20th of July:
Meeting with Ministry of Foreign Affairs (protocol by PEGA Inquiry Secetariat)
The EP delegation was received by the following representatives of the Israeli Ministry of Foreign Affairs (MFA):
• Ms Michal Weiler-Tal, Director for export control matters
• Mr Assaf Moran, Director for the Department for European Multilateral Organisations and NATO
The meeting was held under the Chatham House Rules and consequently speakers are not set out below.
The PEGA Committee raised the concerns that no representative of the Ministry of Defence was present as they were the principally responsible for defence export control. MFA stated that they would give a full and complete picture of the Israeli export.
MFA continued by describing the Israeli export control system for cyber capabilities, such as spyware. The first regulation that applies to such capabilities came into force in 2010 and, though Israel is not a party, it follows largely the Wasenaar Arrangement. It is a two phase system, where a company would first need a marketing license to start negotiations for a sale and subsequently an export license if a deal is made. The total amount of licences per year is 30-40 000 for all defence products (no specific figure for cyber capabilities was give), however, as not all negotiations lead to a deal, the number of marketing licenses are much higher than the final number of export licenses. The MFA has to approve every marketing and export license. In the MFA, there are five persons working on defence export control. Requests for a license are assessed on the basis of a number of criteria, including human rights. Cyber capabilities may only be exported to government, and only for the purpose of crime and terrorism prevention. The MFA declined to answer how many requests were refused per year and said that they had no knowledge about any Pegasus licenses being terminated.
If a defence company acts in contravention of any license given, it may be given a fine. The use of commercial intermediaries, such as brokers, is standard practice and would not violate the terms of the export license as long as the party to the end-user agreement is a state entity.
MFA further stated that a process to make the rules for export of cyber capabilities stricter was initiated in the autumn of 2021. As a first step, the End-User Declaration that client countries have to sign was redefined. The new rules apply to new export licenses while existing licenses are subject to the old rules1. The End-User Declaration sets out definitions of serious crimes and terrorism. The MFA did not specify what further steps this process would lead to.
MFA also stated that the EU Member States are viewed as countries with the highest respect for human rights and that no differentiation is made between EU MS with respect to defence export control. Israel is aware of discussions of whether all MS uphold human rights to the necessary degree but views that as an internal matter for the EU. Nevertheless, the assessment of a specific request is done upon the information available regarding the specific country.
As regards systems as Pegasus, the Israeli government has no access to any data collected. The MFA does not have the technical capabilities to assess cyber systems from a technical point of view.
As regards abuse of exported systems, MFA said that indications of such abuse would be taken into account in subsequent requests for export licenses but that it would not lead to any revocation of a given license2. The MFA presupposes in their assessment of an application for an export license that cyber capabilities will be used in accordance with the undertaking in the End-User Declaration while no active follow-up whether this is the case is carried out. The sale of cyber capabilities is based on trust between countries, and Israeli authorities would only act upon ‘official’ proof of abuse.
As regards statistics on how many terrorist events or serious crimes the use of cyber capabilities had helped to prevent, MFA stated that they did not have such statistics, but that they thought that Europol should have it as regards the EU.