The U.S. plans to sign an international agreement designed to govern the use of commercial spyware, the State Department said Thursday.
The announcement comes nearly a week after 21 countries signed a voluntary and non-binding Code of Practice outlining how they intend to jointly regulate commercial cyber intrusion capabilities (CCICs) and combat spyware companies whose products have been increasingly used to target civil society.
Recorded Future News first reported the publication of the Code of Practice, which is the result of a year of diplomatic negotiations known as the Pall Mall Process.
There is an exploding market for CCICs with abuses piling up.
Poland, Mexico, Greece, Spain and several other countries have experienced spyware scandals in recent years.
If countries had not acted, Pall Mall participants have said, an unchecked CCIC market would lead to continuing abuses of the technology.
Britain and France, which have led the negotiations, have aired concerns that the marketplace will incentivize countries to amass and jealously guard cybersecurity vulnerabilities for their own use.
Pall Mall participants have previously told Recorded Future News that it is not clear how spyware developers will react to the Code of Practice and whether they will change their practices.
Many of the industry leaders involved in the negotiations are not the vendors whose products have been used, for example, to target political opposition figures in Poland or journalists reporting on Russia.
The Code of Practice attempts to separate companies with a track record for product abuses from other market participants.
“You can’t slap the same rules on spyware vendors as on exploit brokers,” Alexandra Paulus, a participant from the German Institute for International and Security Affairs, recently told Recorded Future News.
Human rights activists cheered Thursday’s news.
“It shows that this is a really bipartisan issue,” said Natalia Krapiva, senior tech counsel at the digital freedom advocacy group Access Now. “It is definitely significant.”
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.
