Battle for the Most Dangerous Cyber Weapon

Everything Snowden has been warning us about is now known as truth:…

Ever since the 2013 revelations by Edward Snowden, a former National Security Agency contractor, about U.S. government surveillance of American citizens, few debates in this country have been more fraught than those over the proper scope of domestic spying. Questions about the balance between privacy and security took on new urgency with the parallel development of smartphones and spyware that could be used to scoop up the terabytes of information those phones generate every day. Israel, wary of angering Americans by abetting the efforts of other countries to spy on the United States, had required NSO to program Pegasus so it was incapable of targeting U.S. numbers. This prevented its foreign clients from spying on Americans. But it also prevented Americans from spying on Americans.

NSO had recently offered the F.B.I. a workaround. During a presentation to officials in Washington, the company demonstrated a new system, called Phantom, that could hack any number in the United States that the F.B.I. decided to target. Israel had granted a special license to NSO, one that permitted its Phantom system to attack U.S. numbers. The license allowed for only one type of client: U.S. government agencies. A slick brochure put together for potential customers by NSO’s U.S. subsidiary, first published by Vice, says that Phantom allows American law enforcement and spy agencies to get intelligence “by extracting and monitoring crucial data from mobile devices.” It is an “independent solution” that requires no cooperation from AT&T, Verizon, Apple or Google. The system, it says, will “turn your target’s smartphone into an intelligence gold mine.”

The Phantom presentation triggered a discussion among government lawyers at the Justice Department and the F.B.I. that lasted two years, across two presidential administrations, centering on a basic question: Could deploying Phantom inside the United States run afoul of long-established wiretapping laws? As the lawyers debated, the F.B.I. renewed the contract for the Pegasus system and ran up fees to NSO of approximately $5 million. During this time, NSO engineers were in frequent contact with F.B.I. employees, asking about the various technological details that could change the legal implications of an attack.