Former State Watchdog Warned Israel About NSO Almost a Year Ago

At a meeting last September with Defense Ministry officials, Joseph Shapira said failure to beef up oversight of cyber tools could 'blow up in Israel's face'

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
NSO Group offices in southern Israel, last month
NSO Group offices in southern Israel, last monthCredit: Amir Cohen/Reuters

Former state comptroller and retired judge Joseph Shapira warned senior Defense Ministry officials of a conflict between defense technologies and human rights, citing the NSO Group as a potential bad actor 10 months before it decided to open an investigation into the Israeli cyber firm. 

Despite Shapira’s warnings to the Defense Ministry body responsible for overseeing Israeli defense exports, the Defense Export Control Agency did not take any major steps against the company, and the investigation was launched only last month, in the wake of the scandal and international criticism that erupted following publication of the global Project Pegasus investigation. 

LISTEN: How Israel’s Olympic hero challenged a nation’s identity

-- : --

Haaretz has learned that on September 9, 2020, Shapira arrived at DECA’s offices at the Defense Ministry’s headquarters in Tel Aviv, accompanied by other former officials from the State Comptroller’s Office. Shapira and his colleagues had arrived as representatives of a commercial company named CybeRighTech (CRT), which advises cyber companies on how to reduce their exposure to lawsuits and sanctions due to human rights violations. Shapira is a member of the company’s advisory committee. 

DECA is the body authorized to oversee and regulate Israeli defense exports with the goal of preserving the country’s interests and meeting its international commitments.

Senior DECA officials attended the meeting, including the director, Racheli Chen. The meeting included a discussion of the potential implications for Israel stemming the activities of Israeli cyber companies. 

Joseph Shapira in Tel Aviv, 2019Credit: Ofer Vaknin

Chen expressed concern at the meeting that products developed by these companies could lead to human rights violations if they fall into the wrong hands, as is claimed in the case of NSO.

Shapira and his colleagues warned senior DECA officials that if the Defense Ministry did not take steps to increase its supervision of offensive cyber firms, “it would blow up in Israel’s face,” according to a source familiar with the details of the meeting. 

They suggested that the Defense Ministry incentivize companies to self-regulate and added that DECA must formulate guidelines for cyber companies that would prevent human rights violations, similar to the Defense Ministry guidelines intended to prevent corruption and paying bribes by Israeli companies to foreign government officials.

At the meeting, Shapira and his colleagues argued that Israeli companies, including NSO, do not take into account the issue of human rights in their operations, in part due to the lack of supervision or guidelines on the matter. They presented before DECA officials the inherent risks of the “dark side of the technology,” citing NSO as an example of a company that develops technologies that could spill over to the “dark side.”

The report, published in July 2020, alleges that Pegasus software developed by NSO was used to track heads of state, activists, journalists, and regime opponents around the world. According to the report, NSO has aided in human rights violations in 11 countries, including authoritarian regimes such as the United Arab EmiratesBahrain and Saudi Arabia

The investigation also reported that the Hungarian government surveilled journalists, lawyers and at least one politician using NSO’s software. French President Emmanuel Macron’s name was also mentioned as being found in the lists of telephone numbers that may have been a target of Pegasus.

Following publication of the report, Macron called Prime Minister Naftali Bennett and demanded clarifications. Defense Minister Benny Gantz also met with his French counterpart and told her that Israel was taking the claims against NSO seriously and was examining the matter.

French President Emmanuel Macron in Tokyo, last monthCredit: Hannah Mckay/Reuters

At the same time, the Defense Ministry announced that its representatives, including from DECA, had visited NSO’s offices for the purpose of “examining the publications and allegations raised” against NSO. The visit was arranged in advance with the company. 

Several lawsuits are currently pending against NSO both in Israel and abroad. was founded in 2010. The one that has drawn the most attention was filed by Facebook in the United States. Facebook claims that NSO exploited security vulnerabilities in WhatsApp, which is owned by Facebook, to spy on its users on the platform. NSO, which was founded in 2010 by Omri Lavi and Shalev Hulio, has also been sued in Israel, including by Mexican human rights activists who claim the Mexican police tracked them down using NSO’s Pegasus software

The Defense Ministry said in a statement that “CRT representatives came in for a meeting at DECA [CRT] requested in order to ask for the Defense Ministry’s support for a service that they want to offer cyber exporters in the field of ethics. The meeting did not deal with NSO, and we do are not aware of any warnings expressed during it. The director of DECA made it clear to the representatives of [CRT] that the ministry as a regulator does not recommend to exporters who to consult with, and that it is very important that the consulting company know in depth DECA’s oversight processes.”

CRT said in a statement that “as a rule, we do not comment on meetings that took place or not. The company did not asked for ‘support’ or a ‘recommendation’ from any regulator.”

Click the alert icon to follow topics: