Israel’s hi-tech sector, and in in particular local expertise in the field of cyber security, is a source of pride for the nation. So what do Israelis think of the current hubbub surrounding the Pegasus spyware program that has painted the Jewish state in such a bad light?
Let’s get some details out of the way first:
- Israeli hi-tech firm NSO developed a spyware platform called Pegasus that’s capable of using the microphone, camera and GPS of any mobile phone on which the user clicks a seemingly innocent link (sent either via mail or messenger). All the user’s data and movements are then accessible to the person or agency performing the hack;
- Years ago, Israel’s Ministry of Defense (MoD) classified Pegasus as a “weapon,” and therefore any sales to foreign third parties require explicit MoD approval;
- NSO’s clients are almost exclusively governments and government agencies;
- Pegasus and similar programs developed by other firms, both Israeli and foreign, are intended for use against terrorists and organized crime;
- It was recently revealed that a number of NSO’s clients, including India, Mexico, Hungary and other foreign nations had, in addition to legitimate usage, abused Pegasus to spy on, harass and silence some 50,000 journalists and dissident political activists.
One important thing to stress is that Pegasus and similar programs have indeed been used to fight terror, organized crime, pedophilia, child abduction and human trafficking. The ability of bad actors to plan, communicate and perpetrate such crimes from the shadows necessitates advanced means of finding and monitoring them without their knowledge.
But like any tool, and certainly any weapon, Pegasus can and is misused and abused. When a foreign entity misuses the spyware, is NSO responsible? Is Israel’s Ministry of Defense responsible? In that same vein, should the Pentagon and Lockheed Martin be held responsible when an F-16 sold to a foreign nation is later used to attack civilians?
Though there are differences between physical and cyber weapons.
“When you sell a missile or a drone to a foreign country, you know more or less who will be using it and in what way. It’s different with cyber weapons. There are many points in which you lose control or the ability to monitor the weapon’s use,” explained Israel Channel 12 military correspondent Nir Davori.
For that reason, all of NSO’s foreign clients are required to sign contracts barring them from making illegal use of Pegasus, in particular any use that would violate human rights.
“In recent years, NSO has cancelled contracts with at least five countries that demonstrably misused Pegasus in violation of the export agreement approved by the Israel Ministry of Defense, and then cut off their access to the platform,” Davor continued.
But, the Israeli journalist explained in a Channel 12 podcast, “Israel is in a dilemma. Are you going to go head-to-head in this way with a country like India (one of those exposed in the recent Pegasus leak), which is a major military trading partner of Israel? Are you going to risk losing billions in other military contracts?”
Saudi Arabia is another problematic example pointed out by Davori. The Saudi’s are interested in closer cooperation with Israel, and that relationship is of critical strategic importance to the Jewish state. But as part of the deal, the Saudis wanted Pegasus. And Israel knew there was a good chance they’d abuse it, but had to make a decision for the greater good of Israel’s strategic interests.
“We need to kind of ask ourselves and our leaders if this is the kind of technology and weapons we want to export,” said Omer Benjakob, the tech and cyber editor for the Israeli newspaper Ha’aretz. “I hope that this will cause Israelis to ask what is the price of our forging ties in the Gulf area, for example? Or what is the price of our ties to India, and who pays that price?”
In his remarks to the Jerusalem Press Club, Benjakob acknowledged that the Israel Ministry of Defense regulates the export of Pegasus and other cyber weapons, but wondered whether or not this regulation is “fully functioning.”
May Brooks-Kempler, a local cyber security authority, suggested in the same press briefing that the story of NSO and Pegasus was being somewhat overblown in the international press. Indeed, a number of international publications have come together to conduct “The Pegasus Project” to investigate the phenomenon of Israeli spyware, as if the Jewish state is the only country that produces such software.
“All phones are tracked to some degree. And in most cases, we let them be tracked. When we use social media, we agree to have all our major data tracked by other companies with very clear interests. In that case, it will be for marketing purposes,” explained Brooks-Kempler. “In the case of NSO, and other spying companies, say an intelligence company, the basic idea is to gain enough knowledge, enough intelligence, to prevent terror attacks, to prevent human trafficking, to prevent fraud, and things like that. So it wasn’t created with malicious intent.”
The same is true of the clients using Pegasus. “In general, they use it mostly to do good,” stressed Brooks-Kempler. “But like any other military or dual use technology, it can be used for good or for bad.”
She insisted that “there are positive sides to using these spyware technologies. So I’m not sure that we don’t want it to exist.”
There are undoubtedly positives sides to this spyware, like stopping terror and major crimes. So that begs the question, would Israelis want Pegasus on their phones?
Early in the Corona crisis, then-Defense Minister Naftali Bennett suggested hiring NSO to use a similar platform it had developed to determine the probability of an average citizen becoming infected based on their movement and contacts. The system was designed to collect unspecified data from a citizen’s mobile phone and assign every Israeli an “infection rating” on a scale of 1 to 10.
A media and public uproar quickly put that idea to rest, though the authorities did track the mobile phones of anyone who had been ordered into quarantine. Israelis simply weren’t ready to surrender their privacy to that degree, even if they take pride in the hi-tech firms and cyber prodigies who develop these technologies.
But as Brooks-Kempler stated, aren’t we doing something similar when we allow tech giants like Google or Facebook to track our movements, both online and in the physical world, for the sake of tailored advertising?
Of course, there are red lines that can and have been crossed. Harassing a journalist or eliminating a political dissident is not the same thing as pestering me with a popup ad for a product that Facebook, via my mobile phone’s microphone, heard me mention to my wife the previous evening.
The bottom line is that we are all being watched. We are all being monitored, for a myriad of reasons. And like in most other fields, especially those related to technology, Israelis just happen to excel at it.