When Downing Street was recently named as the alleged victim of a phone hack by the United Arab Emirates using Israeli-made Pegasus spyware, few were surprised who was behind the discovery.

The Citizen Lab at the University of Toronto has been a thorn in the side of the NSO Group for years, deciphering the company’s sophisticated hacking tools and, importantly, identifying victims of the spyware.

Ron Deibert, longtime director of the Canadian research group, is one of the world’s leading experts in identifying digital threats to civil society.

Citizen Lab senior researcher John Scott-Railton is one of a relatively small group of experts around the world who can identify which iPhones and Android devices have been infected with Pegasus, and which government customers are likely to be responsible. .

It’s no surprise, then, that the pair have been the subject of intense scrutiny at Novalpina, the London-based private equity group that took over NSO Group in 2019, and quickly sought to stem their reputation as allow repressive governments to commit widespread human rights abuses.

Using UK data protection laws, Deibert and Scott-Railton last year requested the personal data held on them by Novalpina. The results of their so-called subject access requests, recently shared with the Guardian, contain excerpts from hundreds of emails and attachments that included their names.

The published data, combined with information from other sources, highlights an apparent attempt by Novalpina partner Stephen Peel to gather information about and undermine Citizen Lab. In one instance, he even contacted George Soros, whose foundation is a major donor to Citizen Lab, and complained about the researchers.

Peel, a former British Olympic rower, was the architect of a drive to “set a new benchmark for transparency and respect for human rights” when Novalpina acquired NSO in early 2019.

Citizen Lab, meanwhile, had been at the forefront since 2016 of exposing human rights abuses perpetrated by NSO Group clients, exposing, for example, how Saudi Arabia used the spyware company to hack into the cell phone of a dissident who was a close associate. of Jamal Khashoggi months before the journalist’s assassination.

Novalpina’s attorneys said in letters sent to Deibert and Scott-Railton that they found 473 emails containing Deibert’s personal data, including some duplicates. 223 emails named Scott-Railton.

They reveal how, in February 2019, Novalpina and NSO retained the services of Vivek Krishnamurthy, who at the time was a lawyer specializing in the practice of corporate social responsibility at the American law firm Foley Hoag. A source familiar with the matter said NSO paid the company around $220,000 (£170,000) for its work.

Krishnamurthy was recruited as a “Specialized External Advisor” to align NSO’s governance framework with the United Nations Guiding Principles on Business and Human Rights (UNGP).

However, the documents suggest there could also be another motive: Krishnamurthy was an alumnus of the University of Toronto, and years earlier had worked as a research assistant for Deibert, who had helped him to obtain a Rhodes scholarship. As a result, he was in a good position to try to get closer to the ONS critic.

A February 2019 proposal from Foley Hoag to provide legal services to NSO said Krishnamurthy’s prior relationship with Deibert meant he was in a “unique position to conduct outreach to Citizen Lab should the NSO group deem desirable to do so”. The proposal acknowledged that NSO had “reputational challenges” and stated, “Our goal is to help NSO Group become the world’s most ethical surveillance company by establishing systems, policies and procedures to ensure that it operates in compliance with rights. – respectful manner.

In a March 1, 2019 exchange, Peel emailed Krishnamurthy telling the attorney it was time to “contact Deibert to find out what’s going on.” The lawyer quickly replied that he would, adding: ‘He can be prickly and he’s clearly pissed off about NSO.

The next day, Krishnamurthy emailed his former mentor, explaining that he had been hired to work on the NSO’s human rights policies.

He told Deibert that he had “thought a lot” about whether to work for NSO, especially in light of recent work by Citizen Lab.

“I probably would have said no without my good friend Sir Mark Stephens,” he wrote, referring to the British barrister – who is a CBE but not a Knight – as “one of the greatest barristers in the human rights in the world”.

He said Stephens, a well-known British lawyer who frequently acts in high-profile cases, with former clients such as Julian Assange, Salman Rushdie and Greenpeace., assured him of Peel’s “deep personal commitment to human rights and his desire to see the NSO operate in a rights-based way”.

Deibert declined the meeting. He told the Guardian he did not believe that NSO Group or its owners acted in good faith in responding to correspondence and questions from Citizen Lab, and did not wish to appear to legitimize the company.

He also turned down an attempt by Krishnamurthy three months later to secure a face-to-face meeting with his former college mentor when – following an exchange with Peel that he would seek a meeting with Deibert again – Krishnamurthy told Deibert by e-mail that he wanted to see him on a family trip to Toronto: “You would have a drink with me as an alumnus, and not as anything else!

Deibert said he found it “deeply disturbing and disappointing” that Novalpina employed a former student and research assistant apparently to “sneak in surreptitiously gathering information about our activities.”

Krishnamurthy, a University of Ottawa faculty member who was recently appointed to a Canadian government advisory committee on online safety, denied being hired for this reason, but admitted that his previous relationship with Deibert was relevant to the work he could do for Novalpina. “as a good faith intermediary” with the NGO community.

He expressed ‘regret’ that his work for NSO backers damaged his relationship with Deibert, describing his work for the company as ‘the strangest business I have ever dealt with’.

Stephens, who described Peel as a friend, confirmed he suggested Krishnamurthy to the Novalpina executive, but said he was unaware at the time of Krishnamurthy’s previous relationship with Deibert . He said he had previously worked for Peel, but not for Novalpina or NSO.

Stephens praised Peel and criticized Citizen Lab for focusing disproportionately on NSO.

“The practical result of what they [Citizen Lab] did is ignore and effectively distract other players in this market and they gave them a totally free pass and I think that’s wrong,” Stephens said.

Citizen Lab has, in fact, produced reports on a range of other cyber-surveillance companies and published reports on other digital threats to civil society, including Chinese government censorship and Covid-related app vulnerabilities.

His work has attracted funding from the Ford Foundation, the Hewlett Foundation and the Open Society Foundations, created by billionaire philanthropist George Soros. The Novalpina documents shared with Deibert include an email from Soros’ office that was forwarded by Peel to NSO in Israel.

The document has been redacted, but well-placed sources and other emails seen by the Guardian suggest the Soros outreach may have been part of an ultimately unsuccessful attempt by Peel to undermine Citizen Lab funding.

In May 2019, Peel reportedly lifted Citizen Lab while having dinner with Soros in New York. He then sent emails in which he sought to discredit the Canadian research group.

In one, he blasted Citizen Lab’s research, saying it was “an unknown organization except for its attack on NSO.” He questions the motivations, tactics and goals of the group, which he describes as “a little less pure than one would have hoped”.

A person familiar with the matter said they believe Peel’s unspoken aim may have been to get Soros to suspend his charity’s financial support for researchers. A second well-placed source said they could not judge Peel’s motive, but could not rule out it was his intention.

Soros was ultimately unmoved by Citizen Lab’s criticism. A month after dinner, the Hungarian-born billionaire advised Peel that he should probably pull out of the NSO investment.

Peel’s lawyers said they were “tiny and unsubstantiated allegations” and that Peel was committed to “good governance and human rights”.

Deibert said the documents suggested that Novalpina’s commitment to aligning the ONS with human rights principles seemed like a fig leaf.

“We’ve seen enough of their patently absurd denials in the face of evidence of abuse to understand that they don’t really seem interested in human rights due diligence as much as making money and creating a image apparently acceptable to the public,” he said.

“One can only conclude that the bottom line matters more than human rights to those who line their pockets with NSO Group sales – including their high-priced executives, owners and lawyers.”

Krishnamurthy said in a written statement to the Guardian that he and his colleagues had believed when they were retained that Novalpina was serious about bringing “real change to NSO”.

“However, NSO Group’s subsequent record of complicity in gross human rights abuses shows how wrong we were. I regret the short time I spent advising Novalpina in 2019,” he said.

Krishnamurthy added that he hopes leaders like Deibert and Citizen Lab “will succeed in bringing to an end the extremely harmful activities of NSO”.

A US consultancy called Berkeley Research Group (BRG) took over management of NSO’s proprietary fund last July after an internal dispute between Novalpina’s founding partners.