“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.”
NSA whistleblower Edward Snowden says that governments should impose a moratorium on the use of spyware that can quietly infect smartphones and collect vast amounts of sensitive information.
Snowden made the comments following the release of a report produced in collaboration between several news outlets, which found that military-grade spyware from Israeli company NSO Group had been used to surveil journalists and other persons of interest in different parts of the world.
Insidious spyware — The company has defended itself aggressively against the claims, which have surfaced in the media periodically over the years. It says its software, called Pegasus, is intended to be used only by vetted government organizations to prevent terrorism and serious crime. But the risk is that repressive regimes could use Pegasus to hold onto power by spying on and intimidating adversaries, and the findings suggest that’s already happening. It’s believed that one of NSO Group’s clients, Saudi Arabia, used the software to monitor people surrounding murdered journalist Jamal Khashoggi.
NSO Group says it revokes access to Pegasus when it finds countries using the software for malicious purposes. It’s admitted in statements, though, that it doesn’t actually know how governments use Pegasus, or to what ends. It doesn’t know the motivations behind why a country might be installing its spyware on any particular person’s phone. Following the new revelations, NSO Group said it will investigate all cases where Pegasus might have been used inappropriately.
Slippery slope — Snowden told The Guardian that even though spyware like Pegasus could be used to hunt down terrorists or other criminals, many more people could be targeted for surveillance as well, simply because it’s so easy to do so. “If they can do the same thing from a distance, with little cost and no risk, they begin to do it all the time, against everyone who’s even marginally of interest,” he said. Especially with a recent resurgence in dictatorships, cybersecurity experts feel the spyware industry is a real threat.
NSO Group is somehow able to dodge security measures built into iOS and Android. In the past when its methods for breaking into a phone have been revealed, the company has changed tactics within hours. Its entire business is based on finding vulnerabilities in an operating system and then keeping them secret, selling access to break into phones using user-friendly tools.
Being a for-profit business, Snowden said that NSO Group isn’t working to altruistic ends but really just wants to sell to anyone who’ll buy. “What the Pegasus project reveals is the NSO Group is really representative of a new malware market, where this is a for-profit business,” Snowden said. “The only reason NSO is doing this is not to save the world, it’s to make money.”
It seems unlikely that governments would be interested in giving up control, as Snowden’s past revelations demonstrated how they prefer more tools, not less.