Here’s What Amnesty International Israel Really Said About Pegasus Project Database
Many leaders from the Bharatiya Janata Party and right-wing websites tried to claim on Thursday that Amnesty International Israel had taken a “U-turn” and was no longer standing by reports coming out of the Pegasus Project. This, however, was based on mistranslation and misinterpretation of a Hebrew statement issued by the organisation.
On Thursday, Amnesty International issued a statement refuting the ‘false rumours’ being circulated:
“Amnesty International categorically stands by the findings of the Pegasus Project, and that the data is irrefutably linked to potential targets of NSO Group’s Pegasus spyware. The false rumours being pushed on social media are intended to distract from the widespread unlawful targeting of journalists, activists and others that the Pegasus Project has revealed.”
Appended below is an accurate, official English translation of the original Hebrew statement, which makes the stand of Amnesty International Israel crystal clear.
§
In an attempt to deflect flack against it and to divert public discourse in the wake of the Pegasus Project, a global investigation exposing the misuse of NSO Group’s spyware, the company has responded by focusing on details of claims that weren’t made directly against it. We would like to clarify that the NSO Group revelations are only the tip of the iceberg when it comes to misuse of Israeli offensive cyber capabilities and Israeli arms, and although from our perspective NSO Group bears responsibility for misuse of its products, it is not solely culpable and the greater responsibility lies with the Ministry of Defense.
Furthermore, NSO Group boasts that it has “exposed” Amnesty by stating that the list of 50,000 smart phone numbers presented in the investigative project was not in any way connected to its products, that the list is random, that the real figures are far more limited, that the headlines were sensationalist, based on falsehoods, and so on. The truth is that Amnesty never presented the list as a “list of victims infected with NSO’s Pegasus spyware”, although some international media may have done so.
Amnesty, the journalists’ partner to the investigation, and the media outlets that employ them, clarified from the outset, in the clearest terms possible, that the list was of numbers targeted as of interest to NSO clients, namely various regimes around the world. NSO claims the list is meaningless and could have been arbitrarily taken from the Yellow Pages, but that is not the case: The list shows the areas of interest of the company’s clients, who sought to track and monitor journalists, human rights activists, lawyers and so forth, and not just terrorists, suspected paedophiles and suspects in other serious crimes. Indirectly this also has indications as to the character of NSO and the Israeli Ministry of Defence, which in all likelihood did not preclude such clients in advance.
Furthermore, contrary to claims made by NSO, the investigation didn’t throw “different figures in the air every time.” NSO spokespersons have succeeded, and impressively so, in creating a narrative that the investigation and publications regarding it supposedly came up with differing and confused versions, but, in fact, different figures relate to different aspects of the case. Within the list of 50,000 numbers there was a shorter list of numbers identified as belonging to journalists.
These are two separate lists, although in some instances they do overlap. The shortest list is that of numbers where the smartphones affiliated to those numbers came into the hands of analysts at Amnesty’s labs, and where specific evidence identified with the Pegasus spyware program was found even though the spyware leaves very little trace. And this in the year of the coronavirus, during which the owners of the phone were allegedly being tracked, and communication with them was limited. Amnesty and its partners to the investigation published a detailed methodological report that describes exactly how the analysis was carried out. If NSO wishes to be accurate regarding the facts, it should first be accurate with its claims.
With regard to the principle claims against it, NSO states that it sells its products legally, only to law authorities and to security agencies, and that it meets international standards in the field with regard to human rights. It also boasts of a transparency report that it published. Even if the company’s intentions are good, and even if positive actions are taken using its products, this is not an accurate portrayal of the situation: International standards require the exercise of due diligence prior to sales to entities known to violate human rights. Israeli law on the other hand requires merely authorisation by the Ministry of Defence, which is limited solely by UN Security Council resolutions.
Seeing as NSO’s responses to allegations against it in recent years have been inconsistent, it is difficult to evaluate the extent to which the Israeli company has control over misuse of its products. It appears that from the moment the Pegasus spyware programme is sold to entities known to be human rights violators – be they governments or other entities. NSO in all likelihood does not have the ability to ensure that no misuse is made of its systems, unless a complaint is made on the matter, and for the most part the person that would be making the complaint is not aware that they have fallen victim to misuse of the system. Furthermore, if there is a possibility to prevent misuse of its products, NSO is obligated to pursue the possibility, and not to hide behind contracts that detail the terms of use by regimes that cannot be trusted
Moreover, it must be emphasised that in oppressive regimes critical voices are often, unjustly, categorised as being connected with terrorism or criminal activity, and thus constitute “legitimate targets for monitoring”. It is extremely difficult to examine at the requisite resolution whether these are false accusations or legitimate suspicions. The very choice to sell powerful spyware to oppressive regimes almost certainly leads to their misuse, and to increased oppression of critical voices. Every reasonable person understands this without any need for forensic analysis of what actually happened. What’s more, in oppressive regimes, law authorities and security agencies are very often part of the problem, not the solution.
We repeat that as claimed by the Herzliya-based cyber company, sole responsibility does not lie with NSO, rather a major part of the responsibility lies with the Defence Ministry Export Controls Agency, which fails to carry out its duties faithfully. Alongside more stringent supervision, what is required is more aggressive legislation that will prevent offensive cyber tools and Israeli arms being sold to entities that violate human rights.
The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab. Read all our coverage here.