On Monday, lawmakers Tom Malinowski, Katie Porter, Joaquin Castro and Anna Eshoo said that the recent media reports about the usage of the firm’s spyware by authoritarian governments shows there is a need for much stricter regulations.
“Enough is enough. The recent revelations regarding misuse of the NSO Group’s software reinforce our conviction that the hacking for hire industry must be brought under control,” the joint statement said.
The lawmakers said that companies that sell hacking tools to authoritarian governments “should be sanctioned, and if necessary, shut down.” They also called on the U.S. Commerce Department to add the surveillance firm to its economic blacklist and to impose sanctions on its “abusive” clients.
This is just the latest in the fallout following the release of The Pegasus Project, a collaboration by 17 media groups including OCCRP. Named after NSO’s main spy tool, the project used a data leak of more than 50,000 phone numbers to show how authoritarian governments use NSO technology to snoop on public figures and activists around the world.
The phone numbers of French President Emmanuel Macron, government ministers, journalists, and human rights activists were on that list.
In their statement, the lawmakers also singled out governments like Saudi Arabia, Kazakhstan, and Rwanda, which are believed to have used NSO spyware and seemingly “make no distinction between terrorism and peaceful dissent”.
While the NSO group has denied the findings of the investigation – and called it a “well-orchestrated media campaign” – the congresspeople said they found these denials “not credible,” adding that they show “an arrogant disregard for concerns that elected officials, human rights activists, journalists, and cyber-security experts have repeatedly raised.”
The reverberations from The Pegasus Project have reached far beyond the United States: Israel is reportedly setting up a taskforce to deal with the accusations, the French government is now investigating its cybersecurity, opposition members of Narendra Modi’s government in India have demanded an inquiry into allegations, and Amazon said it would shut down infrastructure linked to the firm.