United States President Joe Biden has signed an Executive Order banning commercial spyware from government agencies. The order comes in response to growing concerns about the use of such software to conduct surveillance and espionage operations.
With this order, the Biden Administration aims to safeguard the privacy and security of citizens and prevent foreign actors from accessing sensitive government information.
Section 1 of the executive order states:
"The growing exploitation of Americans' sensitive data and improper use of surveillance technology, including commercial spyware, threatens the development of this ecosystem.
Foreign governments and persons have deployed commercial spyware against United States Government institutions, personnel, information, and information systems, presenting significant counterintelligence and security risks to the United States Government.
Foreign governments and persons have also used commercial spyware for improper purposes, such as to target and intimidate perceived opponents; curb dissent; limit freedoms of expression, peaceful assembly, or association; enable other human rights abuses or suppression of civil liberties; and track or target United States persons without proper legal authorization, safeguards, or oversight."
The section goes on to specify that the ban applies to "spyware that poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." So, spyware that does not threaten national security is allowed, which is an important distinction to make.
[RELATED: Stalkerware: Sold by Hackers, Used by Abusers]
The EO also requires government agencies to implement strict measures to prevent the use of commercial spyware in the future. This includes the development of comprehensive policies and procedures to ensure that all software used by government agencies complies with the ban on commercial spyware.
Additionally, the executive order directs the National Institute of Standards and Technology (NIST) to develop guidelines for the detection and prevention of commercial spyware, which will be used by government agencies to evaluate the security of software used in their operations.
The EO comes in the wake of several high-profile incidents in which commercial spyware was used by government agencies to spy on individuals and organizations. The most notable of these incidents was the NSO Group's Pegasus spyware, which was used by various governments around the world to surveil activists, journalists, and other individuals.
If you are not familiar with the NSO Group, now might be a good time to make yourself familiar. In 2021, a string of highly controversial incidents led the U.S. government to blacklist the group for "engaging in malicious cyber activities." Shortly after, Apple decided to sue the abusive state-actor for its ability to hack iPhones using previously undiscovered Zero-Day vulnerabilities. Pegasus spyware was also reportedly used to target senior European Union officials in April 2022.
The EO sends a clear message that the U.S. government will not tolerate the use of spyware for malicious purposes and will take all necessary steps to protect the privacy and security of its citizens.
Follow SecureWorld News for more stories related to cybersecurity.
