In a press release issued today, the NSO Group announced a new Human Rights Policy and the introduction of a supporting governance framework that will bring the company into alignment with the UN Guiding Principles on Business and Human Rights.
NSO products are used exclusively by government intelligence and law enforcement agencies to fight crime and terror, but its ‘Pegasus’ mobile phone hacking software caused controversy earlier this year over concerns that it could turn on a phones camera and microphone, collect emails, messages and location data.
Back in May, 2019, The Citizen Lab, at the University of Toronto, claimed that “WhatsApp Voice Calls Used to Inject NSO Group Spyware in Phones”
In their release, NSO say they are.. “the first company in the global cyber technology and defense sectors to seek alignment with the Guiding Principles, cementing the company’s existing industry-leading ethical business practices.”
WhatsApp has since rolled out a security update to address the vulnerability.
Key aspects of the new NSO Human Rights Policy include:
- The integration of human rights due diligence procedures to identify, prevent and mitigate the risks of adverse human rights impact;
- A thorough evaluation throughout the company’s sales process of the potential for adverse human rights impacts arising from the misuse of NSO products, including the past human rights performance and governance standards of the country involved;
- Contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights;
- Specific attention to protect individuals or groups at elevated levels of risk of arbitrary digital surveillance and communication interception on grounds such as their race, color, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defense of human rights;
- The provision of grievance mechanisms to enable reporting of suspected misuse of NSO products by the company’s agency customers;
- A renewed commitment to investigate whenever the company becomes aware of alleged unlawful digital surveillance and communication interception of NSO products;
- Public reporting on the effectiveness of the NSO Human Rights Policy, taking into consideration the regulatory, legal, contractual, security and commercial constraints that limit the company’s freedom to disclose specific information; and
- Periodic review of the company’s human rights governance framework by compliance experts, coupled with a commitment to ongoing dialogue with all relevant stakeholders.
Shalev Hulio co-founder and CEO of NSO said; “NSO’s products provide governments with the tools to help stop the world’s worst terror attacks and most dangerous criminals. We are incredibly proud of our products’ record of helping intelligence and law enforcement prevent serious crimes and save lives, but also understand that misuse could represent human rights violations. This new policy publicly affirms our unequivocal respect for human rights and our commitment to mitigate the risk of misuse. NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.”
One of NSO’s three newly appointed senior advisors; Governor Tom Ridge, (the first U.S. Secretary of Homeland Security) said, “Terrorists and criminals continue to take advantage of encrypted messaging to ‘go dark,’ shielding their criminal activities from security and law enforcement agencies. Law enforcement and intelligence agencies face a daunting challenge in overcoming today’s advanced terror and criminal threats, and NSO’s technology can play a helpful role. In today’s digital age, when our personal privacy is more vulnerable than ever before, a successful business must also be a responsible corporate citizen in all aspects of its work, which is why I am pleased to see that NSO has committed itself to following the UN Guiding Principles on Business and Human Rights.”