"Technologists at Amnesty Tech’s Security Lab were able to identify traces of NSO’s “zero-click” attacks (malware infections that require no interaction with the target) through cutting edge forensic analysis, including by linking these new attacks to previously documented attacks on human rights defenders (HRDs) using NSO Group software.3 This project was a crucial and overdue breakthrough of transparency in an industry stubbornly resistant to it, which relied on the collaborative efforts of all involved. It is important to note, however, that the success of such investigative efforts was never guaranteed, and these disclosures cannot represent the only form of check on industry participants and state actors. The stories published as a result of this collaboration speak for themselves. In this briefing, Amnesty International’s goal is to contribute to the discussion by highlighting some of the key insights from the perspective of international law, particularly international human rights law, that come out of the reporting and technical analyses. These include: the improper breadth of targeting under international human rights law, which is also out of line with the company’s stated rationale of selling its products to help its clients combat crime, including terrorism-related conduct; the clandestine nature of the tool that facilitates its illegal use and operation; the serious human rights violations that have resulted; the total impunity of states and companies in deploying this targeted digital surveillance tool; and the failure of states to fulfil their obligation to protect them from this unlawful hacking and surveillance." (Introduction, page 4)