That was a fascinating article, thank you.

NSO seems pretty well-versed in what’s essentially “corporate bullshit”:

I asked the NSO PR team questions about how and why it sells its products to undemocratic states and what safeguards are put into place to ensure that its products aren’t abused by the buyer. In response, NSO directed me to its ​“Transparency and Responsibility Report,” released in 2021. In it, NSO claimed that it had ​“rejected over US$300 million in sales opportunities as a result of its human rights review processes” and said that Israel’s Ministry of Defense ​“restricts the licensing of some of our products and it conducts its own analysis of potential customers from a human rights perspective.” The report further claimed that the company is ​“committed to respecting human rights” by the establishment of a Governance, Risk, and Compliance Committee (GRCC). The GRCC ​“reviews potential sales, providing recommendations and decisions after an in-depth, risk-based due diligence process including a comprehensive assessment of potential human rights impacts.”

They have notional safeguards in place so they can point to them and say “hey look we’re doing our due diligence and not selling to bad actors” when it’s obviously completely false. This seems pretty common in the corporate world; get caught doing something unethical and respond with “but we have this policy in place about not doing Bad Things™, so it’s not possible that we’d be doing them”