In January 2018, a former Israel Defense Forces officer was a sales rep for a Maryland tech company when he sent a farewell note to his contact at the Los Angeles Police Department.
The rep, Oren Kaplan, wrote that he was leaving Westbridge Technologies to pursue other career challenges.
“I CC’ed Terry Divittorio, Westbridge’s president, to this email to keep the communication between our organizations and hopefully finish the process we have started a while ago,” Kaplan told Mark Castillo of the LAPD.
What did “finish the process” mean?
The email that contained that phrase — unearthed in a 2019 public-records act request — wasn’t clear.
But suspicions exist that Westbridge Technologies was trying to sell LAPD the same smartphone-hacking technology it pitched the San Diego Police Department in 2016. Kaplan was CC’d in emails involving San Diego police.
After two months of conversations, the SDPD ultimately decided the “mobile-intelligence system” created by NSO Group was too expensive.
An industry expert told Times of San Diego that a license for such tech could cost $800,000 but possibly millions.
The NSO Group’s product, called Phantom or Pegasus, has been linked to efforts by some authoritarian governments to spy on dissidents and journalists by cracking open the supposedly secure contents of smartphones.
Did the Los Angeles Police Department consider buying the invasive software?
Contacted Friday, an LAPD spokesman promised a response to Times of San Diego in a week to 10 days. Kaplan didn’t immediately respond to a request for comment via his new employer.
Kaplan’s LinkedIn.com profile listed him as director of North American sales for NSO Group (Q Technologies) for four years ending in April 2018. He’s now listed as regional sales manager for Pcysys with offices in Israel, the UK, New York and Toronto.
(Pcysys is called an acronym for “Proactive Cyber Systems” and produces tech that “assures you can validate your cybersecurity posture daily to keep your guard up at all times.”)
Joseph Cox of Motherboard on Tuesday was the first to reveal that a U.S. municipal police agency got an NSO Group product pitch — the SDPD. But the apparent outreach to LAPD has never before been noted in the media.
Cox in August 2017 also reported how the U.S. Drug Enforcement Administration met with NSO Group sometime before January 2015.
“It is not clear if NSO or WestBridge sold any products to the DEA,” Cox wrote. “A separate Freedom of Information Act request filed by Motherboard to the DEA found no responsive records for contracts with either company. The DEA declined to comment.”
Three months ago, a project manager for a firm whose customers include LAPD attended the European Police Congress, an annual meeting of law enforcement agencies, according to The New York Times.
Among the vendors at that Berlin conference was NSO Group, “the firm accused of making spy software that has been used against journalists and government dissidents,” said the Times.
Reporter Adam Satariano said NSO’s slogan was “Find anyone, anywhere.” But he added: “The marketing manager at the booth refused to speak with me.”
The Motherboard story, posted on Vice.com, quoted John Scott-Railton of the University of Toronto’s Citizen Lab as saying: “This is probably the tip of the iceberg.”
“Local police wielding secret hacking technology is the nightmare scenario that we all worry about,” said Scott-Railton, a senior researcher. “The local laws and oversight mechanisms are not there. Abuse wouldn’t be a risk — it would be certainty.”
On Friday, Scott-Railton shared his alarm with Times of San Diego.
“I would hope that when an American police department is approached by a company that explains it’s a representative of a foreign surveillance company that the FBI is given a gentle heads up,” he said in a phone interview.
The California Public Records Act request that generated the single email from Kaplan to LAPD’s Castillo doesn’t reveal who made the inquiry. The last name was redacted.
The requester’s first name was Mark.