Sign in

US: President Biden curtails government’s use of commercial spyware

Total ban on spyware used to target US personnel and deployed for human rights abuses; it comes 18 months after revelations about the extensive use of Pegasus software by democracies and authoritarian regimes alike highlighted the threats posed by commercial spyware

Published on: Mar 27, 2023, 23:53:07 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

Washington: President Joe Biden has prohibited all US federal agencies and departments from using any commercial spyware that poses a risk to US national security interests or/and has been used by foreign governments to engage in human rights abuses.

US President Joe Biden speaks during an event in the East Room of the White House in Washington, on Thursday. (AP)
US President Joe Biden speaks during an event in the East Room of the White House in Washington, on Thursday. (AP)

The decision, formalised through an executive order, comes in the run-up to the Summit for Democracy, a flagship event of the Biden presidency that commences this week, and 18 months after revelations about the extensive use of Pegasus software by democracies and authoritarian regimes alike highlighted the threats posed by commercial spyware.

Biden’s order applies to all federal agencies, including law enforcement, defence and intelligence departments, and applies to spyware tools furnished by both domestic and international commercial entities. To be sure, the ban does not extend to all commercial spyware – but only to spyware that has been found targeting US interests and been deployed in violation of law for human rights abuses elsewhere. But it is significant because for the first time, it lays a strict set of guidelines on what the US government agencies cannot acquire and use.

Calling it a “groundbreaking” executive order, a senior administration official explained the rationale of the move.

Defining commercial spyware as “sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices’ users”, the official said that from the late summer of 2021, the National Security Council had been engaged in assessing the threat posed by this kind of spyware. Two patterns became clear.

For one, the spyware posed a risk to the US’s own counterintelligence and national security interests. At least 50 devices used by US government personnel, in ten countries, in different continents, had been targeted by commercial spyware. The order says, “Untrustworthy commercial vendors and tools can present significant risks to the security and integrity of the US government information and information systems.”

In the absence of a clear and standardised direction on whether federal agencies could use the spyware, commercial spyware vendors were also seeking to make inroads into the US system.

Two, the US noted that a growing number of foreign governments had deployed this technology to “facilitate repression and enable human rights abuses, including to intimidate political opponents and curb dissent, limit freedom of expression, and monitor activists and journalists”. The executive order notes that democratic governments too have confrontation revelations that actors within their systems have used spyware to “target their citizens without proper legal authorisation, safeguards and oversight”.

It was in this backdrop that the administration devised a set of objectives for the use of commercial spyware – ensure that it aligns with US national security and foreign policy interests “in upholding and advancing democratic processes and institutions and respect for human rights”; ensure that the US does not contribute, directly or indirectly, to the proliferation or misuse of commercial spyware; and help protect US government personnel and information systems. The senior administration official quoted above suggested that the administration also hopes that the order will help spur reform in an unregulated industry and provide the foundations for greater international collaboration.

The order itself establishes “counterintelligence, security and improper use” factors which will lead to the exclusion of the spyware from US use. This includes, among other situations, when a foreign actor uses commercial spyware against “activists, dissidents, or other actors to intimidate; to curb dissent or political opposition: to otherwise limit freedoms of expression, peaceful assembly or association; or to enable other forms of human rights abuses or suppression of civil liberties”.

While the order itself does not have a list of spyware tools or companies that will henceforth be excluded, the senior administration officials said that it will enable information sharing processes across agencies in the government; heads of relevant agencies will then make a determination; the bar for making this determination on what spyware can be allowed and what is prohibited will be “very high”; and this will happen on a case by case basis.

  • Prashant Jha
    ABOUT THE AUTHOR
    Prashant Jha

    Prashant Jha is the Washington DC-based US correspondent of Hindustan Times. He is also the editor of HT Premium. Jha has earlier served as editor-views and national political editor/bureau chief of the paper. He is the author of How the BJP Wins: Inside India's Greatest Election Machine and Battles of the New Republic: A Contemporary History of Nepal.Read More

Get the latest headlines from US news and global updates from Pakistan, Nepal, UK, Bangladesh, Russia and US Iran war Live, get all the latest headlines in one place on Hindustan Times.