Israel warns clients against misuse of cyber exports amid NSO spy scandal
Tel Aviv reviews cyber export policy after back-to-back reports that NSO spyware was being used to hack into the phones of journalists, lawmakers, and rights activists in several countries including US and India.
Israel has laid down the law on the use by foreign governments of its cyber exports after the private Israeli developer of Pegasus spyware became engulfed in spying scandals abroad.
The Defence Ministry-linked agency for military exports, in a statement on Monday, specified that a foreign state seeking a cyber or intelligence system must only use it to combat terrorism and "serious crimes".
Smartphones infected with Pegasus spyware developed by the private Israeli firm NSO Group are essentially turned into pocket spying devices.
This allows the user to read the target's messages, look through their photos, track their location and even turn on their camera without them knowing.
US authorities last month blacklisted NSO by restricting exports to it from American groups over allegations the Israeli firm "enabled foreign governments to conduct transnational repression".
READ MORE: Israeli company sold malware to spy on journalists, activists – report
READ MORE: India and several governments use Israeli spyware to breach WhatsApp
Misuse of technology
An updated Israeli end-user certificate issued on Monday, to be signed by buyers, listed terrorism as including offences committed with the aim of "seriously intimidating a population" or "unduly compelling a government" through crimes such as hostage-taking and potentially fatal attacks upon a person's life.
"An act of expressing an opinion or criticism, as well as presenting data regarding the state, including any of its institutions, shall not, in and of itself, constitute a Serious Crime," or terrorism, the certificate said.
Violation of the provisions would result in the spyware being restricted or disconnected, the agency warned.
"The system shall not be used, under any circumstances, to inflict harm on an individual or a group of individuals, merely due to their religion, sex or gender, race, ethnic group, sexual orientation, nationality, country of origin, opinion, political affiliation, age or personal status."
The military exports agency said the provisions follow "a series of measures" taken in the last few years in which Israel "approves the export of cyber systems solely to governments for the purposes of investigation and prevention of terrorism and crime."
READ MORE: Indian PM Modi's main rival among targets of Pegasus spyware
READ MORE: Israeli spyware used in hacking US diplomats
Pegasus used to target journalists, activists, politicians
In the latest in a string of commercial cases, Apple last month sued the Israeli spyware maker, seeking to block NSO Group from targeting the more than one billion iPhones in circulation.
NSO has consistently denied any wrongdoing and defended the use of its software.
In July a collaborative investigation by The Washington Post, The Guardian, Le Monde, and other media outlets raised privacy concerns and revealed the far-reaching extent to which the NSO software could be misused.
They investigated a data leak of up to 50,000 phone numbers believed to have been identified as people of interest by clients of NSO since 2016.
The numbers included those of activists, journalists, business executives, and politicians around the world.
According to Israeli news website 972mag, Tel-Aviv has been exporting arms and spying equipment to the world's most repressive governments over the past few decades, although Israel doesn't release official information about its arms dealings.
"The list includes apartheid South Africa, the military Junta in Argentina, the Serbian army during the Bosnian genocide, and Rwanda in the years leading up to the genocide in the country."
READ MORE: Modi accused of ‘treason’ as Pegasus spyware row rocks India
READ MORE: US adds Israeli spyware company NSO Group to trade blacklist