US President Joe Biden on Monday signed the executive order This limits the use of commercial spyware by federal agencies.
The executive order states that the spyware ecosystem “poses a significant counterintelligence or security risk to the U.S. government or poses a significant risk of improper use by foreign governments or persons.”
It also calls for governments to use such tools in a manner that is “consistent with respect for the rule of law, human rights, and democratic norms and values.”
To that end, the order sets out various criteria by which commercial spyware may be disqualified for use by US government agencies. They include –
- Purchase of commercial spyware by a foreign government or person that targets the U.S. government;
- commercial spyware vendors operating under the control of foreign governments engaged in espionage targeting the United States, using or disclosing sensitive data obtained from cyber surveillance tools without permission;
- Foreign threat actors using commercial spyware against activists and dissidents to restrict freedom of expression or commit human rights abuses;
- Foreign threat actors using commercial spyware to spy on U.S. citizens without legal authorization, protection, or oversight; and
- Selling commercial spyware to governments with a record of engaging in systematic acts of political repression or other human rights violations.
“This executive order also serves as a foundation for deepening international cooperation to promote the responsible use of surveillance technology, combat the proliferation and misuse of such technology, and promote industry reform,” the White House said. said. Said in a statement.
According to The Wall Street Journal, it is estimated that about 50 US government officials in at least 10 countries have been infected or targeted by such spyware so far. reporta larger number than previously known.
The order stops short of an outright ban, but development come Sophisticated and invasive surveillance tools are increasingly being deployed to remotely access electronic devices using zero-click exploits to extract valuable information about their targets without their knowledge or consent.
New York Times last week report Artemis Seaford, former security policy manager at Meta, had his phone tapped and hacked by Greek national intelligence agencies using Predator, spyware developed by Cytrox.
That said, the order also leaves open the possibility for government agencies to use other types of spyware devices, such as IMSI catchers, to gather valuable information.
From that perspective, it is also acknowledged that the spyware distribution industry plays an important role in intelligence gathering operations, but this technology constitutes an increased counterintelligence and national security risk to government officials.
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
Earlier this month, the Federal Bureau of Investigation (FBI) Confirmed What the agency has had in the past Purchased location data of U.S. citizens from data brokers as a means of circumventing the traditional warrant process.
The FBI is also said to have purchased a license In 2020-2021, Israeli company NSO Group’s Pegasus was used for research and development purposes.
Similarly, the Drug Enforcement Administration (DEA) graphite, is an anti-narcotics spyware tool created by another Israeli company named Paragon. It is not immediately clear whether other US federal agencies are currently using commercial spyware.