Key Democrat warns of major security risk if US firm acquires NSO hacking code

An influential Democratic lawmaker has said any deal by a US company to acquire NSO Group’s surveillance technology would pose a serious national security risk, and suggested that any intercepts obtained with the software by US intelligence agencies would end up in Israeli hands.

The remarks by Senator Ron Wyden of Oregon, who chairs the finance committee and is known for being a strong supporter of privacy rights and a critic of government-sanctioned spying, come after the Guardian and media partners reported that the US defence contractor L3Harris was in talks to acquire NSO’s hacking technology.

People familiar with the talks have said that any acquisition of NSO’s controversial hacking tools – which are alleged to have been used by NSO’s government clients to commit human rights abuses – would mean that the spying tools would only be permitted to be used by US agencies and close American allies: the UK, New Zealand, Canada, Australia and possibly some Nato countries.

Wyden said in a statement to the Guardian: “If the US plans on using foreign-made surveillance technology, it might as well bcc the country that produces it on every intercept. It’s a serious national security risk, similar to the concerns associated with using foreign communications technology. The White House is right to raise concerns about this deal.”

NSO was placed on a blacklist by the Biden administration last November, after the commerce department found that the company’s activities had acted contrary to the interest of the US. The Guardian and other media partners have reported on dozens of cases in which NSO’s powerful hacking tools – which can hack into any phone and remotely control them – have been used by some government clients to target activists, journalists, lawyers, government officials and businesspeople. NSO has said clients are only supposed to use its technology to target serious criminals, and that it investigates credible allegations of abuse.

A person close to the talks between L3 and NSO has said a number of issues have yet to be resolved in the negotiations, including the price of the possible deal, whether the technology would be housed in the US or Israel, and whether Israel would be able to use NSO’s technology as a client.

NSO did not respond to a request for comment. L3 did not comment.

An L3 spokesperson said earlier this week, in response to questions about the talks: “We are aware of the capability and we are constantly evaluating our customers’ national security needs. At this point, anything beyond that is speculation.”

Wyden’s comments point to a persistent concern among some countries that have weighed using NSO’s hacking software. Current and former US intelligence officials have said that there was a presumption that Israel had some access – via a “backdoor” – to intelligence unearthed via such surveillance tools.

But NSO has previously strongly denied that the company has any special access to the intelligence.

In a previous statement, NSO has said: “NSO Group is a private company. It is not a ‘tool of Israeli diplomacy’; it is not a backdoor for Israeli intelligence; and it does not take direction from any government leader.”

A senior White House official expressed grave concerns about any possible acquisition of NSO technology by a US contractor, saying the deal raised national security concerns.

NSO is also being sued by WhatsApp, the popular messaging app owned by Facebook, and Apple. Any move to sell the company’s technology – or code – to a US company would not automatically mean that those cases would be closed or that the company would be removed from the blacklist.