The Defense Ministry imposed new restrictions on the export of cyber warfare tools on Monday following a major international backlash over the use of Israeli-made surveillance software against journalists, activists and political rivals by human rights violators around the world.
This summer, an international consortium of journalists reported that the Israeli firm NSO Group had helped governments spy on dissidents and human rights workers. Last week, Reuters reported that NSO Group’s software had also been used to hack the phones of at least two American State Department workers in Uganda or those specializing in the East African country.
NSO insists its product was meant only to assist countries in fighting serious crime and terrorism. However, due to the broad definitions some countries use for these offenses, the software appears to have been used against a broad range of figures.
Apparently in response to that situation, the Defense Ministry’s Defense Export Control Agency released an updated version of its “end use/user certificate,” a form that must be filled by an Israeli firm looking to sell its products abroad, which more clearly defined what does and does not amount to terrorism and serious crimes, “in order to prevent a blurring of the definitions about this,” the ministry wrote in a statement.
The new form, for instance, explicitly states that “an act of expressing an opinion or criticism… shall not, in and of itself, constitute a Terrorist Act” or a “Serious Crime.”
Terror is generally defined by the ministry as violent activities or threats of violence that are meant to intimidate a population, sway a government to act or not act, or destabilize a country or international organization.
Somewhat more vaguely, serious crimes are defined as any offence for which “the national law imposes a term of imprisonment of 6 years or more.”
The regulations also prevent Israeli systems from being used “to inflict harm on an individual or a group of individuals, merely due to their religion, sex or gender, race, ethnic group, sexual orientation, nationality, country of origin, opinion, political affiliation, age or personal status.”
If these conditions are violated, Israel would have the right to revoke the export license.
However, civil rights attorney Eitay Mack, one of the leading voices in Israel against defense exports to human rights violators, downplayed the significance of this rule change, noting that the form in question is filled out by the firm selling the technology, not the country buying it, the actual end user.
He added that despite the new definitions by the Defense Ministry, “the countries define terrorism and serious crimes as they see fit.”
The Defense Ministry said the new regulations were developed by a joint team from the Defense and Foreign ministries.
Until now, Israel’s law on defense exports has been relatively lax, requiring the Defense Ministry to make “considerations regarding the end user or the end use,” but not expressly forbidding arms sales to human rights violators. Only a United Nations Security Council arms embargo, which is exceedingly rare, can force the Defense Ministry to block a deal. In all other cases, political and diplomatic expediency can outweigh human rights concerns.
NSO Group’s Pegasus software is considered one of the world’s most powerful cyber surveillance tools, giving operators the ability to effectively take full control of a target’s phone, download all data from the device, or activate its camera or microphone without the user knowing.
In light of Pegasus’s reported use by human rights violators, the Israeli firm was recently blacklisted by the US Commerce Department, making it harder for US firms to do business with it.
Last week, Apple also announced that it was suing the NSO Group for targeting the users of its devices, saying the firm at the center of the Pegasus surveillance scandal needs to be held accountable.