Israeli police find ‘legally debatable’ use of spyware by investigators

Israel’s national police force has found evidence pointing to improper use of spyware by its own investigators to snoop on Israeli citizens’ phones.

The announcement on Tuesday came two weeks after an Israeli newspaper reported a string of allegations that the police had used the NSO Group’s Pegasus software to surveil protesters, politicians and criminal suspects without authorisation from a judge.

The report caused outrage in Israel and prompted the attorney general and lawmakers to launch investigations.

Last month, police said a preliminary internal investigation had found no evidence of misuse of the controversial spyware. But on Tuesday, the police said a secondary inspection “found additional evidence that changes certain aspects of the state of affairs”. The statement made no mention of NSO, indicating that surveillance products developed by other Israeli firms might be under scrutiny. The company had no comment.

The force’s deputy chief of investigations and intelligence, Yoav Telem, told a parliamentary oversight committee that the inspection had found “anomalies” that meant the legality of some of the police’s information collection was debatable.

These led to the gathering of materials “over which there is a legal debate – whether they are covered by the world of secret monitoring”, a transcript published by the panel quoted him as saying. The police had previously denied the newspaper’s findings and said they operate according to the law.

In light of the police’s findings, Israel’s outgoing attorney general, Avichai Mandelblit, said he had instructed the police “to adopt procedures immediately in order to prevent breach of authority”. Mandelblit, who completed his six-year term on Tuesday, also said he instructed his fact-finding team to submit a report about allegations of unlawful surveillance of civilians by 1 July.

NSO is Israel’s best-known maker of offensive cyberware, but it is far from the only one. Its flagship product, Pegasus, allows operators to infiltrate a target’s mobile phone and gain access to the device’s contents, including messages and contacts, as well as location history.

NSO has faced mounting scrutiny over Pegasus, which has been linked to snooping on human rights activists, journalists and politicians across the globe.

In November, the US Commerce Department blacklisted NSO, along with an Israeli competitor, Candiru, barring the company from using certain US technologies, saying its tools had been used to “conduct transnational repression”.

NSO does not identify its clients but says it sells its products only to state security agencies after receiving approval from Israel’s defence ministry. It says the products are intended to be used against criminals and terrorists and says it has strict safeguards in place to prevent abuses. Still, it says it does not control how its clients use the software and has no knowledge of who is targeted.

NSO says it has cut off several customers after discovering abuses but, comparing itself to other weapons makers, it says it cannot be held responsible for the actions of clients.