The PEGA committee was created earlier this year to investigate claims of the Pegasus spyware being used to violate human rights

NSO Group’s exhibition stand at defense & homeland security expo ISFED, Tel Aviv, 2019. Photo: REUTERS/Keren Manor

Earlier this week, an NSO Group exec landed in the hot seat, having been questioned by PEGA, the European Parliament’s committee of inquiry established to investigate the use of the company’s surveillance spyware Pegasus and other equivalent tools.

According to the Israeli company’s General Counsel and Chief Compliance Officer, Chaim Gelfand, Pegasus is not a mass surveillance tool, but instead targeted to specific individuals under suspicion, similarly to wire-tapping. He added that the spyware cannot impersonate victims and that its data is retained in an audit trail, and also mentioned that according to Israel’s export law, the government must approve Pegasus export licenses.

The committee’s MEPs asked about cases where European governments have admitted to using Pegasus on citizens, as well as about the scoring used to rate countries on their suitability as potential clients, among many other topics.

“Reacting to NSO Group’s description of Pegasus as a tool to fight crime, MEPs requested details on how many crimes have been prevented and how many lives saved through the use of Pegasus,” said the committee’s official statement, which also referred to the questioning as “grilling.”

Gelfand argued that if it is discovered that customer uses Pegasus for purposes other than fighting serious crime and terrorism, the company cancels their licenses. He also said that NSO has determined that Pegasus was not used on French President Emmanuel Macron or murdered Saudi journalist Jamal Khashoggi.

Following the alleged use of the Pegasus spyware against human rights activists, journalists, politicians, diplomats, law enforcement people and other civilians, in March 2022 the European Parliament voted in favor of establishing a new committee of inquiry that would investigate these claims, and whether there has been a breach of EU law and fundamental rights.

Comprise of 38 members, PEGA began working in April, and is expected to submit its following report at the end of 12 months.

As part of its investigation process, the committee established a whistleblowing mechanism, a specific email address that “allows any person who has personal knowledge of it to easily report any misuse of Pegasus and equivalent spyware surveillance software.”