Getty Images
On Monday, President Joe Biden signed an executive order banning much of the federal government’s use of commercial spyware. Commercial spyware has been increasingly used in recent years in other countries to spy on dissidents, journalists, and politicians.
The signing of the executive order tells journalists that approximately 50 US government officials in at least 10 countries have been infected or targeted by such spyware, a higher number than previously known. It was done when I said yes. Officials did not elaborate.
Commercial spyware is sold by a number of companies, the most well-known being the Israeli NSO group. The company sells a hacking tool called Pegasus that can covertly compromise both iPhones and Android devices using “clickless” exploits. That is, no user action is required. By sending text messages or calling your device, Pegasus can install spy software that steals your contacts, messages, location, etc. even if your text messages or calls are unanswered. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon. Meanwhile, the NSO describes Pegasus as a “lawful interception” tool sold only to legitimate law enforcement agencies to investigate crime and terrorism. Mexico, India, Saudi Arabia, the United Arab Emirates, Morocco, and other countries have been found deploying it against dissidents, journalists, and other citizens not accused of crimes. In November 2021, the Biden administration restricted exports, re-exports and domestic transfers of products from NSO and three other companies in Israel, Russia and Singapore.
Monday’s executive order goes further by banning commercial spyware from “operational use” by federal agencies, including those engaged in law enforcement, defense, or intelligence activities.
According to a fact sheet released by the White House, “The proliferation of commercial spyware poses a clear and growing counterintelligence and security risk to the United States, including to the safety and security of U.S. government employees and their families.” U.S. government employees abroad are targeted by commercial spyware, and untrusted commercial vendors and tools can pose significant risks to the security and integrity of U.S. government information and information systems.”
White House officials have not named the specific spyware that has been banned, but using the term commercial spyware includes tools sold by NSO, Cytrox, Candiru, and others. strongly suggests that Criteria for applicable tools for ordering include:
- Exploited by foreign governments trying to access devices of U.S. citizens
- Foreign actors deploy them against activists and dissidents to intimidate or suppress dissent or dissent or to suppress free speech expression
- They are supplied to governments with credible reports of their involvement in systematic political repression.
Officials declined to say whether US law enforcement and intelligence agencies currently use commercial spyware. It confirmed the New York Times report that they were not being used for operational purposes or in support of the investigation. The U.S. Drug Enforcement Administration has deployed a surveillance tool called Graphite for use in counter-narcotics, the NYT reports.
