The US is in possession of what's described as the world's most powerful spy tool, a revelation that in and of itself is not too surprising. This part might be: The tool is sitting unused in a New Jersey building because the FBI doesn't have authorization to deploy it—and that authorization might never come. The unusual situation is described in this weekend's New York Times Magazine by Ronen Bergman and Mark Mazzetti, whose story is the culmination of a yearlong investigation into cyberwarfare. The piece focuses on Pegasus, surveillance software sold by the Israeli company NSO Group. But this isn't just any software: Pegasus can "consistently and reliably crack the encrypted communications of any iPhone or Android smartphone," meaning governments don't need the cooperation of Apple or other tech firms, per the story.
That kind of tool is a spymaster's dream and a privacy advocate's nightmare. Mexico, for instance, has used Pegasus to catch the drug lord El Chapo, but also to spy on political dissidents and journalists. Similar abuses have surfaced since Pegasus emerged in 2011, including when the Saudis allegedly used it to spy on dissident Jamal Khashoggi (later killed by Saudi operatives) and his fiancee. Plenty of nations already use Pegasus, and the FBI took steps to join the club in 2019. But the dozens of computer servers it purchased sit idle as the government debates whether they should be fired up. The Commerce Department, meanwhile, has added NSO to its list of foreign companies thought to jeopardize national security. (Read the full story, which digs into how "cyberweapons have changed international relations more profoundly than any advance since the advent of the atomic bomb.")