The US government will impose new restrictions on the use of commercial spyware, according to an executive order issued by President Joe Biden. The order aims to address concerns about programs used to surveil human rights activists, journalists, and dissidents worldwide, and respond to the proliferation of commercial spyware. The order prohibits the use of commercial spyware “that poses risks to national security” but allows for some exceptions. The White House will not publish a list of banned programs as part of the executive order. It requires the head of any US agency using commercial programs to certify that the program doesn’t pose significant counterintelligence or other security risks. The move aims to set new global standards for the industry and push spyware companies to do better.
The US government will introduce new restrictions on the use of commercial spyware, as per an executive order issued by President Joe Biden on Monday. The order aims to address the growing concerns about programs used to surveil human rights activists, journalists, and dissidents worldwide. It responds to the proliferation of commercial spyware, which has provided powerful tools to smaller countries, but also created opportunities for abuse and repression. The use of so-called “zero-click” exploits, which can infect a phone without the user clicking on a malicious link, is a particular concern. The White House issued the executive order in advance of its second summit for democracy, stating that the US is committed to advancing technology for democracy and countering the misuse of commercial spyware and other surveillance technology.
The executive order prohibits the use of commercial spyware “that poses risks to national security” and requires the head of any US agency using commercial programs to certify that the program doesn’t pose significant counterintelligence or other security risks. However, there will be some exceptions to the rule. The White House will not publish a list of banned programs as part of the executive order. Instead, among the factors that will be used to determine the level of security risk is if a foreign actor has used the program to monitor US citizens without legal authorization or surveil human rights activists and other dissidents.
According to a senior administration official, the order “is intended to be a high bar but also includes remedial steps that can be taken…in which a company may argue that their tool has not been misused.” The Biden administration aims to set new global standards for the industry and push spyware companies to do better. John Scott-Railton, a researcher at the University of Toronto’s Citizen Lab who has long studied spyware, applauded the move, saying that most spyware companies see selling to the US as their eventual exit path. Congress last year required US intelligence agencies to investigate foreign use of spyware and gave the Office of the Director of National Intelligence the power to ban any agency from using commercial programs.
The top Democrat on the House Intelligence Committee, Rep. Jim Himes of Connecticut, stated that commercial spyware poses a serious threat to democracies worldwide. He believes that the executive order issued by President Biden is a powerful statement and a good tool, but it alone won’t solve the problem. Himes hopes that other democracies will follow the US’s lead in taking steps against spyware.
The Pegasus software from Israel’s NSO Group is a well-known example of spyware. According to security researchers and a global media investigation, the software was used to target more than 1,000 people across 50 countries, including over 180 journalists, 600 politicians and government officials, and 85 human rights activists. Despite NSO’s assertions that the program is intended for countering terrorism and crime, the software has raised concerns about the abuse of surveillance technology.
The US has already placed export limits on NSO Group, which restrict the company’s access to US components and technology. The FBI confirmed last year that it had purchased NSO Group’s Pegasus tool for product testing and evaluation purposes only and not for operational purposes or to support any investigation.
White House officials revealed that they believe 50 devices used by US government employees, across 10 countries, had been compromised or targeted by commercial spyware. While the new executive order aims to restrict the use of commercial spyware by US agencies, it also highlights the need for other countries to address the issue of spyware and the potential for abuse and repression it creates.
Don’t miss interesting posts on Famousbio
