The US State Department said it is implementing a new policy imposing visa restrictions on individuals linked to the illegal use of commercial spyware to surveil members of civil society.
“The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association,” said Secretary of State Antony Blinken. “Such attacks have been linked to arbitrary detentions, enforced disappearances and extrajudicial killings in the most egregious cases.”
The latest measures, underscoring ongoing efforts by the US government to limit the proliferation of surveillance tools, are designed to “promote accountability” for those involved in the misuse of commercial spyware.
The new policy covers people who have used such tools to “unlawfully surveil, harass, suppress, or intimidate individuals,” as well as those who may benefit financially from misuse.
It also includes companies (aka Private Sector Offensive Actors, or PSOAs) that develop and sell spyware to governments and other entities. It is currently unclear how the new restrictions will apply to people who hold passports that do not require visas to enter the United States
However, CyberScoop notes that executives potentially affected by the ban would no longer be eligible to participate in the visa waiver program and would need to apply for a visa to travel to the United States.
The development comes just days after Access Now and Citizen Lab revealed that 35 journalists, lawyers and human rights activists in the Middle Eastern nation of Jordan were targeted by NSO Group’s Pegasus spyware.
In November 2021, the US government sanctioned NSO Group and Candiru, another spyware vendor, for developing and providing cyber weapons to foreign governments that “have used these tools to maliciously target government officials, journalists, businessmen, activists, academics and embassy employees.”
Then, early last year, U.S. President Joe Biden signed an executive order banning federal government agencies from using commercial spyware that could pose national security risks. In July 2023, the United States also placed Intellexa and Cytrox on a commercial blocklist.
According to an intelligence assessment published by the UK’s Government Communications Headquarters (GCHQ) in April 2023, at least 80 countries have purchased commercial cyber intrusion software over the past decade.