Washington, D.C., November 3, 2021 — The Committee to Protect Journalists welcomes the U.S. Department of Commerce’s addition of the Israel-based technology company NSO Group to the Entity List for Malicious Cyber Activities today.
“CPJ welcomes the Department of Commerce’s decision to impose export controls on NSO Group for developing and supplying Pegasus spyware to foreign governments that maliciously used the technology to target journalists,” said CPJ Program Director Carlos Martinez de la Serna. “We hope this first step in export control is a move toward greater global oversight and transparency around the export and use of spyware by governments.”
CPJ has reported extensively on the use of spyware to target journalists.
Inclusion on the list limits U.S. entities from supplying the company, which makes it harder for U.S. researchers to deliver security vulnerabilities like those allegedly used to install Pegasus in the past, according to Reuters. NSO has said it sells only to vetted government and law enforcement agencies. In an email to CPJ received after publication and attributed to an NSO spokesperson, the company said: “NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed. We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products.”
Editor’s note: The final paragraph has been updated with a comment from the NSO Group.