The United States will impose visa restrictions on foreign individuals who have been involving the misuse of spyware, the latest effort by the Biden Administration to address the dangers of the commercial software that often is used by governments and law enforcement agencies to target and surveil journalists, activists, and other individuals.
In a notice this week, Secretary of State Anthony Blinken said there is ongoing concern within the U.S. government that the abuse of commercial spyware developed by such vendors as NSO Group, Negg Group, Cy4Gate, Cytrox, and Intellexa – which is advertised as ways to help governments and police agencies fight back against terrorism and other threats – is being used worldwide “to facilitate repression, restrict the free flow of information, and enable human rights abuses.”
“The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association,” Blinken said in a statement. “Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases. Additionally, the misuse of these tools presents a security and counterintelligence threat to U.S. personnel.”
The policy to deny visas to those looking to travel to the United States reportedly will be applied on a case-by-case basis and will affect spyware company executives in Europe and Israel who normally would be allowed into the United States without a visa through the United States’ visa waiver program. Now such people could be told they need to apply for a visa.
The restrictions will apply to those involved in the misuse of spyware against individuals, those who facilitate or profit from such misuse – including those who develop, direct, or control companies that sell the software to governments that abuse spyware – and the immediate family members of those subject to the restrictions.
The State Department’s announcement comes days after a report surfaced that NSO Group’s Pegasus spyware was used to target at least three dozen people between 2019 and September 2023, including journalists, activists, human rights lawyers, and civil society members. The report was the product of a joint investigation by digital rights groups Access Now and the Citizen Lab, as well as local groups.
“Civil society in Jordan is under attack,” Marwa Fatafta, mena policy and advocacy director at Access Now, said in a statement. “The staggering number of Pegasus victims uncovered by Access Now and the Citizen Lab’s investigation reveals only the tip of widespread surveillance and spyware abuse. Pegasus spyware is enabling the erosion of privacy and further crackdown on Jordan’s civic space.”
Fatafta said both the NSO Group and the governments it sells to must be held accountable.
In addition, a recent report by Google found that Pegasus and other such spyware is fueling the development of hacking tools used by cybercriminals. In the 50-page report, Google’s Threat Analysis Group (TAG) said that half of the know zero-day exploits used against Google products and Android devices between mid-2014 and 2023 are attributable to such spyware, adding that TAG tracks about 40 such vendors that sell their software to governments.
Google’s report goes into detail about individuals victimized by government-abused spyware, the myriad spyware vendors, and the cyberthreats that arise from the misuse of the software.
“As long as there is a demand for surveillance capabilities, there will be incentives for CSVs [commercial spyware vendors] to continue developing and selling tools, perpetrating an industry that harms high risk users and society at large,” the TAG report said. “CSVs enable the proliferation of dangerous hacking tools worldwide. Surveillance tools are expensive to develop and maintain, and the CSV market allows any entity to ‘pay-to-play’ and have a full remote surveillance capability instead of (or in addition to) developing the tools themselves.”
Earlier this month, cybersecurity firm Kaspersky detailed a lightweight method for detecting the presence of spyware in Apple iOS devices.
The Biden Administration has taken multiple steps to push back against the abusive use of spyware. In March 2023, the president, citing national security concerns, issued an executive order banning the use by U.S. government agencies of commercial spyware that pose security or counterintelligence risks. In addition, the Commerce Department has a growing entity list of spyware vendors – including NSO Group, Intellexa, and Cytrox – that U.S. organizations can no longer do business with.
On an international level, the United States joined with governments from 10 other countries – Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, and Switzerland – to agree to take steps to control the proliferation and use of commercial spyware.
Recent Articles By Author