Spyware-Based Searches for Domestic Criminal Law Enforcement

(Yotam Berger – Lawfare) In the United States, NSO Group—the Israeli spyware firm infamous for numerous reported abuses of its product, Pegasus—has been under intense scrutiny in recent years. A series of reports revealed the extent to which NSO’s global clients have abused its spyware, infecting devices owned by journalists, political dissidents, political leaders, and civil rights activists around the world. Yet despite initial U.S. sanctions, in October 2025 NSO confirmed that an American investment group had acquired the company. The legal discussion surrounding spyware such as Pegasus has often revolved around national security, foreign intelligence, and international law. However, the legal and theoretical frameworks governing such tools in the context of criminal justice and domestic law enforcement are different and underexplored. Here, I present an initial evaluation of how these tools could be legally approached when used in the domestic criminal justice sphere. Following the Pegasus crisis, the U.S.—which reportedly originally purchased Pegasus itself, presumably for research and not for operational use—sanctioned NSO, among other firms, including by placing it on the Commerce Department’s Entity List. NSO remained active, though, and in October 2025, it confirmed that a U.S. investment group had acquired the company. Shortly thereafter, it was reported that NSO had also named a new chairman, David Friedman, the former U.S. ambassador to Israel. Israeli media has framed this move as part of NSO’s efforts to get off the U.S. blacklist. Yet, NSO is not the only company interested in selling spyware solutions or digital forensics tools to American law enforcement. Just recently, it was reported that another Israeli spyware firm, Paragon, sold its Graphite spyware, allegedly for use by Immigration and Customs Enforcement (ICE). These developments raise a pressing question: How should the American legal system treat commercial spyware? Shortcomings in oversight in other democracies that have employed Pegasus demonstrate the dangers of failing to establish clear frameworks: In Israel, for instance, a Ministry of Justice report and a recent State Comptroller report both found that the police used Pegasus in ways that were not compliant with Israeli criminal procedure. The European Parliament’s PEGA report, too, found abuses in certain member states. The U.S. must avoid similar instances of abuse and noncompliant use. – Spyware-Based Searches for Domestic Criminal Law Enforcement | Lawfare