Pegasus: Is India in the list of clients suspended by NSO under pressure ?

WhatsApp CEO Will Cathcart’s statement that he finds remarkable parallels between the phone hacking by Pegasus that was detected in 2019 and what has been revealed by the Pegasus Project has bolstered the international case against Israeli company NSO.

Senior Government officials were among those targeted in the 2019 attack, besides journalists and human rights activists who had “no business being under surveillance in any way, shape or form”, he said in an interview to The Guardian.

Responding to the Israeli company’s claim that the leaked list of 50,000 potential targets was highly exaggerated, the WhatsApp CEO pointed out that they had intercepted in 2019 as many as 1400 hacking cases in just a two-week period. WhatsApp had then sued NSO in a US court, where the case is pending.

The Israeli company did not dispute the facts in court. But it sought to absolve itself, saying that its ‘sovereign’ clients were to be blamed for misusing the military grade spyware. The US court too has observed that the fact that a malicious code owned by NSO was sent through WhatsApp had not been disputed.

NSO’s lawyers have argued that since its clients happen to be foreign governments, the company itself could not be blamed for any misuse. The clients of NSO, they submitted in court, were contractually bound to use the spyware to target criminals. They implied that any misuse of this clause was a breach of contract. What is still not certain is whether there is any penalty for breach of contractual provisions.

Significantly, NSO has accepted that it had received allegations of misuse, that it had investigated the allegations and having found them to be true, had shut down the ‘service’ in some cases and blacklisted at least two clients.

WhatsApp has also informed the out of the 1400 phones compromised in 2019 belonged to members of the civil society. Also targeted were senior government officials. This matches with the disclosures made by the Pegasus project n o w. T h e vulnerability that was exploited by the Pegasus in 2019 had been fixed, Cathcart claimed.

“This should be a wake-up call for security on the internet… mobile phones are either safe for everyone or they are not safe for everyone. If this is affecting journalists...if this is affecting human rights defenders all around the world, then that affects us all,” he was quoted as saying.

As pressure build up for the unregulated spyware industry to be placed under international restrictions, NSO is also coming under increasing pressure to disclose names of their clients. The NSO claims to be contributing to a safer world by enabling governments to snoop on potential terrorists, pedophiles and criminals. With such laudable aim, there should surely be no inhibition on the part of the company to part with their client list?

Pressure is also building up on countries using such spyware to be more accountable. Laws, safeguards, a compensatory mechanism and provision for inspections and social or parliamentary audits are some of the measures being suggested.