by Michael Dean Thompson
NSO Group is an Israeli firm started by former Israeli intelligence officers that produced some remarkably infamous software. The company’s software has become notorious for its use by governments with little regard for human rights violations against their own citizens. One of its products, Landmark, has been linked to government tracking of journalists, activists, and others who have annoyed the power elite. These privacy violations led the U.S. Congress to conclude that NSO Group should be placed on a blacklist, preventing any U.S. agency or contractor from purchasing NSO Group’s products.
However, Congress later learned that the FBI had evaluated a version of the software that would have allowed them to infect devices on American soil, a feature not available in the off-the-shelf variety of the Pegasus software. Congress then asked the FBI to explain why it had invited NSO Group to demonstrate their products’ abilities. As it turned out, the FBI had done more than evaluate the zero-click malware (software that can be loaded onto the device without any action by the user); they had spent $5,000,000 of taxpayers’ money to purchase the licenses. With this software, phones would be fully compromised, cameras could be turned on, microphones made hot, data downloaded, texts read, social media perused, cloud services searched, and more.
The FBI claimed to have had a post-purchase fit of conscience. Unlike a cell-site simulator, which under a law created long before smartphones can be (very loosely) defined as a pen register device (a device that collects only metadata about phone calls, such as who was called or had called, and for how long), they were unable to find a statute that would allow them to commit warrantless invasions of American citizens’ privacy with covertly installed malware. So, they claimed, they never bothered to deploy the software.
They also offered that someone else may have purchased and used the software. In turn, Congress ordered the FBI to investigate stories that a government contractor might have been involved. What they found was that Riva Networks, a government contractor doing business with the Department of Defense, Drug Enforcement Agency, and Air Force Research Laboratory, as well as the FBI, had purchased and deployed the platform. Although no data or communications were supposedly captured from the deployment, it was used against Mexican citizens. And Riva Networks had done so as part of an FBI contract.
FBI director Christopher A. Wray terminated Riva Network’s contract after it all came to light. Nevertheless, the contractor almost certainly still possesses the malicious malware and continues to be employed by other government agencies. And, when you consider the history of agencies like the Department of Homeland Security and the FBI misrepresenting and obscuring the tools and programs they use, such as cell-site simulators and fusion centers (both of which have been cloaked in nondisclosure agreements and vague authorizations), how much faith can we have that Big Brother is not illegally using NSO Group (or some other company’s) software to monitor Americans at this very moment?
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login