The disclosure that the phones of over 300 people in India were allegedly targeted using spyware Pegasus, supplied by an Israeli company NSO Group, has raised many serious ethical, political and legal questions. Not just India, but the Pegasus scandal has rocked countries across the world, with reports claiming that phones of world leaders, activists and journalists were hacked.
However, a report by the NSO group on June 30 titled, ‘Transparency and Responsibility Report 2021’, clearly expresses concern over the potential misuse of its spyware against politicians, NGOs, journalists, lawyers etc and infringement of 'salient human rights'. The report also said that the group has 60 customers in 40 countries, of which 51% are intelligence agencies, 38% law enforcement entities and 11% military.
The report also expressed apprehension that the spyware may be used in support of litigation or to obtain information that may cause embarrassment to any individual.
“There are a wide variety of additional government-driven risks that could flow from our technologies. These could include rights associated with the legal and judicial process, such as freedom from arbitrary arrest and detention and similar abuses, as well as invasions of freedom of thought, conscience and religion, restrictions on freedom of movement or participation in civic life," the report said.
The report admitted that the group cannot do much more because of strict confidentiality restrictions but said that when abuses happen within their jurisdictions, the company cooperates with the states to ensure that those affected have access to an effective remedy.
The NSO group claims that it investigated 12 reports of misuse in 2020 and, between May 2020 and April 2021, “approximately 15% of potential new opportunities for Pegasus were rejected for human rights concerns”. As a safeguard, the report said, the company requires, at a minimum, human rights compliance clauses in all customer agreements, along with a commitment from customers “to only use NSO’s systems for legitimate and lawful prevention and the investigation of serious crimes and terrorism”.
The report, however, admitted that effective monitoring of customer activity remained a significant challenge in the absence of “immediate insight into the use” of its products.
After a media consortium published reports based on what it called the Pegasus Project, NSO, the world's most infamous hacker-for-hire outfit denied the allegations stating that it has no visibility into its customers' data.
NSO called the report by Forbidden Stories "full of wrong assumptions and uncorroborated theories," and said it was mulling a defamation lawsuit.
"We firmly deny the false allegations made in their report," NSO said.
The company reiterated its claim that it only sells to “vetted government agencies” for use against terrorists and major criminals.