Endpoint Security , Governance & Risk Management , Government

US, UK and France Pressure Commercial Spyware Industry

Countries Seek International Guidelines for Responsible Use of Commercial Spyware
US, UK and France Pressure Commercial Spyware Industry
The United Kingdom and France initiated the Pall Mall Process to write international guidelines for commercial spyware use. (Image: Shutterstock)

The United States ramped up pressure on the commercial surveillance industry shortly before the United Kingdom and France convened a summit intend to culminate in an international agreement limiting the proliferation of advanced spyware.

See Also: Securing the Nation: FedRAMP-Authorized Identity Security

U.S. Secretary of State Antony Blinken on Monday announced a policy of limiting entry visas for individuals involved in the misuse of commercial spyware or who control the companies that furnish spyware to governments that deploy the apps to snoop on journalists, activists and dissidents. The limits also apply to close family members, such as children and spouses.

Approximately two dozen countries, including the United States, assembled in the United Kingdom on Tuesday for a two-day meeting initiating talks dubbed the Pall Mall Process that participants said will result in guidelines for the responsible deployment of commercial spyware. Participants include companies such as Google and Microsoft.

"Many of these tools and services can be used for legitimate purposes, but they should not be developed or used in ways that threaten the stability of cyberspace or human rights and fundamental freedoms," participants said. They plan to meet again in France next year.

Google, which tracks the global commercial spyware industry, estimates there are 40 global purveyors of such spyware - apps that record and transmit the activity on infected smartphones. Even devices that have the very latest operating system patches and security fixes can be infected (see: Dozens of Commercial Spyware Vendors at Work, Google Warns).

Human rights organizations have long highlighted that governments with authoritarian predispositions - including countries in Europe such as Poland and Hungary - have used spyware to surveil opposition groups despite claims from some vendors that they only sell their goods for use in combating national security threats and crime.

In announcing the new visa restriction, the Department of State linked commercial surveillance to "arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases." President Joe Biden in March signed an executive order banning the federal government from buying licenses for spyware used by foreign governments to spy on dissidents and has restricted exports to some spyware vendors (see: US Limits Government Use of Advanced Smartphone Spyware).

John Scott-Railton, a senior researcher at The Citizen Lab, lauded the Biden administration's decision. The "visa ban will be impactful because it follows the people. Prior efforts focused on spyware companies, which is good. But spyware players play shell games with corporate identities. Now, no matter what your company name is this week, you still can't go to Disney World," Scott-Railton said.

Speaking at a closed-door Pall Mall Process event, U.K. Deputy Prime Minister Oliver Dowden said that threats from cyber intrusion tools have become more challenging due to the advancements being made in artificial intelligence.

"Thanks to rapid advances in technology - including AI - those weapons are becoming cheaper, more widespread and easier to use," Dowden said. "If we fail to act, this market will rapidly become a driver for much of the cyber threat we face."

Dowden said private sector companies can play a vital role in preventing spyware intrusion by ensuring that their products receive regular patches and by mitigating supply chain risks.

In addition to the U.K. and France, other Pall Mall Process participants include the Republic of Cyprus, Greece, Japan, Germany, Australia and the Gulf Cooperation Council, which is a regional body. Private sector participants include Apple, BAE Systems and Eset.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.