On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software — also known as government or mercenary spyware — has been discussed at the Security Council.
The goal of the meeting, according to the U.S. Mission to the UN, was to “address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security.” The United States and 15 other countries called for the meeting.
While the meeting was mostly informal and didn’t end with any concrete proposals, most of the countries involved, including France, South Korea, and the United Kingdom, agreed that governments should take action to control the proliferation and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.
John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by “a secretive global ecosystem of developers, brokers, middlemen, and boutique firms,” which “is threatening international peace and security as well as human rights.”
Scott-Railton called Europe “an epicenter of spyware abuses” and a fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in the last few years.
Contact Us
Do you have more information about government spyware makers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
Representatives of Poland and Greece, countries that had their own spyware scandals involving software made by NSO Group and Intellexa, respectively, also intervened.
Poland’s representative pointed at local legislative efforts to put “more control, including by the judiciary, on the relevant operational activities of the security and intelligence services,” while also recognizing that spyware can be used in a legal way. “We are not saying that the use of spyware is never justified or even required,” said Poland’s representative.
And the Greek representative pointed to the country’s 2022 bill to ban the sale of spyware.
Russia, on the other hand, pointed blame at the United States. The Russian representative, referring to historical revelations of NSA spying by U.S. whistleblower Edward Snowden, said that, “it was the United States specifically who created a veritable system for global surveillance and illegal interference in the private life of their own citizens, and citizens of other countries, and continue perfecting this system.”
China’s representative criticized the meeting itself, saying that discussing “the so-called commercial spyware and the maintenance of international peace and security is putting the cart before the horse when compared to the more harmful proliferation activities by governments.”
“Since the Stuxnet incident, the proliferation of advanced national cyber weapons have created a series of major internet risks, which are far more harmful than commercial spyware,” China’s representative said, referring to the Stuxnet malware that was developed as part of a U.S.-Israeli operation aimed at sabotaging Iran’s nuclear weapons program.
During the Biden administration, the U.S. government has taken several actions against commercial spyware, including sanctioning the Israeli spyware makers NSO Group and Candiru, as well as Greece-based Intellexa and its founder Tal Dilian; and imposing travel bans against people involved in the spyware industry. Last year, people who work or used to work in the spyware industry expressed concerns that the sanctions and other punitive measures would personally affect them.
