Israel said on Monday that countries interested in buying its cyber technologies would have to commit to using them to prevent only a limited list of terrorist acts and serious crimes.
The move announced by Israel’s Defence Ministry was the latest step in enhancing its oversight following concern over possible abuses abroad of a hacking tool sold by Israeli firms like NSO Group.
An updated certificate to be signed by purchasing countries lists in detail what qualifies as “terrorist acts” – like attacks on people, public facilities, seizures of aircraft, the release of dangerous substances – as well as “serious crimes” referring to those that warrant imprisonment of six years or more.
“The definitions for serious crimes and terrorist acts have been sharpened in order to prevent the blurring of boundaries in this context,” the Defence Ministry said.
It also spells out uses that are prohibited – like targeting people for political affiliation or applications that break that country’s privacy laws – for which Israel could revoke licences and the systems be shut down.
Israel has been under pressure to rein in exports of spyware since July, when a group of international news organisations reported that NSO’s Pegasus tool had been used to hack into phones of journalists, government officials and rights activists in several countries.
Those reports prompted Israel to review the cyber export policy administered by the Defence Ministry.
Last month, Israel was reported to have slashed the list of countries eligible to buy its cyber technologies.
NSO has denied any wrongdoing, saying it sells its tools only to governments and law enforcement agencies and has safeguards in place to prevent misuse.