Biden order to restrict government’s use of spyware
WASHINGTON — President Joe Biden on Monday signed an executive order restricting U.S. government use of a class of powerful surveillance tools that have been abused by autocracies and democracies around the world to spy on political dissidents, journalists and human rights activists.
The tools in question, known as commercial spyware, give governments the power to hack the mobile phones of private citizens, extracting data and tracking their movements. The global market for their use is booming, and some U.S. government agencies have studied or deployed the technology.
Commercial spyware, including Pegasus, made by Israeli firm NSO Group, has also been used against U.S. government officials overseas. On Monday, a senior administration official said that at least 50 U.S. government personnel in at least 10 countries had been hacked with spyware, a larger number than was previously known.
The executive order prohibits federal government departments and agencies from using commercial spyware that might be abused by foreign governments, could target Americans overseas or could pose security risks if installed on U.S. government networks.
The order covers only spyware developed and sold by commercial entities, not tools built by U.S. intelligence agencies.
The order is not a blanket prohibition, and it allows for U.S. agencies to use commercial spyware in some cases.
For instance, the Drug Enforcement Administration has deployed an Israeli-made tool called Graphite, made by the firm Paragon, as part of its counternarcotics operations. U.S. officials have indicated they have no plans to terminate the DEA’S use of the tool, but would revisit the decision if evidence emerges that Paragon’s hacking tools have been abused by other governments.
The executive order signed by Biden on Monday states that for a U.S. government agency to use commercial spyware, officials must determine that the tools do not “pose significant counterintelligence or security risks to the United States government or significant risks of improper use by a foreign government or foreign person.”
Administration officials said the executive order would be central to a message Biden plans to bring to a White House-sponsored gathering, the Summit for Democracy, later this week.
The most prominent seller of spyware is NSO Group. Numerous governments, from Mexico to India to Saudi Arabia, have deployed NSO’S Pegasus spyware against political dissidents and journalists. In November 2021, the Biden administration put NSO and another Israeli spyware company on a Commerce Department blacklist.