Coronavirus: Israeli spyware firm pitches to be Covid-19 saviour

  • Published
NSO GroupImage source, Getty Images

A controversial Israeli cyber-security company is marketing software that uses mobile phone data to monitor and predict the spread of the coronavirus.

NSO Group says it is in talks with governments around the world, and claims some are already testing it.

The surveillance software-maker is being sued by WhatsApp for allegedly sending malware to the phones of human rights activists and journalists.

The company also faces a lawsuit in which it is accused of supplying software to the Saudi government, which the country is said to have used to spy on the journalist Jamal Khashoggi before his murder.

Last year, NSO responded to that claim by saying that its products were "licensed for the sole use of providing governments and law enforcement agencies the ability to lawfully fight terrorism and crime".

But now, it is pitching its tools as a means to help better understand how coronavirus is spreading.

"The software is here to solve a global pandemic," a spokesman told the BBC.

"This is about giving governments the ability to understand the situation they're facing and make informed decisions. It's a really powerful piece of software."

NSO says its employees will not have access to any data, but its software will work best if a government asks local mobile phone operators to provide the records of every subscriber in the country.

Each person known to be infected with Covid-19 could then be tracked, with the people they had met and the places they had visited, even before showing symptoms, plotted on a map.

Image source, Twitter
Image caption,
Israel's defence minister tweeted this image of NSO's user interface last week

But John Scott Railton, of the Toronto-based privacy watchdog Citizen Lab, said governments would be foolish to use the system.

"The last thing that we need is a secretive company claiming to solve a pandemic while refusing to say who its clients are," he said.

Cluster forecasts

NSO gave the BBC a demonstration of how its system works, via a video conference link.

A heat map of Israel showed hotspots where there were a high number of cases of the virus.

Zooming in, individual phones of people with the infection were mapped, and represented by an anonymised ID number. Details were also shown of other phones they had encountered and the relevant times and locations.

The engineer demonstrating the system said that it could be used to:

  • predict where the next cluster of cases was likely to be
  • when to move ventilators to hospitals most in need
  • when to allow certain regions of a country to come out of quarantine

NSO said a number of governments around the world were piloting the system, but would not reveal their identity or whether any of them had started using it in the field.

A spokesman added that the firm had made it a requirement that the authorities involved were operating in compliance with Europe's GDPR privacy law or their own data protection rules.

Software requiring mobile networks to hand over customer data represents a very different approach from the contact-tracing apps being considered in the UK and many other European countries.

Such apps, would use a phone's Bluetooth connection to alert users if they had been in contact with someone infected with the virus, and would almost certainly be voluntary to download.

Citizen Lab previously investigated NSO's Pegasus software. It found evidence that it had been secretly installed on the phones of journalists and dissidents in countries from Mexico to the Middle East.

"NSO has shown that it is uniquely capable of damaging public trust," said Mr Railton.

"I can't think of a better brand name to make citizens nervous about a governmental tracking effort."

There has been controversy in Israel over a separate project which could see its defence ministry work with NSO Group to assess the likelihood that individual citizens might spread the coronavirus.

Defence minister Naftali Bennet proposed giving NSO access to highly sensitive data about citizens collected by the Shin Bet security services. But Israeli lawmakers attacked the plan, warning that handing data to a private company raised serious concerns.