Ranking Member Jim Jordan (R-OH) and Constitution Subcommittee Ranking Member Mike Johnson (R-LA) just sent a letter to Apple CEO Tim Cook and FBI Director Christopher Wray requesting information about the use of spyware that allows a malicious actor to access a victim's mobile device without any input from the victim. Jordan and Johnson are examining the FBI’s reported acquisition, testing, and use of this spyware, and potential civil liberty implications of its use against U.S. persons.
Read the letter to Apple:
"The NSO Group, an Israeli software company, gained widespread notoriety in 2021 after several media organizations published allegations that one of its products—named 'Pegasus'—had been used by foreign governments to surveil dissidents, journalists, U.S. officials, and others. Pegasus is a spyware tool that allows an operator to compromise a target’s mobile device without requiring any input from the target. After compromising a device, the operator can retrieve data on the device, track the device’s location, and commandeer the device’s camera and microphone.
As part of the allegations in 2021, media outlets reported that Pegasus was incapable of compromising mobile devices with U.S. phone numbers. However, on January 28, 2022, the New York Times reported that the NSO Group has made a version of Pegasus capable of targeting U.S. mobile devices, called 'Phantom.' This same report alleged that the Federal Bureau of Investigation had acquired access to NSO Group spyware in 2019, tested it, and retains the hardware necessary to use it. The FBI has since acknowledged that it acquired and tested NSO Group spyware.
Reporting by media outlets and Apple’s own public statements indicate that Apple is able to ascertain when the user of an Apple device has been targeted by Pegasus. The Committee is examining the FBI’s acquisition, testing, and use of NSO’s spyware, and potential civil liberty implications of the use of Pegasus or Phantom against U.S. persons. To assist the Committee in conducting this investigation, please provide the following information:
1. Apple’s ability to detect when a user of an Apple device has been targeted by Pegasus or Phantom;
2. The number of attacks using Pegasus or Phantom that Apple has detected, the dates of those attacks, the geographical regions in which Apple detected those attacks, and any other relevant information about those attacks; and
3. A staff level briefing about Apple’s communications, if any, with representatives of the Justice Department, Federal Bureau of Investigation, or any other U.S. Government entity about Pegasus or Phantom."
Excerpts from the letter to the FBI:
"Although the FBI has stated that it 'procured a limited license for product testing and evaluation only' and that '[t]here was no operational use in support of any investigation,' the FBI reportedly had an active software license for NSO’s spyware for approximately two years and paid the NSO Group approximately $5 million. During this period, lawyers at the FBI and Department of Justice debated the legality of using Phantom on domestic targets and 'NSO engineers were in frequent contact with F.B.I. employees, asking about the various technological details that could change the legal implications of an attack.'
In light of the FBI’s repeated failure to adhere to safeguards on its use of Foreign Intelligence Surveillance Act authorities, and the FBI’s spying on protected First Amendment activities during the campaign of President Donald Trump, the FBI acquiring yet another tool to spy on Americans is deeply troubling and presents significant risks to the civil liberties of U.S. persons. To assist the Committee in conducting oversight of the FBI’s acquisition, testing, and use of NSO Group spyware, please provide the following documents and information:
1. All documents and communications between or among the FBI and the NSO Group, Westbridge Technologies, or any other NSO Group affiliate or subsidiary referring or relating to the FBI’s acquisition, testing, or use of NSO Group spyware;
2. All documents and communications referring or relating to the FBI’s decision to acquire NSO Group spyware; and
3. All documents and communications referring or relating to the FBI’s or Justice Department’s assessment of the legality of using Phantom against domestic targets."
Read the full letters
here.
