The White House followed through on previous promises to pursue stronger oversight of commercial spyware companies and how their products are used in the U.S.
The Biden administration announced major federal action against commercial spyware technologies with a new executive order prohibiting the U.S. government from using commercial spyware products which threaten national security and human rights.
Commercial spyware refers to surveillance software that can be sold and installed discreetly, often without the knowledge of an end user. After installation, the software can extract and augment sensitive data within a device.
As the health of national security shifts to a digital frontier, President Joe Biden’s new executive order will work to prevent government agencies and personnel from being the targets of malicious spyware by restricting its usage. Officials on a press call confirmed at least 50 U.S. personnel overseas were targeted by commercial spyware, spurring further federal action to reduce U.S. data exposure.
“This executive order will serve as a concrete demonstration of US leadership and commitment to countering the misuse of commercial spyware and other surveillance technology,” a senior administration official said during a press call on Monday. “The executive order…prohibits departments and agencies across the federal government, from operationally using commercial spyware tools that pose significant counterintelligence or security risks to the U.S. government, or significant risks of improper use by a foreign government or foreign person, including to target Americans or enable human rights abuses, and it encompasses spyware tools that are furnished by foreign or domestic commercial entities.”
The administration noted that it has seen a “growing number” of foreign governments utilizing commercial spyware against their own citizens in both democratic and authoritarian regimes. In 2021, the Biden administration launched a multi-agency initiative to study how commercial surveillance tech can be used against civil rights and what policy measures would be needed to counter these effects.
The Department of Commerce moved in sync with these efforts in November 2021 by adding four foreign companies based in Israel, Russia and Singapore to its list of designated spyware technology suppliers. They were subsequently placed on federal export control.
“As we dug into this effort, we also recognized quickly that the proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. personnel and their families,” the senior administration official said.
Preceding this executive order, the Biden administration had issued export controls on software linked to known spyware. Now, the executive order functions as a “consensus product” between all U.S. departments and agencies, ensuring that federal agencies using commercial spyware align with U.S. foreign policy and national security interests, and that they do not contribute to commercial spyware abuse.
By formalizing potential factors that could indicate cybersecurity risks, the executive order attempts to add some oversight into a broadly uncontrolled industry. It aims to function as an information sharing vehicle to ensure that federal agencies can make accurate determinations on commercial spyware with precise information on its security and impacts.
“We believe this executive order will also help spur reform in a largely unregulated and insufficiently controlled industry, including by outlining responsible use, and remedial factors that are intended to prevent misuse and reduce risks to U.S. national security,” the senior administration official added.