The Israeli police allegedly conducted warrantless phone intercepts of Israeli citizens, including politicians and activists, using the NSO group’s controversial Pegasus spyware, according to an investigation by the Israeli business media site Calcalist.
Among those described as having been targets in the report were local mayors, leaders of political protests against the former prime minister Benjamin Netanyahu, and former government employees.
According to the report, the surveillance was done without the court supervision required for Israeli citizens and without monitoring of how the data was used, a claim denied explicitly by the Israeli police service and a government minister.
A separate report in the Israeli daily Haaretz, based on an invoice seen by the paper, suggested the Israeli police was invoiced by NSO group for 2.7m shekels (£635,000) in 2013, apparently for a basic version of the program.
While numerous reports have emerged over the misuse of Pegasus, which is designed and sold by Israel’s NSO group to foreign governments, the latest claims mark a major departure in suggesting that Israelis were also targeted for interception.
Senior NSO officials have claimed that its software was not authorised for use against Israeli and US telephone numbers. Last July, in an interview with Israel’s Army Radio its CEO, Shalev Hulio, said that his firm “has chosen not to operate against Israeli and American phone numbers”.
The Guardian understands from sources familiar with NSO’s licensing that while that means foreign third-party clients to whom it has sold its software cannot target US and Israeli phone numbers from abroad, an Israeli law enforcement client that purchased the spyware – for instance the police service – would be able to target Israeli phones.
While the report does not mention its sources, it claims that the order to use the spyware was given by senior officers and carried out by police electronic interception specialists.
The claim is highly significant because for the first time it counters assurances given to Israelis that they could not be targeted by Pegasus and would appear to question the understanding that Israelis are protected from warrantless intrusion.
Underlining the implications of the story, the Jerusalem Post commented: “[This] astounding report, if true, would blow gaping holes through a number of NSO, police and potentially state prosecution narratives about the proper balance between collecting evidence and respecting citizens’ privacy rights and court protections from unlawful searches and seizures.”
Under Israeli law, only the country’s domestic intelligence agency, Shin Bet, has the authority to carry out such cell phone hacking without a court order and only then to prevent impending terrorist attacks from either Palestinians, Israeli-Arabs or Israeli-Jews, with the interception requiring approval from a senior Shin Bet official or the attorney general’s office.
The Israeli police service, however, has no such exemption and is required to seek a court order.
According to the report, the police may have justified the use of the spyware via a legal loophole that existed because the technology was not covered by existing laws.
A statement released by the Israeli police service, while denying that it conducted warrantless interception, declined to discuss whether Pegasus had been used for interceptions.
“The Israel police acts according to the authority granted to it by law and when necessary according to court orders and within the rules and regulations set by the responsible bodies,” the statement said.
“The police’s activity in this sector is under constant supervision and inspection of the attorney general of Israel and additional external legal entities.
“Naturally, the police don’t intend to comment on the tools it uses. Nevertheless, we will continue to act in a determined manner with all the means at our disposal, in the physical and online spaces, to fight crime in general, and organised crime in particular, to protect the safety and property of the public.”
A statement from Israel’s public security minister, Omer Barlev, also focused on the issue of warrantless tapping, saying there was “no practice of secretive wiretapping, or intrusion into devices, by the Israeli police without the approval of a judge.”
“At the same time, I intend to ensure that no corners are cut on the subject of NSO and that everything will be checked thoroughly and unequivocally by a judge,” he added.
Among investigations mentioned by the investigation were the use of Pegasus to target a local mayor during a corruption investigation, with the evidence recovered allegedly whitewashed to cover up how it had been obtained.
According to the report the police first acquired the Pegasus software in 2013, which they began using in 2015.
Perhaps most shocking for Israelis will be the claim that among targets were the phones of prominent citizen activists in the “Black Flag” protest, which emerged during a surge of coronavirus cases, an economic crisis and an ongoing corruption trial against Netanyahu.
In a statement released by NSO following publication of the investigation, it reiterated its longstanding claim that it had no input into how its clients used its spyware.
“As a rule, we don’t comment on existing or potential clients. We would like to clarify that the company doesn’t operate the systems held by its clients and isn’t involved in activating them.
“The company’s employees aren’t exposed to targets, aren’t exposed to information about them, and aren’t involved or exposed to our clients’ operational activity or any information relating to the investigations conducted by clients.
“The company sells its products under licence and supervision to be used by national security and law enforcement agencies to prevent crime and terror in a legal manner and according to court orders and the local law of each country.”