Israeli Police (Mostly) Cleared Of NSO-Related Wrongdoing While NSO Issues Legal Threats To Calcalist Over Cover-Up Claims
from the certainly-not-the-last-we'll-be-hearing-about-all-of-this dept
This won’t change much for NSO Group, but at least it helps the Israeli Police rehab its image a bit. An “initial investigation” has (mostly) cleared the Israeli police of wrongdoing in one of the latest surveillance scandals tied to NSO’s malware.
The Israeli broadcaster Channel 12 said a police investigation ordered by Israel’s public security minister, Omer Barlev, had concluded that of 26 individuals named in recent reports as having been targeted using NSO Group’s Pegasus software, three named individuals were targeted, with the police successfully hacking only one of the phones.
The investigation apparently is still ongoing, so these early positive results might be undone after further examination. Fortunately, the Israeli police aren’t investigating themselves. Instead, the federal police agency is being scrutinized by officers from Israeli intelligence agencies Shin Bet and Mossad.
This doesn’t mean Israeli police haven’t targeted Israeli citizens with NSO hacking tools. It just means that what’s been discovered so far has been lawful, contradicting earlier reports that suggested targets were subjected to attempted (or successful) hacking without the proper paperwork in hand.
Of course, earlier reports also said the police were able to do this by exploiting a “loophole” in the law. And that means the spirit of the law can be violated without anyone engaging in anything that’s actually illegal. This is how state-ordained surveillance programs work: by playing right up to the edges of what the law permits.
The only possible illegal hacking was regarding Shlomo Filber, a former director-general of the Communications Ministry and longtime confidant of Netanyahu, according to Hebrew-language television reports.
The Israeli police are apparently hoping that this illegal hacking will be excused because law enforcement never accessed or made use of the data and communications obtained with the use of phone hacking tools. But the police have admitted investigators went beyond what was authorized in the court order.
Police brass told justice officials that the data was downloaded accidentally and was never given to investigators in the Netanyahu cases.
This possibly illegal hacking was discovered during the course of another investigation entirely unrelated to the current investigation about police use of NSO phone exploits.
Filber’s phone was reportedly accessed in 2017, and had the entirety of its content drained using unnamed spyware. The discovery that Filber’s phone had been targeted was made in the course of an unrelated investigation, ordered by the attorney general, into alleged police abuse of the controversial NSO Group’s Pegasus software, though a different technology was used to access Filber’s phone.
NSO Group, for its part, has decided it’s time to start suing. Calcalist — which has broken news of NSO-related hacking several times — released a list of alleged Israeli targets of NSO malware. This report — along with a follow-up by Calcalist — has triggered legal threats from NSO.
Calcalist on Monday published specific, but unsourced, allegations of hacking against 26 targets by police. The bombshell report said NSO Group’s Pegasus program was deployed against senior government officials, mayors, activist leaders, journalists and former prime minister Benjamin Netanyahu’s family members and advisers, all without judicial authority or oversight.
To be clear, NSO doesn’t deny the listed names were targets of NSO malware. Instead, it is taking issue with Calcalist’s claim that NSO provided customers with malware deployment tools that could be configured to prevent the creation of data logs during deployment and use, thus preventing the creation of digital footprints that could indicate the use of NSO’s Pegasus spyware. NSO denied this allegation in a letter threatening legal action, stating that it never provided customers with systems that offered plausible deniability as undocumented feature.
In response to Thursday’s report, NSO wrote to Calcalist that the relevant systems “include full documentation of the actions performed in them,” and that the records are kept for legal purposes and to prevent tampering with evidence. It further denied the newspaper report’s claim that it had sold client software that does not include the documentation feature or only in a limited way.
We’ll see what becomes of this legal threat. NSO is already defending itself against two lawsuits brought by US tech companies. It may not be wise to press forward with one of its own and roll the dice on discovery for a third time. Given the nature of NSO and the those it has chosen to sell to, it’s not all that unreasonable to believe it may have offered cover-up solutions to certain customers at a comfortable markup.