The NSO Group logo is shown on a smartphone on May 4, 2022. In August 2022, CPJ joined letters urging the U.S. government to hold NSO Group accountable on spyware. (Reuters/Dado Ruvic/Illustration)

CPJ joins letters urging U.S. government to hold NSO Group accountable on spyware

The Committee to Protect Journalists joined human rights and press freedom organizations in separate actions in August urging the United States government to hold NSO Group accountable for providing Pegasus spyware to governments that have used the tool to secretly surveil journalists around the world.

In a joint letter to Acting Solicitor General Brian Fletcher on August 3, the groups argued that Israeli-owned NSO Group should not enjoy sovereign immunity. The letter concerns a lawsuit WhatsApp and its parent Facebook, now called Meta Platforms Inc., filed in October 2019 alleging NSO Group used WhatsApp’s servers to deliver Pegasus spyware to the devices of more than 1,400 users. NSO Group says it only licenses its Pegasus spyware to government agencies investigating crime and terrorism and claims that it should avoid accountability in U.S. courts because it acted as an agent of foreign governments under the doctrine of sovereign immunity.

In December 2020, CPJ joined an amicus brief to the U.S. Federal 9th Circuit Court urging the court to reject this argument. Following an appeal by NSO Group, in June 2022 the U.S. Supreme Court asked the solicitor general to file a brief regarding whether it should grant NSO Group’s petition for sovereign immunity.

As our letter argues, “The impact of such a finding would be that U.S. persons, including U.S.-based technology companies, on whose technologies civil society and regular users depend on across the world, and who are entitled to the protection of American laws, would be left without an effective remedy and unfettered violations of citizens’ right to privacy would be rampant.” You can read the full letter here.

In a second letter, sent Wednesday, August 23, to Secretary of Commerce Gina M. Raimondo, CPJ joined other groups in urging the Biden administration to keep NSO Group on the Entity List for Malicious Cyber Activities. The Entity List is a tool used by the Department of Commerce’s Bureau of Industry and Security to limit a designee’s access to U.S. exports. NSO was added to this list in November 2021, but reporting suggests both NSO and the Israeli government are lobbying to have the company removed. The joint letter details reporting about the use of Pegasus against journalists and activists since the original listing.

“The evidence of the use of Pegasus spyware against human rights defenders, journalists, opposition parties, and state officials by repressive regimes continues to mount, contrary to NSO Group’s claim that their spyware is used as a tool for investigating criminal activity and terrorism,” the letter states. You can read the full letter here.