PEGA Committee of Inquiry
NSO Group Opening Statement
June 21, 2022
Thank you, Mr. Chairman.
On behalf of NSO, I want to thank the members of the Committee of Inquiry for having us here today. We are very appreciative of the opportunity to speak with you directly, and would like to use this time to cover three main areas. First, we will provide the Committee with information on NSO as a company, our technologies, goals and practices. Second, we would like to dispel certain rumors and misconceptions regarding our company and its technologies that have been prominent in the press and public debate. Third, we would like to share our goals and commitments for assisting the Committee in its ongoing work.
Before we begin, we should note that there are limits to the information we can share with the Committee and others. As you know, NSO is a private company providing, export controlled, cyber intelligence technologies only and exclusively to government agencies, for the purpose of preventing and investigating terrorism and other serious crimes.
As a result, we are unable to share details about our customers, as well as the crimes prevented and criminals tracked and apprehended using our technology or trade secrets of the technology. This practice is imperative to protect the legitimate legal and operational need for secrecy of sovereign intelligence and law enforcement agencies.
We are, however, committed to transparently sharing with you accurate information regarding our company and technologies.
We would like to begin with stating the simple truth that this technology has been conceived and designed to save lives worldwide.
NSO was founded in 2010 and was developed in order to respond to the needs and requests from various law enforcement agencies, including some from EU countries, to find a technological solution to gather intelligence from encrypted mobile devices. NSO was established with the ambition to make the world a safer place and has been doing so since day one.
Since its establishment, NSO set forth four principles to guide the manner in which it works: (1) NSO only sells to governments; (2) NSO will not sell to just any government; (3) NSO does not operate the systems; and (4) a desire to be regulated by government regulators. NSO’s products are licensed for sale with the approval of the Israeli Export Control Authority and provided exclusively to government intelligence and law enforcement agencies.
The rapid development and widespread use of technology by terrorists and criminals has profoundly changed the ability of states to prevent and investigate terrorism and other serious crimes.
Our products assist state authorities in addressing the “going dark” problem i.e. the growing misuse of end-to-end encryption applications by terrorists and criminals to conceal messages and plots when communicating through mobile devices.
The only other option to conduct investigations in today’s world is through mass surveillance or backdoor to the devices of all users, which would be a much more intrusive technology.
The technology developed by NSO is the only type of target centric solution that is known.
NSO is most well-known for Pegasus, a cyber intelligence program used by state law enforcement and intelligence agencies to collect data from specific mobile devices during investigations.
Through the use of Pegasus, state authorities have and continue to thwart numerous terrorist attacks such as suicide bombings, and has been instrumental in apprehending pedophiles and other serious criminals.
NSO is fully aware of and committed to its own human rights responsibilities and the duties of its clients, and is determined that its products be used appropriately and lawfully. In light of this, NSO has made a fundamental commitment to voluntarily take steps to address these concerns, including by following the approaches described in the United Nations Guiding Principles on Business and Human Rights or “UNGPs”.
NSO is proud to be the first and, to our knowledge, the only company in the cyber industry effectively implementing policies towards complete alignment with the UNGPs. This includes adopting and implementing policies, procedures and internal human rights programs, including human rights due diligence procedures, reviewing each credible allegation of misuse raised, conducting international investigations, and engaging with all stakeholders.
Unfortunately, not all allegations made against NSO are credible. For example, we have identified many allegations that are false, or contractually and technologically impossible.
These allegations often rely on evidence and data that was not provided to NSO, preventing us from being able to verify or refute such claims, and thus introducing confusion that is detrimental to maintaining public confidence in these technologies.
I would now like to dispel a number of misconceptions that have surfaced in the press and public debate with respect to our company’s activities and technologies.
A lot of information has already been presented to the Committee and there are numerous allegations that simply are not true. In light of the allocated time I cannot go through all of them, so I will focus on the main and/or most common misleading and/or incorrect allegations:
I will address each of these misconceptions one by one.
Licenses are limited in number and contracts are carefully crafted to permit only legitimate use.
NSO does not have any knowledge of the individuals whom states might be investigating, nor the plots they are trying to disrupt. For obvious reasons, sovereign states normally do not and will not share this extraordinarily sensitive information with NSO or any other provider of similar technology.
III. Commitment to Assisting the Committee
I would like to end my remarks by reiterating NSO’s commitment to assisting the Committee in its ongoing work.
NSO believes that cooperation between our company and the Committee can be fruitful in looking at concrete solutions to address human rights in our industry.
As previously stated, as well as many law enforcement agencies, we firmly believe that cyber intelligence technologies are necessary to address threats of terrorism and other serious crimes.
There is no other alternative that better addresses two equally legitimate public concerns: security and privacy. Therefore, we strongly reject any calls to ban these technologies or for a moratorium.
That being said, NSO has called for and continues to call for the establishment of an appropriate international legal framework, sector-specific standards for states and companies, and guidelines to better determine criteria for legitimate end users of crucial intelligence systems.
NSO is open to engage with all governments and other stakeholders, including civil society organizations, international organizations and the United Nations Special Procedures, and to enter into a meaningful dialogue with a view to establish concrete solutions to promote respect for human rights by all.
Lastly, at the end of today’s meeting, and if the Chair allows, NSO intends to provide the Committee with a position paper, which outlines many of the points we have raised today. We thank you again for your invitation to join the Committee today, and look forward to answering your questions.