Harvard’s Shorenstein Center has called off an online harassment training for journalists after it was linked to a prominent spyware vendor. The event had been pitched as a way for female reporters to learn about contemporary cybersecurity threats, led by Juliette Kayyem and Nancy Gibbs, both prominent figures in the digital rights community on staff at Harvard’s Kennedy School of Government.
But Sunday night, journalists who had signed up for the training got an abrupt and unexpected message. “Thank you for your interest in the planned February 6th webinar,” the message read. “Unfortunately, this event has been canceled.”
The email didn’t give details on why the event had been canceled, but it had to do with an unexpected item on Kayyem’s resumé. She had served as a consultant for NSO Group, a prominent spyware vendor that has been linked to several hacks against journalists in countries like Saudi Arabia, Kazakhstan, and Bahrain.
Most recently, NSO has drawn headlines for a report that linked the company’s Pegasus spyware to a 2018 hack on Amazon CEO Jeff Bezos, which ultimately resulted in the release of his personal photos and texts. (NSO has denied any involvement in the hack.) According to the report, the hack was carried out by Saudi Crown Prince Mohammad bin Salman, who was seeking to influence The Washington Post’s coverage of his kingdom in advance of the killing of a Post columnist.
The reaction from the digital rights community was harsh and immediate. “Am I reading this wrong or is this Reporter Security Webinar a Harvard training on digital security for journalists from… a senior advisor at NSO Group?” one observer tweeted.
“I wonder if this will include how to avoid getting hacked by Pegasus?” another asked.
Kayyem says she decided to leave the program herself, coming to the conclusion that the controversy had become a distraction. “I decided, alone, not to go forward with the program here because I wanted it to be about the participants and not about me,” she told The Verge.
In the same statement, Kayyem described her work with NSO as primarily focused on human rights. “I worked last year with NSO Group as one of several advisors on the implementation of their effort to align their governance framework with the UN Guiding Principles on Business and Human Rights,” Kayyem said. “It was always a limited project and my role ended in 2019. I strongly support the commitment of company’s to align with those principles.”
Still, the incident is a sign of the growing toxicity of freelance spyware vendors like NSO and Hacking Team, which offer surveillance tools to governments on a contract basis. One of the most prominent such vendors, NSO has been linked to attacks around the world, including Mexican journalists targeted by cartels and a New York Times reporter investigating Saudi Arabia. NSO is also currently being sued by WhatsApp for failing to disclose vulnerabilities in the company’s software.
Reached for comment, NSO confirmed the timeline. “Juliette played an important role advising NSO on its governance framework,” a company representative said, “and we’re grateful for her leadership and experience during her time as Senior Advisor, which came to a conclusion in 2019.”