“New secrets about torture of Emiratis in state prisons.” So read a text message sent in 2016 to the iPhone of Ahmed Mansoor, a prominent human rights activist from the United Arab Emirates.
It was followed by a link. Mansoor did not tap it. Conscious of previous attempts to hack his communications, he forwarded the message to a security researcher at the digital rights watchdog Citizen Lab. What happened next would be a crucial step in a story that is quietly reshaping the Middle East.
According to an investigation by Citizen Lab, the link led to spyware created by the Israeli technology company NSO Group. Citizen Lab wrote that the existence of the spyware highlighted the “continuing lack of effective human rights policies and due diligence” at such companies based in democratic countries. Under Israel’s export laws, NSO Group would presumably have had to obtain a license to sell its products to the UAE. “The human rights abuses perpetrated by the UAE,” Citizen Lab wrote, “must not have outweighed authorities’ other motivations to approve the export.”
NSO Group and its Pegasus spyware have since been connected to the tracking of politicians and journalists in the UAE, and last month the security adviser Gavin Becker claimed it had been used to spy on Amazon CEO Jeff Bezos. Pegasus also allegedly played a part in the murder of the Saudi Arabian journalist Jamal Khashoggi. NSO Group, which its founders acquired in February from former majority owners, the U.S. private equity firm Francisco Partners, has denied that its software was used to spy on Khashoggi or Bezos.
In a statement to OneZero, an NSO Group spokesperson said the company adheres to “all applicable laws and regulations” and that it had established a business ethics committee to ensure its technologies are used responsibly. “We do not tolerate misuse of our products and we regularly vet and review our contracts to ensure they are not being used for anything other than the prevention or investigation of terrorism and crime.”