Image: MARIO GOLDMAN/AFP via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
“NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the Commerce Department wrote in a press release.The list also includes another Israeli spyware seller, Candiru; a Singapore-based company that also sells hacking services, Computer Security Initiative Consultancy, better known as COSEINC; and Positive Technologies, a Russian company that had previously been accused and sanctioned by the Biden administration for helping Russian spies. “NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed,” an NSO spokesperson told Motherboard in a text message. “We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products.”
Advertisement
Advertisement
Jacobson, however, explained that the Commerce Department listed these companies under a “presumption of denial.”“You have to overcome that presumption. And that is not an easy burden,” Jacobson, who is a lawyer at Jacobson Burton Kelley PLLC, told Motherboard in a phone call.Jacobson explained that this applies to all kinds of software and hardware, such as licenses for Microsoft’s cloud service Office 365, or server racks made by U.S. companies. This sanction could also indirectly affect NSO’s business across the world. “It doesn't put a scarlet letter per se. But it definitely raises questions. And there it certainly raises red flags that some companies just may choose not to continue to sell,” Jacobson said.This sanction does not prevent NSO from selling its spyware to U.S. law enforcement or intelligence agencies, Jacobson said. But it could be the first step that leads to wider sanctions against the company. Activists who for years have denounced abuse from NSO’s customers rejoiced at the news. “I very much welcome this news. For years we have been documenting extensive and serial abuses of mercenary spyware sold by companies like NSO Group and Candiru. For years, many people have debated how to mitigate these harms, with little concrete progress. I am and my colleagues have long argued that it must start with serious government regulation. The US Department of Commerce’s designation is a very positive first step to bringing some public accountability and order to this otherwise poorly regulated marketplace,” Ron Deibert, the founder and director of Citizen Lab, a research group housed at the Munk School of Global Affairs & Public Policy, University of Toronto, told Motherboard in an email “This designation should put companies like NSO and Candiru on notice that they cannot frivolously and repeatedly make sales to government clients that will routinely mis-use such powerful tools. Now it is time for other governments to follow suit.”Do you work or have worked for NSO Group, or a similar company? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com
Advertisement