The White House has banned US Federal agencies from deploying commercial spyware that threatens national security or human rights.
The move follows a new executive order issued by President Joe Biden, which has shut the door on many spyware vendors, welcoming praise from privacy and human rights advocates.
The White House statement highlighted that in recent years, “sophisticated and invasive cyber surveillance tools” that are capable of remotely monitoring devices have been used to “extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users.”
Agencies are prohibited from using commercial spyware with “significant counterintelligence or security risks to the United States government” or there is a valid risk of “improper use by a foreign government or foreign person,” as per the order.
The executive order is a follow-up on the report that dozens of US government personnel had their phones targeted by spyware overseas.
The Washington Post reported that “50 U.S. government employees in at least 10 countries overseas have had their mobile phones targeted with commercial spyware.”
Federal agencies, including law enforcement, defense, and intelligence, are now banned from using commercial spyware.
While officials did not disclose the names of the spyware affected by the executive order, it is believed that well-known government spyware makers and vendors with a history of selling to authoritarian regimes that violate human rights, such as NSO Group, Cytrox, and Candiru, are likely to be impacted by the order’s criteria.
The Israeli spyware vendor NSO Group is among the primary targets of the shunning strategy from the White House.
NSO’s Pegasus smartphone-hacking tool has been sold to authoritarian customers, such as the governments of Saudi Arabia and the United Arab Emirates, who allegedly used it to target human-rights activists, journalists, and even US allies.
As a result, NSO has become one of the most disliked software developers in the world.
However, the United States is also guilty of being among the customers of the NSO Group and using the infamous Pegasus software.
During a House Intelligence Committee hearing in March of that year, Director Christopher A. Wray faced questioning from lawmakers and clarified that the bureau had only purchased a license for the spyware to evaluate it and never used it operationally in any investigation.