US Bars Agencies from Buying Spyware from Blacklisted Companies

President Joseph Biden signed an executive order Monday banning government agencies from using commercial spyware produced by companies deemed to represented national security threats or implicated in human rights abuses.

(Bloomberg) — President Joseph Biden signed an executive order Monday banning government agencies from using commercial spyware produced by companies deemed to represented national security threats or implicated in human rights abuses.

The move comes after the US determined that some 50 government personnel in 10 countries were confirmed or suspected to have been targeted by spyware, according to a senior administration official who spoke in a press briefing on Monday to announce the order.

Spyware is a form of malicious software that intruders use to covertly access victims’ mobile phones, stealing data and recording calls and messages. Companies such as Israel’s NSO Group build and sell such surveillance software to governments, promising to help them track terrorists and other serious criminals. However, human rights experts say some governments have abused the technology to target journalists, activists and political opponents.

“US government personnel overseas have been targeted by commercial spyware, and untrustworthy commercial vendors and tools can present significant risks to the security and integrity of US Government information and information systems,” the White House said in statement. 

The order does not represent a wholesale ban on government agencies purchasing and using commercial spyware. 

Agencies will be banned from purchasing spyware from specific companies — whose identities are not yet public – that officials say pose a security risk to the US government or have enabled repression and human rights violations. The order is unlikely to impact intelligence agencies such as the National Security Agency and CIA, which have developed their own in-house hacking tools, according to documents previously disclosed by WikiLeaks and former NSA contractor Edward Snowden.

The executive order is aimed at ensuring agencies’ use of spyware “aligns with core national security and foreign policy interests,” the senior administration official said Monday. The official added that the government wanted to ensure it was not contributing to the proliferation and misuse of commercial spyware and hoped to spur reform and greater regulation in the industry. 

The official declined to disclose how many US agencies were using spyware from companies that would now be prohibited under the executive order.

The Biden administration has previously taken steps to curb abuses of commercial spyware, and began closely examining the issue in summer 2021, according to the senior administration official. 

In November 2021, the Commerce Department blacklisted Israeli vendors NSO Group and Candiru, accusing them of supplying spyware to foreign governments that used the tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. 

“Such practices threaten the rules-based international order,” the department said in a statement at the time.

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.