Biden to limit intelligence agencies’ use of spyware

President Biden will sign an executive order Monday restricting federal agencies’ use of spyware deemed a national security risk, but it doesn’t define which technology will be limited or how risk will be assessed.

Spyware is a surveillance tool secretly installed on a person’s smartphone or computer to monitor their internet usage, keystrokes and other activities. That information is then sent to a government or other entity without the person’s consent.  

U.S. lawmakers have grown increasingly concerned about spyware placed on the phones of diplomats to learn government secrets. Authoritarian governments are known to use it to track journalists and political enemies.

Mr. Biden’s order bars the use of spyware across the federal government, including by intelligence, law enforcement and defense agencies. However, the ban only bars the use of the snooping malware deemed a “significant” counterintelligence or security risk to American citizens or government information.

Senior administration officials briefing reporters on the order declined to say which spyware tools would be deemed a security risk or how that would be determined. The officials also balked at the idea of making public the list of banned spyware.

One senior administration official said spyware manufacturers would need to meet a “high bar” to win a government contract, but added that a company will be able to appeal a ban.

By banning spyware, Mr. Biden is aiming to set an example that will encourage other governments around the world to abandon its use. The administration’s thinking is that limited use of the tools will prevent proliferation, thus reducing incidents of spying on U.S. diplomats and personnel.

At least 50 overseas U.S. personnel have been targeted by commercial spyware, one official told reporters.

“Proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including the safety and security and U.S. personnel and their families,” the official said.

But even as the Biden administration condemns the use of spyware, the U.S. government has become increasingly interested in deploying the technology. The FBI, for example, has looked into the tools as a response to the increasing difficulty of obtaining evidence from encrypted devices and messaging services.

The FBI confirmed last year that it had obtained a license for Pegasus, a spyware product Israeli tech firm NSO Group, which has come under fire for a long list of privacy violations. NSO Group was blacklisted by the Biden administration in 2021.

FBI Director Christopher A. Wray told Congress that the agency had never used the software, but obtained the license to better understand how the technology worked.

The FBI came close to deploying the spyware and even worked up guidelines for federal prosecutors, raising fears that the U.S. government may be embracing the use of spyware, according to a New York Times.

The revelation sparked concern among lawmakers. 

Rep. Jim Himes, Connecticut Democrat, sent the Biden administration a letter in November saying he was worried the FBI’s decision could lead to increased use of spyware among government agencies.