Brian E. Finch is a partner at Pillsbury Winthrop Shaw Pittman LLP, and a registered lobbyist for NSO Group, an Israeli company blacklisted by the U.S. Department of Commerce for its Pegasus spyware. The Commerce Department added NSO Group to its Entity List on November 4, 2021 for "engaging in activities that are contrary to the national security or foreign policy interests of the United States." NSO Group's Pegasus spyware has been used to target, track, and surveil government officials, journalists, human rights defenders, and democracy activists throughout the world, including several American officials, journalists, and activists.
In his and his firm's work for NSO Group, Finch and Pillsbury have breached their human rights responsibilities under the UN Guiding Principles on Business and Human Rights by contributing to, and benefiting from, human rights abuses through their own activities for NSO Group. They have provided misleading information to members of Congress, U.S. government officials, as well as journalists, editors, and think tank staff, omitting material information about the well-documented sale of NSO Group's Pegasus Spyware to authoritarian governments to target a variety of individuals through transnational repression, as publicly concluded by the Department of Commerce. Finch and Pillsbury have also sought to mislead the public and Congress by producing documents praising NSO Group's human rights record and due diligence standards, even as members of Congress asked the Departments of State and Treasury to sanction the company for its clear link to warrantless surveillance, repression, and human rights abuses. In addition, Finch and Pillsbury filed inaccurate information in their FARA disclosures to the Department of Justice, misrepresenting the fact that the Israeli government controls the work of NSO Group, as defined by the Foreign Agents Registration Act (FARA).
Finch is a public policy partner at Pillsbury, with a focus on cybersecurity, national defense, intelligence, and homeland security. He is a recognized expert on cybersecurity issues and has advised over 150 companies on liability matters following a cyber attack. Finch has published several articles about cybersecurity issues in relation to various industries and was a Senior Fellow at the George Washington University Center for Cyber and Homeland Security. He currently sits on the National Advisory Board of the National Center for Spectator Sports Safety and Security. Finch is also a faculty member of the Practicing Law Institute.
Pillsbury began lobbying on behalf of NSO Group on June 30, 2021, when the firm signed a contract to represent the company for $75,000 a month. The contract provided that Pillsbury would advise on business development opportunities, strategy, U.S. government procurement regulations, and corporate compliance policies. Notably, this contract was signed less than three weeks before the first published reports from the Pegasus Project appeared in global media outlets demonstrating the systematic abuse of the company's spyware.
In November 2021, the U.S. Commerce Department added NSO Group to its Entity List, which subjected the company to specific license requirements for the export, reexport, or transfer of specified items under Export Administration Regulations. For NSO Group, these licensing requirements fall under the restrictions on end-user to end-user-based items. In its press release explaining its decision, the Commerce Department stated that NSO Group "developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers." The Commerce Department also noted that Pegasus spyware "enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent." It concluded that "[s]uch practices threaten the rules-based international order."
On November 23, 2021, Apple filed a lawsuit against NSO Group, claiming that the company violated numerous federal and state laws by targeting Apple device users and sought a "permanent injunction to ban NSO Group from using any Apple software, services, or devices." Apple also sent threat notifications to journalists, activists, and other individuals targeted by Pegasus. Apple's lawsuit followed a similar 2019 lawsuit filed by WhatsApp, alleging that NSO Group violated the federal Computer Fraud and Abuse Act and California's Comprehensive Data Access and Fraud Act.
On December 15, 2021, U.S. lawmakers led by Senator Ron Wyden (D-OR), Chair of the Senate Committee on Finance, and Representative Adam Schiff (D-CA), Chair of the House Permanent Select Committee on Intelligence, sent a letter to Secretary of the Treasury Janet Yellin and Secretary of State Antony Blinken, calling on them to impose Global Magnitsky sanctions on NSO Group and three other cyber companies. Following the publication of the letter, Senator Wyden said, "These surveillance mercenaries sold their services to authoritarian regimes with long records of human rights abuses, giving vast spying powers to tyrants." Senator Wyden, who represents Oregon, also called on the Oregon state pension fund to drop its investment in NSO Group.
On December 20, 2021, Finch contracted with David Tamasi, Managing Director and Co-Founder of Chartwell Strategy Group, LLC, to "provide strategic communications counsel and other services in connection with your project." On January 12, 2022, David Tamasi became a FARA-registered agent on behalf of NSO Group via Pillsbury. The same day, Tamasi started contacting dozens of journalists, editors, Congressional offices, and think tanks on behalf of Pillsbury and its client NSO Group.
Pillsbury also produced a document titled, "NSO Group: Here for You, Here for Good," which it submitted to the FARA Registration Unit on January 7, 2022. This document contains several problematic assertions, is completely at odds with the findings of the Commerce Department, and fails to mention that the Commerce Department blacklisted NSO Group by placing the company on its Entity List for the systematic targeting of dissidents, journalists, and human rights defenders through its Pegasus spyware. Despite the widespread documentation of NSO group selling its spyware to authoritarian governments with extensive records of abuse, who predictably used Pegasus to target dissidents, journalists, human rights defenders, and others, the Pillsbury document stated that "NSO Group Has Developed an Unparalleled Human Rights Governance Program" and that the company "is taking extraordinary steps to prevent and mitigate the risks stemming from misuse" by developing "a human rights governance compliance program—the first of its kind in the cyber intelligence industry." In addition to promising human rights due diligence reviews prior to acquisition, the document asserted that NSO Group "is in constant contact with leading human rights advisors and academia, to constantly examine its policies and remedies." The Commerce Department came to an entirely different conclusion, but any reference to its findings that Pegasus enabled authoritarian governments to conduct "transnational repression" or how these practices constituted a threat to "the rules-based international order" is entirely absent in the Pillsbury document.
It appears that the Pillsbury document accompanied a letter from Finch to members of Congress dated January 10, 2022. Finch's letter responds to the letter that lawmakers sent to Secretaries Yellen and Blinken about a month earlier on December 15, 2021. Finch's letter also fails to disclose the Commerce Department's findings or the company's blacklisting. Instead, it insists that NSO Group is "a force for good in the world" and that the company maintains "the cyber intelligence community's leading human rights protection program." Like the Pillsbury document, Finch's letter extols NSO Group's rigorous due diligence process and an international risk assessment that relies on human rights metrics such as transparency, democracy scores, and privacy. The letter fails to explain how relying on such metrics, the company approved selling Pegasus to authoritarian governments such as Saudi Arabia, the United Arab Emirates, Bahrain, and others, countries that appear near the very bottom of any measurement of these or other human rights indicators.
Indeed, NSO Group has received widespread criticism for the use of its Pegasus spyware in human rights abuses and transnational repression. In July 2021, United Nations High Commissioner for Human Rights Michelle Bachelet condemned the technology, stating, "Revelations regarding the apparent widespread use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in a variety of countries are extremely alarming, and seem to confirm some of the worst fears about the potential misuse of surveillance technology to illegally undermine people's human rights."
These targets include Saudi dissident, journalist, and Democracy for the Arab World Now (DAWN) co-founder Jamal Khashoggi, as NSO Group's Pegasus spyware likely was used to facilitate his murder. Saudi operatives, acting under the direction of Saudi Crown Prince Mohamed bin Salman, killed Khashoggi on October 2, 2018 after luring him to the Saudi consulate in Istanbul. While NSO Group has repeatedly denied that its software was used by Saudi officials involved in Khashoggi's murder, Omar Abdulaziz, a Saudi dissident and close associate of Khashoggi, discovered Pegasus spyware installed on his phone before Khashoggi's murder. Saudi officials used the Pegasus software embedded on Abdulaziz's phone to spy on and monitor Khashoggi's movements in the months before his murder. Saudi officials also used the spyware to monitor Khashoggi's friends and associates, as well as other Saudi dissidents and human rights activists, after his murder.
Finch contributed $2,500 to the American Security PAC, a leadership PAC affiliated with Representative Mike Rogers (R-AL), who sits on the House Armed Services Committee, on September 23, 2021; while Pillsbury contributed $1,000 to the campaign of Representative Tom Malinowski (D-NJ) in 2020. Finch addressed his January 10, 2022 letter to Representative Malinowski.
DAWN calls on Brian Finch and his firm, Pillsbury Winthrop Shaw Pittman LLP, to drop its contract with NSO Group immediately, to conduct a thorough review of all its clients, and to cease representation of clients such as NSO Group whose policies do not comply with the UN Guiding Principles on Business and Human Rights. Under the Guiding Principles, businesses have a responsibility "to avoid causing or contributing to adverse human rights impacts through their own activities" as well as "to prevent or mitigate adverse human rights impacts that are directly linked to their operations, products or services by their business relationships, even if they have not contributed to those impacts." Lobbying on behalf of governments, agencies, officials, or companies responsible for serious human rights abuses, while misrepresenting or omitting information about their abuses of international human rights law or international humanitarian law, or obtaining, sustaining, or expanding military, political, or economic support for them, effectively contributes to, and benefits from, such abuses. Finch and Pillsbury are contributing to, and benefiting from, NSO Group's abuses, supporting its business of selling Pegasus spyware to abusive regimes.
Moreover, by failing to accurately represent their client to FARA and in their lobbying activities, Finch and Pillsbury are violating the Organisation for Economic Co-operation and Development's Principles for Transparency and Integrity in Lobbying, which recommend that all lobbyists conduct their professional activities with "integrity and honesty."
For additional information, see DAWN's detailed recommendations to Congress, lobbyists, and U.S. State Bar Associations on our Lobbyist Hall of Shame.