The FBI came very close to using commercial spyware to aid in its domestic criminal investigations, the New York Times has reported. The spyware was developed by the NSO Group, the notorious surveillance vendor from Israel whose products have been tied to spying scandals all over the world.
In January, the Times broke the news that the FBI had been considering procuring a surveillance system called “Phantom” from NSO that could reportedly hack any phone in the United States. The tool was a variant of NSO’s more well-known malware Pegasus and had the ability to comprehensively infiltrate mobile devices and monitor their activities. The FBI was reportedly considering using it to use in criminal investigations.
However, no long after the Times initially reported the existence of the potential deal, privacy concerns were raised and the government found itself on the defensive.
At a congressional hearing earlier this year, FBI Director Chris Wray claimed that the government’s contacts with NSO had been part of a “counterintelligence” operation, implying that the bureau had never actually intended to use the spyware tool. Officials made it sound like they were conducting research on how such tools could be used by bad actors but seemed to imply that they, themselves, had no interest in using them. During a different meeting, Wray similarly told congressional leaders that the bureau’s interest in NSO’s tools would allow the government “to be able to figure out how bad guys could use it, for example.”
However, new documents uncovered by the Times seem to suggest that the government was very much interested in using the tools for their own criminal investigations. The documents, retrieved via a Freedom of Information Act request, include a number of internal FBI PowerPoint presentations, created throughout 2020 and 2021, that discuss how the bureau could deploy the hacking tools. Among these, the bureau’s Criminal Investigative Division produced a 25-page memorandum that included “recommendations” for how NSO’s products could be used “under certain specific conditions,” as well as proposed guidelines for district attorneys offices across the country on how to approach the process of criminal discovery for cases involving the tool. The Criminal Investigative Division also prepared a document for Wray on potential use of the tool. The Times reports:
The internal FBI documents and legal briefs submitted on behalf of the bureau give the most complete picture to date of the bureau’s interest in deploying Pegasus. While heavily redacted, the internal documents show that, from late 2020 until the summer of 2021, the FBI had demonstrated a growing interest in potentially using Pegasus to hack the phones of FBI targets in criminal investigations.
Gizmodo reached out to the Justice Department for comment and will update this story if the agency responds.
It had previously been reported that the government had spent close to two years deciding whether it could legally deploy the surveillance product without running afoul of America’s legal and constitutional restrictions. However, controversy surrounding NSO spiked in the middle of last summer with the publication of the “Pegasus Papers,” a journalistic exposé that detailed the degree to which NSO’s tools had been abused by foreign governments to spy on journalists, activists, human rights lawyers, politicians, and many others. Shortly after controversy around NSO exploded, the FBI apparently quit its quest to use the company’s products.
Since then, NSO has been struggling to survive. Not long after the deal with the FBI fell through, the U.S. blacklisted NSO by placing it on the Commerce Department’s “Entity List” — an inventory of foreign firms that have been deemed as working “contrary” to America’s national security interests. Inclusion on the list comes with harsh trade restrictions and reduces the ability of American firms to provide parts and services to listees. Cut off from inflows of investment and critical assets, NSO has struggled financially. A deal by major defence contractor L3Harris Technologies to acquire the spyware vendor fell through this summer after the Biden administration spoke out against the deal.