NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That
from the barely-informing-people-about-things-they-already-know dept
Israeli phone malware manufacturer NSO Group has plenty of customers. Or at least it did until the Israeli government edited the company’s list of approved customers and the US government slapped sanctions on it.
NSO has sold its malware to plenty of abusive governments with long histories of human rights violations. It has also sold its products to countries far less notorious for human rights abuse, but who still misused the company’s powerful Pegasus malware to target dissidents, political opponents, and government critics.
Facing pressure and criticism from pretty much every country that doesn’t openly engage in human rights abuses, NSO Group is trying to survive several months of bad press, sanctions, and dwindling funding. When not courting potential purchasers who may not care about the company’s sordid past, NSO Group reps are answering questions posed to them by lawmakers who appear to be poised to engage in more direct regulation of malicious code.
According to this report by Antoaneta Roussi for Politico, the spyware developer has publicly admitted it has a handful of European customers.
The Israeli spyware firm NSO Group on Tuesday told European lawmakers at least five EU countries have used its software and the firm has terminated at least one contract with an EU member country following abuse of its Pegasus surveillance software.
Speaking to the European Parliament’s committee looking into the use of spyware in Europe, NSO Group’s General Counsel Chaim Gelfand said the company had “made mistakes,” but that it had also passed up a huge amount of revenue, canceling contracts since misuse had come to light.
“At least five” leaves a whole lot open to interpretation. And counting any number accurately seems like something a tech company that has developed some of the most fiendishly clever malware ever created should be able to do easily. Providing an accurate total should be well within its technological grasp.
But, much like the FBI and its billions in funding can’t seem to count the number of encrypted devices in its evidence lockers, NSO Group appears to be unable to count the number of European customers it has in total during testimony it was informed ahead of time it would need to attend.
That’s all NSO could provide, apparently. And it’s not much. We already know Poland is an NSO customer. (And it’s still part of Europe, no matter what the Russian government would prefer at the moment.) And it seems pretty clear the Spanish government has deployed the malware. Phones owned by Catalan members of the EU Parliament were hit with Pegasus malware and the Spanish government has made no secret of its desire to crush the Catalan independence movement.
That’s two out of the “at least five.” Every other country in the European Union has “national security interests” and a desire to fight crime — two justifications used by NSO to move its product — so it stands to reason the number of European customers is much greater than the “at least five” NSO claims to have.
More ridiculous than this open-ended (but still seemingly small!) number the NSO handed to EU lawmakers is the follow-up statement by its general counsel.
At least five EU countries had used NSO’s tool, Gelfand said, adding he would come back to MEPs with a “more concrete number.”
“Come back?” Are you kidding? How does NSO’s lawyer not have the actual number readily available? How was it not possible to have the actual number sent to him during this inquiry, moments after asking for it from NSO’s executives or account managers?
The only answer for this lack of accurate information is someone doesn’t want it revealed. NSO may not want to let the rest of the world know how many customers it has in Europe, especially given the propensity of its customers to abuse its products. And plenty of EU members may not want the public to know they’ve been buying powerful tech tools from a shady digital arms dealer.
Claiming you’ll come back with an answer when you already have instant access to one is pure bullshit. Granted, it’s the kind of bullshit you pay your general counsel handsomely to deliver when facing government inquiries but it’s not the sort of thing that endears you to regulators or the public they serve. This inability to count past five is going to do more reputational damage to a company that literally cannot afford it.
Filed Under: eu, malware, pegasus, surveillance
Companies: nso group
Comments on “NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That”
Sad, but maybe they really don't know
Most likely you are right in that they don’t want to reveal the real number. But given how sloppy they have been in vetting their customers, they might not actually know which countries were behind the groups they sold it to.
Relevant movie quote:
(Lightly edited for “clarity”)
Shame
So what could happen?
They give the program to everyone and we all live happily ever after?
Doubt it.
They could just Disappear, rename themselves and work under the table/black market. Its been done before.
They could ship copies into the net to hide it, and Off load it to new customers with no record of doing any business as everything in anon.
But Who wants privacy and WHO dont. For some reasons our gov. based most of our personal issues as private. But then we have ID, CC, SS#, and such, that get shared across many agencies and corps, With NO fall back to get them NOT to use our private numbers.
Nothing that SHOULD be enforced has been enforced.
What would happen if all our data was released? What else would they want? Pictures/DNA/Finger prints/ some sort of Proof positive that YOU are the person they are looking for.(star card anyone?)(I had to show a 40+ year old year book).
If privacy is such a big thing, why has the gov. NEVER taken certain groups to court?
NSO Lawyer Tells Lawmakers Company Can Count To Five, Will Need More Time To Count Higher Than That
Huh, I could’ve sworn it was just four the NSO are capable of quickly counting up to. I guess it is possible to overestimate the stupidity of privacy-invasive groups. 😼