Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

US Limits Government Use of Advanced Smartphone Spyware

White House Says at Least 50 US Personnel Overseas Targeted by Commercial Spyware
US Limits Government Use of Advanced Smartphone Spyware
Image: Craig Filde/CC BY-NC-ND 2.0

The U.S. government limited its use of advanced surveillance software such as Pegasus through an executive order signed by President Joe Biden prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents.

See Also: The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience

The order also walls off from the federal market surveillance apps that pose significant counterintelligence risks because they've been used to spy on government personnel.

Apps that gather text messages, surreptitiously turn on microphones and transmit precise location information have spread across the globe for nearly a decade, fueled by an industry now consisting of at least 30 vendors. Civil society activists have decried their use by authoritarian governments. Spyware abuses involving apps such as NSO Group's Pegasus and Cytrox's Predator are the cause of recent political scandals in several European countries.

Advanced spyware's ability to conduct what once required a sophisticated intelligence-gathering apparatus hit closer to home for American officials after U.S. diplomats stationed in Uganda in 2021 reportedly found Pegasus on their devices (see: Tech Alone Won't Defeat Advanced Spyware, US Congress Told). The New York Times reported this month that the phone of a U.S. and Greek national who worked on Facebook's security and trust team while based in Greece was infected with Predator. White House officials during a Monday morning press call said at least 50 U.S. personnel overseas have been targeted by advanced spyware in 10 countries on multiple continents.

The most advanced apps can infect a smartphone without the user having to take action such as clicking on a malicious link.

The executive order "demonstrates the United States' leadership in, and commitment to, advancing technology for democracy, including by countering the misuse of commercial spyware and other surveillance technology," the White House said in a statement. The Biden administration is touting the order as a "cornerstone U.S. initiative" for the second Summit for Democracy - a three-day event slated to begin Wednesday.

The order does not outright prohibit the government from purchasing advanced spyware, but it requires an agency official to certify before an app's operational use that the app doesn't run afoul of its restrictions.

"It is intended to be a high bar but also includes remedial steps that can be taken," a senior White House official told reporters during the Monday press call.

John Scott-Railton, a spyware researcher at the University of Toronto's Citizen Lab, lauded the order for using the purchasing power of the federal government to encourage improvements in the spyware industry.

"Investment fuels spyware proliferation. A lot of that is predicated on the juicy dream of the USG as the ultimate customer. The new #SpywareEO says to mercenary spyware vendors & backers: decision time. Either stop contributing to proliferation right now, or lose our number," he wrote.

A 2018 investigation by The Citizen Lab identified active Pegasus operations in 45 countries.


About the Author

David Perera

David Perera

Editorial Director, News, ISMG

Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.