The U.S. State Department said it’s implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members.
“The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association,” Secretary of State Antony Blinken said. “Such targeting has been linked to arbitrary detentions, forced disappearances, and extrajudicial killings in the most egregious of cases.”
The latest measures, underscoring continued efforts on part of the U.S. government to curtail the proliferation of surveillance tools, are designed to “promote accountability” for individuals involved in commercial spyware misuse.
The new policy covers people who have used such tools to “unlawfully surveil, harass, suppress, or intimidate individuals,” as well as those who stand to financially benefit from the misuse.
It also includes the companies (aka private sector offensive actors or PSOAs) that develop and sell the spyware to governments and other entities. It’s currently not clear how the new restrictions will be enforced for individuals who possess passports that don’t require a visa to enter the U.S.
However, CyberScoop notes that executives potentially affected by the ban would no longer be eligible to participate in the visa waiver program, and that they would need to apply for a visa to travel to the U.S.
The development comes days after Access Now and the Citizen Lab revealed that 35 journalists, lawyers, and human-rights activists in the Middle Eastern nation of Jordan were targeted with NSO Group’s Pegasus spyware.
In November 2021, the U.S. government sanctioned NSO Group and Candiru, another spyware vendor, for developing and supplying cyber weapons to foreign governments that “used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”
Then early last year, U.S. President Joe Biden signed an executive order barring federal government agencies from using commercial spyware that could pose national security risks. In July 2023, the U.S. also placed Intellexa and Cytrox on a trade blocklist.
According to an intelligence assessment released by the U.K. Government Communications Headquarters (GCHQ) in April 2023, at least 80 countries have purchased commercial cyber intrusion software over the past decade.