UK Lawmakers Call on Government to Sanction Spyware Firm NSO

News

A group of British MPs and peers have called on Prime Minister Boris Johnson to follow in the U.S. government’s footsteps and sanction Israeli spyware firm, NSO group, whose software “Pegasus” has been used by numerous governments around the world to spy on journalists and activists.

November 12, 2021

The letter seen by OCCRP condemns the government’s “failure to act,” especially in light of findings that U.K. nationals and residents have been targeted by the spyware, and urges the government to protect its citizens and residents from future cyberattacks, which represent “egregious breaches of domestic and international human rights.”

This inaction is highlighted in the context of findings that the spyware was used for such abuses by several Gulf countries’ governments, including Saudi Arabia, Bahrain and the UAE, whose regimes the U.K. government has sold “millions of pounds worth of spyware and surveillance equipment to.”

The findings are the result of a cross-border collaboration dubbed The Pegasus Project, which uncovered how these governments have targeted, among others, activists and dissidents who have sought refuge from them on British soil.

Three Bahraini activists who are now refugees in the U.K., for example, were infected with the spyware and Saudi satirist Ghanem al-Masarir, also a refugee in the U.K., was targeted by the Saudi government.

In another instance, and what the MPs’ letter calls an attempt to “undermine the judicial system in this country,” the ruler of Dubai, Sheikh Mohammed Al Maktoum, was found to have targeted his ex-wife Princess Haya of Jordan’s phone with the spyware.

“We are concerned that your government has failed to publicly condemn the actions of either NSO Group or the Saudi, Emirati and Bahraini governments or take substantive action to protect U.K. nationals and residents, including those living under British protection as refugees, from cyber attacks,” the letter addressed to Boris Johnson reads.

“The  decision  not  to  condemn  these  attacks  is  particularly  concerning  given  they  were conducted by Gulf Cooperation Council (GCC) states closely allied with the U.K. government,” it says, adding that Saudi Arabia, Bahrain and the UAE are among six states who have received at least US$71.38 million in military and technical support from the U.K. since 2016.

The group of 10 MPs and peers urged the government to suspend “all U.K. spyware licenses and cybersecurity contracts to Gulf nations implicated  in  cyberattacks  in  the  U.K.,  namely  the  UAE,  Saudi  Arabia  and  Bahrain,  pending an independent investigation,” adding that it needs to ensure “much tighter supervision on the licensing of relevant software in compliance with international human rights law.”