Countries interested in buying cyber technologies from Israel must commit to only using them to prevent a limited list of terrorism acts and serious crimes, new guidelines issued by Israel’s Defence Ministry reveals.
Why this matters: Israel is one of the most prominent exporters of cyber tech and surveillance tech in particular. These new guidelines not only place severe restrictions on entities wanting to import such tech from the country but also give a framework to other countries looking to govern their cyber tech exports.
This move comes after repeated allegations of misuse of spyware made by Israeli-based NSO Group. Just last week, reports revealed that US State Department employees were hacked by an unknown entity using the Pegasus spyware made by NSO.
While the Israeli government has previously said that it only allows cybertech exports for the fight against terrorism and crime, this claim is only now explicitly backed in writing as the government amended the End-Use/User Certificate to specify that use-cases.
What purposes can Israel cybertech be used for?
Israeli systems can be used only for the prevention and investigation of the following:
- Terrorist Acts: Intentional acts committed with the aim of
- Seriously intimidating a population
- Unduly compelling a Government or international organization to perform or abstain from performing any act
- Seriously destabilizing or destroying the fundamental political, constitutional, economic or social structures of a country or an international organization.
- The following are the “intentional acts” laid out in the guidelines:
- Attacks upon a person’s life which may cause death
- Attacks upon the physical integrity of a person
- Kidnapping or hostage-taking
- Causing extensive destruction to a Government or public facility, a transport system, an infrastructure facility, including an information system, a fixed platform located on the continental shelf, a public place or private property likely to endanger human life or result in major economic loss
- Seizure of aircraft, ships or other means of public or goods transport
- Manufacture, possession, acquisition, transport, supply or use of weapons, explosives or of nuclear Biological or chemical weapons, as well as research into, and development of, biological and chemical weapons
- Release of dangerous substances, or causing fires, floods or explosions the effect of which is to endanger human life
- Interfering with or disrupting the supply of water, power or any other fundamental natural resource the effect of which is to endanger human life
- Threatening to commit any of the acts listed above
- Serious crimes: The guidelines define a serious crime as: “A crime for which the national law imposes a term of imprisonment of 6 years or more.”
Criticizing the government is not considered a terrorist act or a serious crime: The guidelines also explicitly carve out that criticizing the government is not considered a terrorist act or a serious crime:
“An act of expressing an opinion or criticism, as well as presenting data regarding the state , including any of its institutions, shall not, in and of itself, constitute a Terrorist Act [or] a Serious crime.”
Other conditions: Furthermore, the use of the system must be:
- In accordance with national law: “The system will be used only in accordance with national law, including legislation relating to privacy rights. The system may be used only subject to obtaining any authorization as required by national law, including judicial orders if so required.”
- Non-discriminatory: “The system shall not be used, under any circumstances, to inflict harm on an individual or a group of individuals, merely due to their religion, sex or gender, race, ethnic group, sexual orientation, nationality, country of origin, opinion, political affiliation, age or personal status.”
Failure to comply: Failure to comply with the above guidelines can result in the suspension of the export license or the shutting down of the system.
What should India do in response to changes in these guidelines? How will India’s import of software like Pegasus be impacted? Leave a comment below
Do changes go far enough?
Notwithstanding the limitations placed, some of the definitions in the new guidelines remain vague and broad. For example, the definition of serious crime can be stretched to accommodate unreasonable use cases of an authoritarian government.
Also, commenting to Israeli newspaper Haaretz, Human rights group Amnesty criticized the new guidelines saying that it:
“places the responsibility on cyber companies and the countries that are their customers and contradicts past claims by the ministry.”
Why is Israel clamping down on cybertech exports?
There have been calls to regulate the spyware industry ever since it was revealed in July that multiple governments across the world, including India, used NSO Group’s Pegasus spyware to target political leaders, journalists, human rights activists, businessmen, military officials, intelligence agency officials, and several others.
Following these revelations, several Israeli government officials visited the office of the NSO Group in July, according to a statement from Israel’s Ministry of Defense. The Ministry reportedly said that it would review the allegations of misuse of the NSO’s surveillance software while hinting at a possible “review of the whole matter of giving licences”.
Then last month, Israel reduced the list of approved countries that can do business with local cyber tech companies from 102 to 37 countries.
All this while, NSO has maintained that it has not done anything wrong and that it only sells its tools to vetted governments and law enforcement agencies for use against crime.
What is happening around Pegasus allegations in India?
While India has long been suspected of being a Pegasus buyer, the scale and nature of surveillance it has embarked upon, and the targets it seems to have picked, don’t appear to indicate national security concerns, but rather surveillance of those who are critical of the government.
In light of this, multiple people filed petitions before the Supreme Court and the Court in October constituted an expert committee to investigate the usage of Pegasus by the government against its own citizens. This committee on November 26 started reaching out to potential targets of Pegasus detailing the scope of the probe and asking them to join the investigation by submitting their infected mobile device and a statement.
More recently, the Indian government in response to a question asked in the parliament said that “there is no proposal for banning any group named ‘NSO group’.”
- NSO Group’s Pegasus Used To Hack Phones Of US State Department Officials: Report
- Summary: Apple’s Lawsuit Against NSO Group For Surveilling, Targeting Its Users With Pegasus Spyware
- Pegasus Probe: SC-Appointed Committee Reaches Out To Targeted People With A Request
- Supreme Court Appoints Committee To Investigate Pegasus In India; “State Does Not Get A Free Pass”
- UN Human Rights Council Faces Pressure To Denounce And Investigate Pegasus Surveillance