NSO Group, the controversial Israeli firm specializing in government spyware, published a new transparency report on Wednesday amid a campaign to regain access to the U.S. market. The report highlights the company’s commitment to human rights and accountability, but critics say it lacks the concrete details offered in previous disclosures. This comes as NSO undergoes significant internal changes, including new leadership and financial backing, all while facing scrutiny over allegations of misuse of its technology.
The release of the report follows a recent shift in ownership and personnel, coinciding with renewed lobbying efforts aimed at removing NSO Group from the U.S. Entity List – a designation that severely restricts its ability to do business with American companies. While the document outlines a desire for a more responsible approach to its business, it offers little verifiable evidence to support these claims, raising skepticism among digital rights advocates.
The Push for U.S. Market Access and the Controversy Surrounding NSO Spyware
NSO Group has long been a target of criticism over the alleged use of its Pegasus spyware to target journalists, activists, and political dissidents. The company maintains that its tools are intended for use against terrorists and criminals, and that it has implemented safeguards to prevent abuse. However, investigative reports by organizations like Citizen Lab have documented numerous instances of misuse.
Last year, a group of U.S. investors acquired NSO Group, leading to the appointment of former Trump administration official David Friedman as executive chairman. Both CEO Yaron Shohat and founder Omri Lavie have since departed the company, signaling a broader restructuring. Friedman stated in the report that when used appropriately, NSO’s products enhance global security.
Shifting Leadership and Transparency Efforts
According to Natalia Krapiva, senior tech-legal counsel at Access Now, the timing of the report is clearly related to NSO’s desire to be removed from the U.S. Entity List. “Changing the leadership is one part and this transparency report is another,” she said, but cautioned that past experience with similar efforts by NSO and other surveillance technology firms suggests a pattern of superficial changes without a corresponding reduction in abuse.
Krapiva expressed concerns that the report is merely “window dressing” and urged the U.S. government to remain vigilant. The Biden administration initially added NSO to the Entity List, citing concerns about its technology being used for malicious purposes, and lobbying efforts to reverse that decision have so far been unsuccessful.
Meanwhile, the Trump administration lifted sanctions on three executives connected to Intellexa, a spyware consortium, in December, a move that some observers interpreted as a potential softening of the U.S. stance on these companies.
A Reduction in Detail in the Latest Transparency Report
Notably, this year’s transparency report contains fewer specific details compared to previous versions. For example, the 2024 report disclosed three investigations into potential misuse, resulting in the termination of one customer and remediation measures for another. It also reported rejecting $20 million in business due to human rights concerns.
Prior reports detailed even more concrete actions. The 2022-2023 report stated the company suspended or terminated six government customers, leading to a $57 million revenue loss, and the 2021 report indicated the disconnection of five customers and the discontinuation of engagements with another five, totaling over $100 million in lost revenue.
The current report, however, omits key figures, such as the total number of NSO customers, a statistic previously included in its disclosures. When asked by TechCrunch to provide these figures, NSO spokesperson Gil Lanier did not respond.
John Scott-Railton, a senior researcher at The Citizen Lab, criticized the document for its lack of verifiable information. “I was expecting information, numbers,” Scott-Railton stated. “Nothing in this document allows outsiders to verify NSO’s claims, which is business as usual.”
The current climate also includes scrutiny related to export controls on cybersecurity tools and the implications for national security and human rights. The debate continues over the balance between allowing governments to access powerful surveillance capabilities for legitimate law enforcement purposes and protecting individuals from potential abuse.
The U.S. government is expected to review NSO’s status on the Entity List in the coming months. The extent to which the company’s transparency efforts – and its broader internal restructuring – influence that decision remains to be seen. Continued pressure from digital rights organizations and further scrutiny of NSO’s customer base are likely to play a role in the upcoming assessment, and any further developments in the Intellexa sanctions case will also be relevant to the outcome.
