How the Biden Administration Can Combat the Spyware Threat
Late last month, the Biden administration issued an executive order prohibiting the government use of commercial spyware—powerful software for covertly collecting mobile phone data—that could jeopardize U.S. national security. The short-term goal of the move is to provide federal agencies and departments with guidance on how to safely buy private sector spy tools. But in the long run, the administration looks to wield American economic might against a market where private firms and international allies actively distribute and misuse invasive surveillance technologies.
It’s obvious why we should be concerned aboutour adversaries acquiring and abusing private sector surveillance capabilities America’s rivals have targeted more than 50 U.S. government employees with commercial spyware. But the best way to thwart efforts by foes to access critical information is to bring our partners in line. America’s democratic allies have been buying and selling spy tools with little discretion. Firms have been happy to oblige our rivals in exchange for lucrative contracts. Despite President Biden’s penchant for inaction, the White House now has an opportunity to turn the tide on spyware threats.
U.S. government agencies are by far the largest and most profitable market for spyware vendors. Better late than never, Biden’s executive order seeks to leverage federal buying power to reshape the global surveillance-for-hire market. By instituting new guidelines on the acquisition and use of commercial surveillance tools, the administration sends a clear message to companies: If your products have targeted U.S. citizens or repressed human rights abroad, America won’t be doing business with you.
U.S. allies have so far been loath to regulate their spyware firms. Europe in particular has been a hub for circulating digital surveillance capabilities. From 2008 to 2014, Italy allowed the Milan-based firm Hacking Team to export its Galileo spyware with virtually no limitations. Similarly, the Anglo-German Gamma Group sold its Finfisher package to both authoritarians and democracies with little governmental oversight. Greece has allegedly approved the sale of spyware to regimes like Madagascar with a history of repression. And more recently, researchers have found hacking tools from Variston—a newly discovered Spanish company—targeting individuals in Indonesia, Belarus, the United Arab Emirates, and Italy.