Photo: Protestors outside the offices of the Israeli cyber firm NSO Group in Herzliya on Sunday. Credit: Nir Elias / Reuters

US lawmakers are telling the Biden administration to call out by name, as well as in reports provided to Congress, private companies that sell cyber intrusion tools to governments

27 July 2021 | Ben Samuels | Haaretz

WASHINGTON – A group of U.S. lawmakers on Monday urged the U.S. government to take a series of actions against the Israeli firm NSO Group following reports that it leased military-grade spyware to authoritarian regimes around the world that allegedly used it to hack the phones of politicians, journalists, human rights activists and business executives.

Reps. Tom Malinowski, Katie Porter, Joaquin Castro and Anna G. Eshoo issued the most extensive criticism to date from U.S. lawmakers concerning the reports on NSO’s Pegasus spyware, echoing Malinowski’s comments to Haaretz on the need to regulate the “hacking-for-hire industry” as well as rejecting NSO Group’s denials of the reports.

They urged the Biden administration to call out by name, as well as in reports provided to Congress, private companies that sell cyber intrusion tools to governments with a history of misusing them.

They also call for the potential immediate addition of NSO Group and any other companies engaged in similar activities to the Entity List administered by the Commerce Department, as well as considering “the company’s abusive clients for sanction under the Global Magnitsky Act.”

The logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert, southern Israel, 22 July (Reuters)
The logo of Israeli cyber firm NSO Group at one of its branches in the Arava Desert, southern Israel, 22 July (Reuters)

The Democratic lawmakers further called for a sanctions’ regime to hold accountable individuals and companies that sell spyware tools to authoritarian regimes, either via legislation or executive order.

The lawmakers, who have long been collectively outspoken about the dangers of the unregulated spyware industry, add that NSO Group and companies engaged in similar activities should not “access American investors’ funds — including through a potential IPO — through SEC regulations that would protect non-securitized capital from funding their activities.”

They further urge accelerated efforts “to finalize accession to the Wassenaar Arrangement’s limited controls on cyber-intrusion tools, lead a multilateral initiative to impose strengthened controls with transparent human rights assessments on items with surveillance capabilities, and consider SEC regulations requiring companies to publicly disclose exports of technologies with surveillance capabilities and to carry out published human rights due diligence for any such exports.”

Finally, the four House Democrats call to “investigate and assess the possible targeting of American journalists, aid works, diplomats and others’ with NSO Group’s Pegasus spyware, determine whether America’s national security was harmed, and take steps to protect all Americans, including federal employees, from the threat posed by the growing mercenary spyware industry.”