France, UK Call for Stricter Commercial Spyware Rules

The governments of France and the United Kingdom called for global limits on commercial spyware, warning that unchecked growth of the industry can threaten global internet security.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The two nations are part of a multistakeholder working group set up in the wake of cases tied to the commercial spyware application Pegasus. Other members of the group include Microsoft and the United Nations Office for Disarmament Affairs.

In a joint statement released last Wednesday at the Paris Peace Forum, the group urged governments and other stakeholders to prioritize curbing spyware growth.

“Without strict boundaries, the unchecked growth of the cyber mercenary market and irresponsible use of these capabilities, including commercial spyware, will lead to significant harm and systemic instability in cyberspace,” the group said.

Concerns about the use of the Israeli-NSO Group’s Pegasus and other commercial spyware increased significantly in 2021 after an investigation by a consortium of global media revealed the tool had been used to target 50,000 victims across the world (see: Pegasus Spyware: World Leaders Demand Israeli Probe).

These included several high-profile victims including French President Emmanuel Macron, several ministers in his cabinet and other prominent European leaders as well as journalists investigating corruption cases across 24 nations.

The media findings prompted the European Parliament to launch an inquiry that concluded its probe in May. The committee called on European countries to cease exporting commercial spyware unless they meet conditions such as conforming with export controls (see: PEGA Committee Calls for Limits on Commercial Spyware).

In the United States, the Biden administration placed Pegasus developer NSO Group on an export blacklist.

The working group also recommended a number of measures to prevent the potentially dangerous growth of the technology. They include developing clear guidelines on the use of spyware by governments, imposing a ban on exports to end users likely to misuse the technology, and putting in place a moratorium on spyware use by nonstate actors.

The group called on tech companies to adopt measures to enhance cybersecurity defenses. These include increased collaboration with security researchers to responsibly disclose and mitigate vulnerabilities and develop evidence-based insight into the workings of the cyber mercenary market.

The working group said it will reconvene in the 2024 Paris Peace Forum to track the progress of its recommendations.