September 16, 2019

NSO Group introduces new Human Rights Policy following spyware scrutiny

By Rosie Lintott

Cyber-intelligence firm NSO Group has introduced a new Human Rights Policy and a supporting governance framework in an apparent attempt to boost its reputation and comply with the United Nations’ Guiding Principles for Business and Human Rights.

This follows recent criticism that its technology was being used to violate the rights of journalist and human rights defenders. A recent investigation found the company’s Pegasus spyware was used against a member of non-profit Amnesty International.

In May, the NSO Group was named by the Financial Times as the creators of Pegasus, a spyware tool being used to compromise users of encrypted messaging platform WhatsApp.

The NSO’s new human rights policy aims to identify, prevent and mitigate the risks of adverse human rights impact.

It also includes a thorough evaluation of the company’s sales process for the potential of adverse human rights impacts coming from the misuse of NSO products. As well as this, it introduces contractual agreements for NSO customers that will require them to limit the use of the company’s products to the prevention and investigation of serious crimes.

There will be specific attention to protect individuals or groups that could be at risk of arbitrary digital surveillance and communication interceptions due to race, colour, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defence of human rights.

Rules have been set out to protect whistle-blowers who wish to report concerns about misuse of NSO technology.

Former United States Secretary of Homeland Security, Governor Tom Ridge, who will begin serving as an advisor to the NSO Group, said:

“In today’s digital age, when our personal privacy is more vulnerable than ever before, a successful business must also be a responsible corporate citizen in all aspects of it work, which is why I am pleased to see that NSO has committed itself to following the UN Guiding Principles on Business and Human Rights.”

Amnesty International calls for legal action

This is latest group’s response to mounting pressure over the use of its tools. Over the last year NSO has been under scrutiny after revelations its technologies, including spyware and hacking tools, were being used by governments against their own citizens.

Amnesty International is supporting current legal actions being taken against the Israeli Ministry of Defence, demanding that it revoke NSO Group’s export licence.

Danna Ingleton, Deputy Program Director for Amnesty Tech, said:

“There needs to be tougher legal requirements on respecting human rights, for the spyware industry, which time and time again has trampled on the rights to privacy, freedom of opinion and expression.

“While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility. The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics.”

CEO and co-founder Shalev Hulio, CEO and co-founder of the NSO Group, disagrees. By becoming the first company in the industry to comply with the UN’s guiding principles, Hulio believes the organisation has further demonstrated its commitment to ethical business practices:

“NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.”

Read more: NSO denies having spyware that can hack cloud servers