Biden intelligence adviser previously vetted deals for Israeli NSO Group
A former senior CIA official who was recently appointed by
Joe Biden to an intelligence advisory board previously served as a key adviser
to NSO
Group, where he vetted deals for the Israeli spyware company and voted on
whether sales of the controversial hacking tools could proceed.
Jeremy Bash served on NSO’s business ethics committee (BEC),
where he was instrumental in giving advice to the company on whether proposed
sales by the Israeli group to specific foreign government clients would be seen
as acceptable to the US government, multiple sources familiar with the matter
said.
Bash is believed to have served as an adviser to NSO, through
a parent company called Q Cyber, from about 2017 to 2020, but his firm declined
to confirm the dates. He had previously worked as a chief of staff at the CIA and the US
Department of Defense under Leon Panetta.
Bash’s role on the BEC gave him a vote on whether proposed
sales of NSO’s powerful spyware to particular foreign government agencies
should proceed.
When NSO’s spyware, called Pegasus, is successfully deployed
against a target, it can hack a phone without a user’s knowledge, listen to
phone calls, track encrypted messages on apps such as Signal and WhatsApp, and
monitor a user’s location. It can also turn a phone into a listening device by
remotely controlling a phone user’s microphone and camera.
Researchers at the Citizen Lab at the University of Toronto
and Amnesty International’s security lab have documented dozens of cases of the
spyware being used to target and hack dissidents, journalists, political
opponents and lawyers.
NSO does not publish the identities of its government
clients but the Guardian and others have reported on the hacking software being
used extensively in the past in countries such as Mexico, India, Saudi Arabia,
the UAE, and Rwanda.
A spokesperson for Bash’s company, Beacon Global Strategies,
which was the entity hired to advise NSO, declined to comment on which foreign
government agencies he vetted in his role on the BEC. However, they said the
firm had “strongly advised” NSO “not to do business in Saudi Arabia”.
Bash’s new role advising the White House could prove awkward
for the Biden administration, which placed NSO on a US blacklist in November
2021 after concluding the company had developed and supplied spyware to foreign
governments that used the tools to “maliciously target government officials,
journalists, businesspeople, activists, academics, and embassy workers”.
The administration also said NSO had engaged in “activities
that are contrary to the national security or foreign policy interests of the
United States.” NSO said at the time it was dismayed by the ruling and that it
would advocate for it to be overturned.
Relatively little has been reported about Bash’s advisory
work for NSO, where he was viewed as a trusted US insider who could
ensure that the company was not making decisions that would run afoul of the US
government.
Bash co-founded Beacon Global Strategies in 2013 after
working for Panetta and earlier serving as counsel to the now-retired
congresswoman Jane Harman when she was the head of the House permanent select
committee on intelligence.
People who know Bash say the former official, who is a
lawyer, is “whip smart” and highly regarded for having served as chief of staff
to Panetta at CIA when the US found
and killed Osama bin Laden, the mastermind behind the September 11 attacks.
Two people with direct knowledge of the matter said Bash’s
firm was initially hired to advise NSO through the company’s then owner, a US
investment firm called Francisco Partners.
He was one of about eight members of the BEC, who would vet
highly confidential requests from government agencies to buy a licence to
access Pegasus. The identity of the members of the BEC was also a tightly held
secret.
Bash declined to respond to specific questions about his
role on the BEC. Ashley Barry, a spokesperson for Beacon Global Strategies,
said Bash had “long believed that the technology at issue must be regulated by
export controls and by the establishment of international rules of the road
that the United States should lead”.
She said Beacon Global Strategies had stopped working with
NSO after the company “reversed course” and pursued deals with Saudi Arabia
after the firm had “strongly advised” NSO not to do business with the kingdom.
“We quit when they didn’t follow our advice. We haven’t conducted any work for
that company since then – nearly four years ago,” Barry said.
She emphasised that Bash’s work for NSO was under the
auspices of BGS. “All of the work that individual BGS employees – including Mr
Bash – performed for this client was done under the umbrella of our firm’s work
for that client.”
One person with close knowledge of the matter said that,
under Francisco Partners, the BEC was a management committee that had the “last
word” on any sale of the hacking tool to foreign government clients, after
those sales had already been vetted by Israel. Decisions by the committee had
to be unanimous and could not be overridden, the person said.
Bash also appears to have participated in at least one
meeting with a prospective investor in which they say he vouched for NSO’s
vetting process. In a 2019 email seen by the Guardian, an employee from
Jefferies Group, a financial services company, described to a colleague how he
had met Bash in connection to a possible investment in NSO.
He described how his firm’s investment committee had become
“comfortable” with the idea of an investment after being convinced that there
were “painstaking layers of approvals and consequences of misuse” on the
technology.
“We deliberately asked BEC member Jeremy Bash to participate
in the bank meeting where he highlighted NSO’s extensive vetting process,” the
Jefferies Group employee wrote, while also noting that he felt particularly
convinced by the fact that the BEC had a “unanimous vote requirement”.
“In the end, the credibility of Jeremy, the US/UK/Israel
alliance built into NSO’s process got us comfortable,” he said. The Jefferies
Group declined to comment.
Another person familiar with the matter said the BEC had the
power to in effect rule out sales of NSO’s technology because every member of
the committee had a veto right. They said Bash was seen as the right person for
the job because of his US government background. “He was an expert of the
American policy, that’s why we took him,” the person said.
The BEC was ultimately unwound after another private equity
company, called Novalpina, acquired NSO and revamped its ethics policies.
Bash was appointed by Biden to the president’s intelligence
advisory board in August. The board is described as an independent body within
the executive office of the president, which exists to provide the president
“with an independent source of advice on the effectiveness with which the
intelligence community is meeting the nation’s intelligence needs”.
Ron Deibert, the founder of the Citizen Lab at the
University of Toronto, which has reported extensively on abuse of NSO spyware
by its government clients, said the Biden administration should not be
rewarding a former adviser to the disgraced firm if it “wants to send a serious
message to the world about cracking down on mercenary spyware abuses”. Deibert
has called NSO “one of the worst offenders in the industry”.
The spokesperson from Bash’s firm called Deibert’s criticism
“absurd” and “false” since Deibert “does not know the substance of the advice
we provided”.
A White House spokesperson said members of the president’s
intelligence advisory board “have not and will not” be involved in any way in
the administration’s policy process on commercial spyware. A national security
strategy, released last week by the administration, vowed to counter the
“illegitimate use of technology”, including commercial spyware.
NSO has said that its hacking software is meant to be used
only by government clients to stop serious crime such as terrorism. It has also
said it investigates cases of misuse by clients. NSO did not respond to a
request for comment.
Comments
Post a Comment