Spyware: US will restrict visas to those who manufacture or use it – 02/06/2024 – Tech

The United States will restrict visas for suspected internet spies, including those who sell encryption-breaking malware, in an effort to control a multibillion-dollar and scattered industry that has been linked to the repression of dissent around the world.

The visa ban is aimed at further punishing spyware makers who are credibly accused of gaining “financial benefit” from selling military-grade software to countries that abuse it, the US State Department said. this Monday (5).

The ban follows a March 2022 executive branch order that bars any U.S. government agency from purchasing spyware from manufacturers suspected of selling to countries that abuse it.

In November 2021, the US Department of Commerce placed Israel’s NSO Group, a private equity-backed company that pioneered this industry, on a list of banned companies.

According to a senior US government official, the trip to the country is important for those who are part of the sector and who are involved in technology in a broad sense. According to him, the government aims to hold accountable those who misuse the resource and those who facilitate this use.

The government has already listed this type of spyware — which can bypass encryption on modern smartphones to mirror its content remotely — as a threat to national security.

As of March 2023, at least 50 government employees working abroad were being secretly surveilled by spyware, raising counterintelligence concerns.

A U.S. official, speaking on condition of anonymity, declined to say whether more cases have been discovered since then. But the Biden administration has taken an increasingly tough stance toward spyware makers, most of which are based in Israel, a close ally that classifies the feature as a weapon. Israel regulates its sale to its own allies.

It is unclear what impact these policies have had on preventing the use of spyware against dissidents, journalists and human rights defenders.

Last week, an NGO called Access Now, in partnership with Citizen Lab, a monitoring group at the University of Toronto, discovered that at least 35 people in Jordan, which receives a large amount of US financial and military assistance, were targeted by the Pegasus program, from the NSO group.

Among them were researchers from Human Rights Watch and Daoud Kuttab, a renowned radio journalist in Amman whose phone was repeatedly hacked with Pegasus between February 2022 and September 2023.

NSO’s inclusion on the Commerce Department’s blacklist—which barred the company from any dealings with U.S. companies it depended on for servers and IT equipment—combined with the 2022 executive order ended a possible sale of the company to a US defense contractor, two people familiar with the situation told the Financial Times last year.

According to the senior official, the combination is an example that is being sent to those who use spyware for illicit purposes or who are behind its manufacture.

The NSO group, which was not mentioned by name in this order, continued to operate, and competitors emerged in European Union countries, including Greece and Cyprus.

In a statement, an NSO spokesperson said the company complies with “all laws and regulations and sells its technology only to US and Israeli allies.” “The company (…) does not have access to information collected by its government customers,” the spokesperson said.