November 3, 2021 – The US Department of Commerce has blacklisted four cybersurveillance companies for providing services to governments known to have used the tools to illegally surveil on citizens, human rights defenders, journalists and at-risk communities. The companies banned by the US government in the latest move include the notorious NSO Group and Candiru from Israel, Positive Technologies from Russia and Computer Security Initiative Consultancy PTE. LTD from Singapore.
The announcement comes three months after a group of journalists working with Forbidden Stories, a French non-profit, revealed how NSO Group’s surveillance software Pegasus was being used by its clients to target at least 180 individuals which included government officials, political opposition leaders, activists, journalists and at-risk individuals around the world.
In a statement, the US Department of Commerce says that the decision to add these four companies to the “Entity List” was made after receiving evidence that they had let their clients, which include the foreign governments, to use their tools and services to violate human rights. It says, “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”
The Entity List which restricts the “export, reexport and in country transfer of items” that are believed to be involved in threatening the national security or foreign policy interests of the United States, is compiled by an End-User Review Committee (ERC) maintained and chaired by the Commerce Department’s Bureau of Industry and Security (BIS) and includes members from the Department of Defense, State and Energy.
The development would mean that the four companies, including the NSO Group which is known for its surveillance tools being used by the governments around the world to target journalists and activists, would need special license to buy parts and components for their own manufacturing from the US based and registered companies.
While the development restricts the cybersurveillance companies from openly doing business in the US, it has also set a precedent on the sale of their services and software in other countries as well.
NSO Group has previously distanced itself from the use of its products for human rights abuses by its clients which entail foreign governments, and has said that its products are only used to target serious criminals. However, the Pegasus Files, an investigation that was published in July 2021, revealed that NSO Group’s infamous surveillance software Pegasus was being used by the governments to target not only the journalists, activists and dissidents within their own countries, but also government officials and political leaders in other countries as well.
The Pegasus is believed to be a zero-click attack that does not require its target to click on malicious files or links, instead is deployed in the device through a loophole in the device’s operating system. Once installed, the software grants real-time access to the targeted person’s phone calls, text messages, camera, microphone, gallery and other material in the device.
