Cyber Surveillance Firm Founder Defends Company’s Practices
Co-founder of NSO Group whose products were tied to government spying on journalists and dissidents defended the company’s ethical standards in a rare interview
For daily updates, subscribe to our newsletter by clicking here.
NSO Group conducts a “very strict” legal and legal review before accepting new business, Omri Lavie, the co-founder, said in a Hebrew-language interview for 30 Minutes or Less, a podcast published by Microsoft Accelerator TLV.
NSO sells spyware like Pegasus, a tool to manage trojan horse cyber attacks that can be used to gather intelligence from mobile phones and other devices.
Last year, researchers from the University of Toronto discovered that NSO’s software was used by the United Arab Emirates to spy on a human rights activist. In June, the same software was identified in a covert Mexican government operation targeting activists, journalists and political opposition in Mexico.
In an interview with Israeli entrepreneur and technology journalist Aviv Frenkel and with the the managing director of Microsoft's Israeli startup accelerator Navot Volk, Mr. Lavie said that NSO sells only to “governmental bodies that are defined as legitimate by the majority of the world.” He didn’t specify which countries, besides the example of North Korea, would be considered illegitimate.
Once a sale is made, NSO is not informed about how its technology is used, Mr. Lavie said.
“We have no way to know what they do it the system,” he said. “I don’t want to know. I don’t want to be an intelligence partner.”
Mr. Lavie criticized the media for putting a negative spotlight on his company, saying that NSO products help governments thwart terrorist attacks and fight organized crime. He blamed anti-Semitism for the intensity of the media and public backlash.
Portions of the interview with Mr. Lavie are reproduced here after light editing for length and clarity.
Q: Do you have to meet Israel’s legal requirements for exports as any defense exporter would?
A: Of course. We are in the stricter categories. We are an international company, so we also conform to U.S. and European regulations, even though we don’t have to. In other words, we comply with two more regulatory regimes that are not required just to make sure we are not making any of our clients uncomfortable.
Our decisions are subject to review by a very strict internal ethics committee that examines things that governments may not, such as corruption and human rights. Our ethics committee costs us little in terms of payroll but a lot in terms of contracts lost.
Q: What happens if a crime organization approaches NSO trying to buy its technology?
A: Our response is so quick and definite that I don't even know who is behind these queries. The moment we understand it's not a government any contact will immediately cease.
Q: Why is your company’s tied to scandals?
We sell software like a black box. I have no idea what customers will do with it. The reason we sell to governments only and follow regulations is precisely because we cannot know what (the customer) will do with it. At the end of the day, when a government decides to make this or that decision I can tell you that we at NSO Group have done everything in our power to avoid getting into such a situation. We have no way to know what they do with the system. I don’t want to know. I don’t want to be an intelligence partner.
Q: How did you feel about the negative press?
A: I once met a former CIA agent, and he said that for the most amazing things he did, they took him to a basement at Langley, gave him lemonade and a cookie and said that he did well. The bad things were a headline in the New York Times and Wall Street Journal. That’s how it feels.
I don’t know what was done in Mexico. I don’t know what was done in Abu Dhabi. I also don’t want to be in the position (to know). I make my judgment about the client before the sale. And afterward, unfortunately, there are allegations (about how) it was used in this or that way. I have no way of preventing it.