The U.S. Commerce Department dropped a bomb Wednesday when it added two Israeli companies, the NSO Group and Candiru, to its Entity List for activities contrary to the United States’ national security or foreign policy interests.
“NSO Group and Candiru (Israel) were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers,” the department stated. “These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”
The decision means that the two companies will have to receive a special license to do business in the United States, but it will also be difficult for them to use any American services, from accounting software to cloud-based services. Moreover, it is unclear whether they will even be able to receive such a license.
The announcement follows on the heels of the Pegasus Project, a series of investigative reports that exposed the use of NSO’s cyberattack tools worldwide for illegitimate purposes, such as surveillance of journalists and human rights activists. Time after time, NSO has denied the reports’ findings – but Western intelligence agencies gradually have joined in confirming the findings, including the French and Belgians. The weighty Commerce Department decision follows an investigation by U.S. authorities.
Consequently, NSO can no longer claim “not a single scrap of evidence” has been found regarding its actions; the burden of proof is now on the company. Moreover, the new restrictions may start snowballing and lead to the end of NSO – at least in the form we now know it.
Even before the decision was announced, NSO was a company in crisis. The ownership partnership had fallen apart because of disagreements within the private equity fund owning it, and NSO was looking for new ownership, possibly through raising new capital or via an initial public stock offering. These two options now look impossible. What investment fund would want to touch this ailing asset? And in any case, American institutions are pretty much blocked from doing so. What stock market would accept NSO and what financial institution would risk its clients’ money? Even access to bank credit has become a challenge. “The minute the United States designates a specific company as unacceptable, American authorities and companies, including banks, are forbidden from being in contact with them,” explained Israeli human rights lawyer Eitay Mack. “This means that foreign companies and countries that want to preserve their business or diplomatic connections with entities in America must obey the sanctions.”
We should also remember that NSO’s financial state is shaky. It received a corporate debt downgrade and negative outlook from the Moody’s rating agency in May, even before the Pegasus investigations were published and the Commerce Department’s decision. Since then, NSO has been forced to stop working with many of its customers, mostly in the developing world, because of the abuse of the software’s capabilities – which the investigations exposed. For example, Dubai’s accounts were shut down because of illegal surveillance of the ex-wife of the country’s ruler, while she was in London.
NSO blacklisting shows Israel’s cyber diplomacy is a double-edged sword
U.S. says won’t take action against Israel after blacklisting Israeli spyware firms NSO, Candiru
How Israeli spy-tech became dictators’ weapon of choice
At the same time, a number of Western governments – led by France – have protested the use of Pegasus against their citizens, which has led the company to limit the surveillance capabilities of its software for phone numbers in all the Five Eyes intelligence alliance of New Zealand, Australia, United States, Canada and United Kingdom. The revenue stream from the United States is bound to dry up almost immediately.
So, NSO is under heavy financial pressure and at the same time is losing customers and reducing the capabilities of its products. How long can this situation continue?
Another aspect concerns the employees. High-tech workers, a critical resource, are in short supply. NSO depends on the exceptional talents in cybersecurity – people who can find weaknesses in Android and IOS. But will NSO’s employees still feel comfortable working for the company after the leader of the free world has branded it as an outcast? Who wants trouble when they try to enter the United States? It is almost certain that a number of employees will abandon ship, and they will not have any trouble finding work elsewhere, work without the same ethical dilemmas. Recruiting new employees will be difficult to impossible. To add to its troubles, NSO is continuing to fight a lawsuit from Facebook.
So what can NSO do? It has a few options.
First, it can gradually switch to other products that are not offensive cyber tools, such as its drone operations and analytic systems. Recently, NSO announced its intentions of developing defensive cyber products. It’s not simple, and it takes time, but it is possible.
A second possibility is to try and regain legitimacy by getting itself sold to a company like the state-owned Rafael Advanced Defense Systems, Israel Aerospace Industries or Elbit Systems. In the past, Verint wanted to buy NSO.
A third option, though a bit unrealistic, is to search for a non-Western investor, a Russian oligarch or Gulf oil sheikh – but such a deal would make it hard to receive regulatory approval from the relevant Israeli authorities. And to top it off, we should remember that this new woe has fallen on the shoulders of the company’s new CEO, Isaac Benbenisti, who started his job just this week. All we can do is wish him the best.
English
Arabic
Chinese (Simplified)
Dutch
French
German
Italian
Portuguese
Russian
Spanish