Pegasus: UK urged to conduct 'immediate' probe into spyware scandal
The UK government should launch an urgent investigation into the alleged targeting of some 400 British citizens and residents with NSO Group spyware, a human rights group told MPs on Tuesday.
The parliament's Foreign Affairs Committee should also coordinate with the 11 countries suspected to have used the Israeli firm's Pegasus mobile phone surveillance software to improve spyware regulation, including export controls and checks, Joe Westby, deputy director of Amnesty Tech, told the committee.
"There hasn't been enough done as a result of the findings. The scale and breadth of the harms that were exposed and across multiple countries really warrant an urgent response," Westby said.
"We are also calling on UK authorities to conduct an immediate, independent, transparent and impartial investigation of any cases of unlawful surveillance linked to Pegasus spyware, and including where possible providing remedies to victims."
Westby was one of several experts giving testimony to the Foreign Affairs Committee as part of its inquiry, launched in March, into technology and the future of UK foreign policy.
The aim is to give the UK government's Foreign, Commonwealth and Development Office guidance on how to proceed with its work in the face of new and emerging technologies and powerful private tech companies.
Representatives from Google and Microsoft have testified. Twitter and Facebook, however, declined the invitation, citing concerns that it would put their staff at risk, MPs said on Tuesday.
400 potential British targets
Details about the alleged use of Pegasus by NSO Group clients to target British citizens came to light in July after journalists working with cyber-security campaigners, including Amnesty Tech, obtained a leaked database of 50,000 phone numbers selected by NSO Group clients.
The numbers were linked to phones used by politicians, human rights defenders and journalists and forensic analysis of some of the devices found evidence that Pegasus software had been installed on them.
The NSO Group said that the reports were based on "wrong assumptions" and "uncorroborated theories", and questioned the reliability of the leaked database, saying that it couldn't "be a list of numbers targeted by governments using Pegasus, based on this exaggerated number".
Around 400 numbers in the database belong to British citizens or residents, including baronesses Manzila Pola Uddin and Fiona Shackleton, both members of the House of Lords; the head of a leading think tank, lawyers, academics and dissidents.
NSO Group clients reported to have selected numbers in the UK include the United Arab Emirates and Saudi Arabia.
'I'm afraid we wouldn't comment on private discussions'
- Cabinet Office on MEE's request to learn more about UK complaints to Israel
Shortly after the stories broke, a Cabinet Office minister disclosed during a House of Lords debate that the UK government had repeatedly complained to Israel over NSO Group's operations before the latest revelations.
Asked how long the British government had known about the use of the software by authoritarian governments, and what it had done about it, Lord True, the minister, replied: “We have raised our concerns several times with the government of Israel about NSO’s operations.”
MEE asked Lord True and the Cabinet Office last week to provide more details about what sparked the complaints and when they were made. True did not respond. A Cabinet Office spokesperson said: "I'm afraid we wouldn't comment on private discussions."
The NSO Group has stressed that it does not operate the spyware that it sells to its customers - which are limited to sovereign states or the law enforcement or intelligence services of those states - and does not have access to the data of its clients' targets.
It has also indicated that it previously shut down the systems of several customers and would not hesitate to do so again, but would not identify current or former customers "due to contractual and national security considerations".
'Tip of the iceberg'
While the NSO Group has received the bulk of public attention, there are over 500 surveillance firms, many of which sell spyware in an industry over which the global community has very little coordinated oversight or enforceable requirements, experts say.
Amnesty and other cyber-security campaigners have called for an immediate moratorium on the export and sales of spyware while regulations catch up with the technology.
"NSO [Group] is one bad actor. It's really the tip of the iceberg. There is an entire unregulated industry providing similar technology and that's why we need a moratorium urgently. We'd like the see the FCDO support that," said Westby.
The committee is expected to release a report based on its findings.