NSO owner tells Amnesty it will prevent abuse of spyware linked to WhatsApp breach

FILE PHOTO: The WhatsApp messaging application is seen on a phone screen
FILE PHOTO: The WhatsApp messaging application is seen on a phone screen August 3, 2017. REUTERS/Thomas White/File Photo

May 15, 2019

By Tova Cohen

TEL AVIV (Reuters) – NSO Group’s owner said it will do whatever necessary to ensure the Israeli firm’s spyware does not undermine human rights, after Amnesty International sought to revoke the export license for NSO, which has been linked to a WhatsApp breach.

While it did not comment on specific attacks, NSO said in a statement following a breach of WhatsApp’s messaging app on Tuesday that it would investigate any “credible allegations of misuse” of its technology which “is solely operated by intelligence and law enforcement agencies”.

WhatsApp, a unit of Facebook, told human rights groups it believed the spyware used was developed by NSO, best known for its mobile hacking tools, Eva Galperin, director of cybersecurity at San Francisco-based Electronic Frontier Foundation said on Tuesday following the breach.

A second person familiar with the matter also identified spyware from NSO, whose biggest investor is Novalpina Capital.

In a May 15 letter to Amnesty Novalpina said it controls NSO’s board and owns about two-thirds of its holding company.

The letter, signed by founding partner Stephen Peel, said Novalpina was “determined to do whatever is necessary to ensure that NSO technology is used for the purpose for which it is intended – the prevention of harm to fundamental human rights arising from terrorism and serious crime – and not abused in a manner that undermines other equally fundamental human rights”.

NSO’s founders and management acquired the company from U.S. private equity firm Francisco Partners in February, with Novalpina’s support.

WhatsApp, one of the world’s most popular messaging tools which is used by 1.5 billion people monthly, said it had notified the U.S. Department of Justice to help with an investigation, and it encouraged all WhatsApp users to update to the latest version of the app, where the breach had been fixed.

Novalpina has been exchanging letters with Amnesty over the past few months, outlining its commitment to ensure NSO operates in accordance with UN principles on business and human rights.

The latest communication was in response to a letter from Amnesty in April and does not mention the WhatsApp breach.

Lawful and responsible deployment of NSO technology by intelligence and law enforcement agencies is essential to meet the challenges of what would otherwise be untraceable crime, terrorism, human trafficking and drug cartels, said the letter.

It referred to an affidavit submitted to the Israeli government by Amnesty this week seeking the revocation of NSO’s export license. It said this would allow alternative suppliers that have not expressed interest in complying with UN principles to fill the gap.

Novalpina said it was seeking to involve Amnesty in its efforts to address concerns raised in the affidavit.

“Our intention is to establish a new benchmark for transparency and respect for human rights in full compliance with the UN Guiding Principles,” the letter said. “This will be underpinned by ongoing and meaningful consultation with affected stakeholders, and by a new model of public transparency.”

It said this goal will need to address complex matters of national security law and of intelligence and law enforcement agency practice.

“The intended outcome is a significant enhancement of respect for human rights to be built into NSO’s policies and procedures and into the products sold under license to intelligence and law enforcement agencies,” it said.

(Reporting by Tova Cohen; Editing by Steven Scheer and Alexander Smith)