. The technologies are also being used every day to break up pedophilia, sex- and drug-trafficking rings, locate missing and kidnapped children, locate survivors trapped under collapsed buildings, and protect airspace against disruptive penetration by dangerous drones,” the group said.
Somebody has to do the dirty work: “It’s horrible. I am not minimizing it. But this is the price of doing business. … This technology was used to handle literally the worst this planet has to offer. Somebody has to do the dirty work,” NSO co-founder Omri Lavie told Washington Post.
More reading on Pegasus
- A Guide To The NSO Group’s Pegasus Spyware In India
- Members Of Parliament React To Pegasus Spyware Controversy Amidst Monsoon Session
- ‘Illegal And Deplorable’: How Pegasus Spyware Targets In India Are Reacting
- Amazon Web Services shuts down infrastructure linked to Pegasus vendor NSO Group
- A decade-old Bill had proposed to regulate surveillance by govt agencies; this is what it said
- Pegasus spyware: How do we rein in State surveillance? Here’s what experts had to say