NSO issued a statement today, saying two things: 1) Pegasus wasn't involved in Jamal Khashoggi's murder, and 2) it doesn't have visibility into what customers do or who they target with Pegasus.
These two statement seem to be in conflict. Statement here: nsogroup.com/Newses/followi…
These two statement seem to be in conflict. Statement here: nsogroup.com/Newses/followi…
I asked NSO for clarification (via Mercury, its London-based crisis communications PR firm). Note the key line here: "If we determine misuse." I asked how it determines that without visibility into its customers' data. NSO basically said, "go read our transparency report."
Questions remain: I asked & was referred to the report:
• How would NSO "determine misuse" exactly?
• What evidence does NSO have that its technology was not used to target Khashoggi?
• Does NSO accept it may not have all the evidence to make a conclusive assessment?
• How would NSO "determine misuse" exactly?
• What evidence does NSO have that its technology was not used to target Khashoggi?
• Does NSO accept it may not have all the evidence to make a conclusive assessment?
NSO's transparency report, which I was referred to, says very little about how NSO actually identifies abuse. It can't see customer logs "unless that access is granted by the customer," the report says. It says later it collects data through "direct engagement with customers."
It sounds like NSO only knows of abuse when it's told by a customer (which is not likely given the customer) or when NSO learns of it, probably through public reports like from Forbidden Stories & Amnesty et al, which NSO also says "has no factual basis."
NSO may well have zero visibility into who its customers target. (Can you imagine how much legal risk it would face if it did?) But per the Times, NSO knows that Pegasus can be (and has been) abused. NSO can't plead ignorance to what it already knows. /END
nytimes.com/2021/07/17/wor…
nytimes.com/2021/07/17/wor…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
