MEPs grilled the makers of the spyware Pegasus on Tuesday, June 21st, at a hearing of the PEGA Committee, an inquiry into the use of spy technology by EU governments.
In a tense session, the NSO Group’s top lawyer and Chief Compliance Officer, Chaim Gelfand, fielded questions from committee members. The Israel-based NSO Group is the maker of Pegasus, a spyware that can infiltrate smartphones and other devices, extract information from them, and even control their functions such as turning on a camera.
Pegasus has been used to bring down drug lords in both Mexico and Holland, but investigations by journalists and human rights groups also allege that governments have used this novel technology against journalists, activists, and other political opposition. In Europe, the governments of Hungary, Poland, and Spain have been accused of abusing the spyware for nefarious purposes. Heads of state and high-ranking EU officials have also been targeted with it.
NSO Group claims that it only sells its product to legitimate democratic governments so that they can fight crime.
During the hearing, Gelfand admitted that at least five European countries have purchased Pegasus, adding he would later provide MEPs with a “more concrete number.”
Gelfand also defended the company’s efforts to ensure that it only placed the tool in the hands of governments committed to the rule of law, though he admitted that it “had made mistakes.”
“We’re trying to do the right thing and that’s more than other companies working in the industry,” Gelfand told members of the PEGA committee. “Every customer we sell to, we do due diligence on in advance in order to assess the rule of law in that country. But working on publicly available information is never going to be enough.”
MEPs pushed back on Gelfand’s claims, asking probing questions about its use in Hungary and Poland.
“Who was checking the governments of Hungary and Poland, and how? How on earth could they be verified by you?” asked Polish MEP Róza Thun und Hohenstein, an opponent to the current Hungarian government led by Viktor Orbán.
Gelfand declined to answer specifically, reiterating that he could not disclose information about specific clients.
Dutch MEP Sophie in ‘t Veld tried another approach: “I would like to understand which cases of terrorism and serious crime were at stake when you sold Pegasus, for example, to the Hungarian and Polish governments,” she said.
Again, Gelfand didn’t offer any specifics, but assured MEPs that thanks to Pegasus state authorities had thwarted numerous terrorist attacks and apprehended paedophiles and other serious criminals. He estimated that “probably many thousands of lives have been saved.”
MEPs repeatedly asked how the NSO Group could ensure that its clients used the spyware against crime.
Gelfand responded that the NSO Group is not privy to the intelligence gathered by governments, but investigates misuse based on information from whistle-blowers submitted to it through its website. Those data about its use, he went on to explain, are retained in an audit trail that the company can access when investigating allegations of misuse. He said NSO Group had investigated dozens of allegations of misuse and terminated eight contracts upon discovering that it was taking place, including contracts with European governments.
He emphasized to MEPs that an international treaty would be the best way to combat such abuse and that NSO Group would welcome such regulation.
“Countries would have to agree how they are using the system and would have to sign up. There would be international ability to oversee this,” he said.
During the hearing, the chair of the committee, Dutch MEP Jeroen Lenaers, also announced that the committee would undertake a mission to Israel to get further information from the NSO Group.