Victim of private spyware warns it can be used against US

WASHINGTON — Months after her father was lured back to Rwanda under false pretenses and jailed, Carine Kanimba discovered her own phone had been hacked using private spyware. But the FBI has acknowledged buying a license for Pegasus for what it said was “product testing and evaluation only.” While spyware companies make huge profits in the Middle East and Europe, it is American business and investment that “legitimizes what they’re doing,” said John Scott-Railton, senior researcher at Citizen Lab, which has long studied how the programs work. “As long as that remains as a possibility for problematic actors, they’re going to get support from investors.” The committee is pushing U.S. spy agencies to “decisively act against counterintelligence threats posed by foreign commercial spyware,” according to the public version of its latest bill authorizing intelligence activities. The bill, which has not yet been voted on by the full House, proposes that the director of national intelligence “may prohibit” individual U.S. agencies from acquiring or using foreign commercial spyware. But the bill would also allow any intelligence agency chief to seek a waiver from the director if the waiver “is in the national security interest of the United States.” In a statement, NSO Group noted that the discussion over spyware “at times lacks balance intentionally omitting their lifesaving benefits.” “NSO reiterates that it thoroughly investigates any claim for illegal use of its technology by customers, and terminates contracts when illegal use is found,” the company said.