South Yorkshire Pensions Authority
Gateway Plaza
Sackville Street
Barnsley
South Yorkshire
S70 2RD

May 24, 2019

To Whom It May Concern:

I am writing in my capacity as the founder and director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs & Public Policy. We are an interdisciplinary research laboratory and our work focuses on research, development, and strategic policy and legal engagement at the intersection of information and communication technologies, human rights, and global security.

I am reaching out to you in light of the South Yorkshire Pensions Authority (the “Authority”)’s widely-reported investment in a fund raised by private equity firm Novalpina Capital and issues surrounding the abusive deployment of NSO Group’s Pegasus spyware. As you know, Novalpina Capital recently acquired a majority stake in NSO Group, an Israeli offensive cybersecurity company that has produced spyware implicated in the abusive targeting of human rights defenders and civil society. Further, I understand that the Authority intends to meet with Novalpina Capital next week to discuss issues around human rights due diligence and NSO Group.

In light of your investment and upcoming meeting with Novalpina Capital, I would like to highlight Citizen Lab’s research into the use of NSO Group’s Pegasus spyware to target human rights defenders and civil society. I would also like to underline that our questions to Novalpina Capital regarding such abuses remain largely unanswered.

At this time, we (along with international human rights organizations including Amnesty International, Privacy International, Access Now, and R3D) are not satisfied that Novalpina Capital intends to engage in substantial, comprehensive, and meaningful reforms to acknowledge and remedy past abuses of Pegasus spyware and to ensure that no further such abuses occur. In addition to providing you with the information below, I would be willing to explain in more depth our research methodology and findings regarding NSO Group’s Pegasus spyware.

Citizen Lab research into NSO Group’s Pegasus spyware

Research by the Citizen Lab provides empirical evidence that NSO Group’s technology has been used abusively and illegally to spy on civil society, human rights defenders, and journalists, among other targets. The technical and other methods underpinning this research are rigorous, transparent, and peer-reviewed. Our findings have not been challenged by the global scientific community,nor have Novalpina Capital or NSO Group produced concrete evidence to show that our research is flawed or problematic.

Since 2016, we have published a total of 11 reports regarding NSO Group’s spyware. A detailed summary of our reporting on NSO Group is available in our recent submission to the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression.

In brief, our reporting describes the targeting with Pegasus spyware of Ahmed Mansoor, an internationally-renowned Emirati human rights defender who has been sentenced to 10 years’ imprisonment in the United Arab Emirates for posts he made on Twitter and Facebook. In Mexico, a total of 25 individuals are known to have been abusively and illegally targeted with NSO Group’s Pegasus spyware, including journalists, anti-corruption advocates, opposition politicians, public health scientists, and at least one minor child.

In September 2018, Citizen Lab published a report identifying 45 countries where Pegasus operators might be conducting surveillance operations. In October 2018, Citizen Lab published a follow-up report showing with high confidence that one of the Pegasus spyware infections located in Canada was the cellphone of Omar Abdulaziz, a well-known Saudi activist and Canadian permanent resident. Soon after the publication of that report, it was revealed that Abdulaziz was in close communication with Jamal Khashoggi, a prominent Saudi journalist who was murdered by the Saudi regime in October 2018.

Additional targeting and concerns regarding NSO Group’s Pegasus spyware

In addition to Citizen Lab reports, other groups describe the use of NSO Group’s Pegasus to target human rights actors in violation of their internationally-recognized human rights. In August 2018, Amnesty International reported that one of its staff members had been targeted with NSO Group spyware. In November 2018, it was confirmed that Ghanem al-Masarir, based in London, U.K., was targeted with NSO Group spyware. Al-Masarir is a prominent Saudi dissident, well known for his YouTube channel and satirical work.

More recently, on May 13, 2019, WhatsApp announced that a previously-unknown security flaw in the application was being exploited and that they believed that the targeting included cases of abuse. Briefly, the exploitation permitted phones to be remotely exploited and infected with spyware simply by a missed call. Citizen Lab believes that a lawyer representing plaintiffs in a case against NSO Group was targeted with the exploit. While detailed public reporting is not yet available, the exploitation has been linked to NSO Group.
The allegations of abusive targeting by NSO Group against human rights defenders have also led to multiple lawsuits against the company. On May 14, 2019, Amnesty International filed an
affidavit in support of a petition filed in Israeli court seeking the revocation of NSO Group’s export license. NSO Group is also facing lawsuits from Qatari, Mexican, and Saudi citizens targeted with Pegasus spyware.

Correspondence between Novalpina Capital and Citizen Lab

In response to a letter from Novalpina Capital, Citizen Lab sought concrete information from Novalpina Capital regarding its commitments to human rights and its due diligence processes. On 1 March 2019, Novalpina Capital issued a letter to Citizen Lab and other major human rights organizations concerned with NSO Group. Shortly after, we responded to Novalpina Capital, noting that its response was seriously deficient, in particular because it failed to address the specific abuses of NSO Group spyware identified by Citizen Lab and other research groups. In further correspondence, Novalpina Capital sought to explain that it had investigated and addressed cases of targeting with NSO Group’s Pegasus spyware.

However, in what appears to be a continued repudiation of the principles of transparency that the company stated it intended to follow, this correspondence from Novalpina Capital provides no concrete details regarding the investigations conducted by Novalpina Capital or how Citizen Lab reporting was inaccurate or incorrect regarding the numerous instances of targeting that we uncovered. Further, Novalpina Capital takes the position that Israeli law significantly constrains its ability to be transparent regarding its due diligence processes (such as, for example, detailing how the company has investigated and addressed allegations of abusive deployment of spyware). This, in and of itself, would appear to be a complete bar to ensuring that adequate and effective human rights due diligences processes are in place and subject to appropriate oversight.

The Authority’s Responsible Investment Policy

I note that in 2018 the Authority issued a Responsible Investment Policy (the “Policy”). The Policy notes that the Authority is “fully committed to responsible investment (RI) and good stewardship of its investments” and that it “considers environmental, social and corporate governance (ESG) issues when carrying out financial analysis and investment decision making.” Further, the Policy explicitly notes that “human rights” are an issue taken into consideration in making investment decisions. The targeting of human rights defenders and civil society with spyware technology is a serious issue with dramatic ramifications for internationally-recognized human rights, namely the right to privacy and freedom of expression and opinion recognized in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.

In light of Novalpina Capital’s recent acquisition of NSO Group and the obvious human rights concerns raised by NSO Group’s business practices, which we believe remain unaddressed, I would appreciate a response from the Authority regarding how this investment is consistent with the Authority’s Policy and what measures were taken by the Authority to inform and educate pension fund contributors and members regarding NSO Group.

Further, I invite the Authority to engage in more detailed discussions with Citizen Lab regarding our research on NSO Group’s Pegasus spyware and why we believe Novalpina Capital has yet to address our research in a satisfactory manner or demonstrate meaningful intent to ensure that the Pegasus spyware is not used abusively.

Sincerely,

Professor Ronald J. Deibert, OOnt
Professor of Political Science, Munk School of Global Affairs & Public Policy
Director, the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto