Israel’s leading malware purveyor is pitching in to help with the pandemic. NSO Group — which has pitched its spy tools to a number of questionable governments — is trying to help track the spread of the virus with its proprietary surveillance tool.
This would be the third effort by the country to keep tabs on the disease, starting with the Israeli government’s authorization of the use of phone/location data to monitor infected individuals. There’s also a more voluntary effort, created by the country’s Ministry of Health, that allows users to “check in” by providing data about where they’ve been and whether or not they’ve tested positive for the disease.
But it’s NSO’s spyware that’s the most worrying. Motherboard was able to observe the software in action and Lorenzo Franceschi-Bicchierai reports it’s a pretty scary piece of spycraft.
The spyware company has adapted the user interface and analytical tool that they already had developed to be used alongside its powerful malware known as Pegasus, which can hack into mobile phones and extract data like photos, messages, and phone calls, from them. NSO is not collecting location data from phones. It only provides the software to governments, which then get the location data from telecom companies and ingest it within the software, according to the source.
At least NSO isn’t injecting itself into users’ phones, but that’s about the only positive thing that can be said about it. The software — code named Fleming — takes this data and creates heat maps showing people’s movements: where they go, how long they stay, and who they come in contact with. Sure, the data is anonymized, but that’s a dodge. Anonymized data can be de-anonymized with very little effort. But with NSO’s offering, de-anonymization is just another bullet point on the feature list.
With the goal of protecting people’s privacy, the tool tracks citizens by assigning them random IDs, which the government—when needed—can de-anonymize, the source explained.
With NSO on board, the Israeli government is looking towards a more China-esque management of the country’s citizens. China has “citizen scores.” Israelis will now be tagged with health scores.
On Monday, Israel’s Defense Minister Naftali Bennett tweeted that the Israeli government is working on “world-leading” AI system that will give every citizen a grade between 1 and 10 to determine how likely they are to spread the coronavirus and if they need to be tested, but that it hasn’t gotten all the necessary approvals yet. On Tuesday, Israeli news outlet Calcalist reported that Bennet was referring to NSO’s solution.
If every citizen is getting a score, it would appear the government isn’t going to have much use for anonymized data. Seemingly unable to see the downsides of inflicting mass domestic surveillance on Israel’s residents, Bennett is fully embracing the involuntary sacrifice of citizens’ privacy in exchange for unproven pandemic-fighting gains. The Defense Minister has made it clear he thinks other governments should follow Israel’s dubious lead.
Of course, once this pervasive tracking is in place, it will stay there long after the virus is under control. There’s no set expiration date for this worldwide health crisis. Once it does retreat into the background, the usual national security and law enforcement concerns will replace it and the access government agencies have taken for granted for months or years won’t be relinquished without a fight. And there’s a good chance the officials that decided it was necessary to place the country’s citizens under surveillance won’t see the need to roll things back to their pre-coronavirus level.