Stay informed with free updates
Simply sign up to the Cyber Security myFT Digest — delivered directly to your inbox.
The US will restrict visas for abusers of commercial spyware, including those selling the encryption-busting malware, in an effort to rein in a sprawling, multibillion-dollar industry that has been tied to the repression of dissidents around the world.
The visa ban is designed to further punish spyware manufacturers that are credibly accused of deriving “financial benefit” from the sale of military-grade software to countries that abuse it, the US state department said on Monday.
The ban follows a March 2022 executive order that prohibited any US government agency from purchasing spyware from manufacturers credibly accused of selling to countries that abuse it. In November 2021, the US commerce department placed Israel’s NSO Group, the private equity- backed company that pioneered the industry, on a blacklist.
“Travel to the United States is an important element for those that are involved in the sector and that are involved in technology broadly,” a senior US official said. “And we want to make sure that there is accountability for those who are involved in both the misuse or enabling the misuse, which is an important element of this.”
The government has already listed this sort of spyware — which can bypass the encryption on modern smartphones to mirror their content remotely — as a threat to its national security. By March 2023, at least 50 government employees working overseas had been found to have been surveilled surreptitiously by spyware, raising counter-intelligence concerns.
The US official, speaking on the condition of anonymity, declined to say if more had been discovered since then. But the Biden administration has taken an increasingly tough stance on the manufacturers of spyware, most of whom are based in Israel, a close ally that classifies it as a weapon. Israel regulates its sale to its own allies.
It is unclear what impact those policies have had on preventing the spyware from being deployed on dissidents, journalists and human rights advocates. Last week, an NGO called Access Now, working with Citizen Lab, a watchdog group at the University of Toronto, found that at least 35 people in Jordan, which receives large amount of US financial and military assistance, had been targeted with the NSO Group’s Pegasus spyware.
Those included researchers at Human Rights Watch and Daoud Kuttab, a renowned radio journalist in Amman, whose phone was repeatedly hacked with Pegasus between February 2022 and September 2023.
The commerce department blacklisting of NSO — which cut the company off from any dealings with the US companies that it relied on for servers and IT equipment — combined with the 2022 executive order scuppered a possible sale of the company to a US defence contractor, two people familiar with the situation told the Financial Times last year.
NSO, which was not mentioned by name in this order, has continued to operate, and rivals have sprung up in EU countries, including Greece and Cyprus. NSO did not immediately respond to a request for comment.
“We cannot speak to any specific country or individuals based on the way this operates,” said the US official. “But this is an important signal that we’re also sending, to not those not just those that are misusing, but those that are involved in enabling the misuse.”
Read the full article here