On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, marking the first time this type of software – also known as government or mercenary spyware – has been discussed at the Security Council.
The purpose of the meeting, according to the US Mission to the UN, was “to address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security.” The United States and 15 other countries requested the meeting.
While the meeting was largely informal and did not end with any concrete proposals, most of the countries involved, including France, South Korea and the United Kingdom, agreed that governments should take action to control the spread and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.
John Scott-Railton, a senior researcher at Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by “a clandestine global ecosystem of developers, middlemen, brokers and boutique firms’ which is ‘threatening international peace and security as well as human rights’.
Scott-Railton called Europe “an epicenter of spyware abuses” and a breeding ground for spyware companies, referring to a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in recent years.
Contact us
Do you have more information about the makers of government spyware? From a broken device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can also contact TechCrunch through SecureDrop.
Representatives from Poland and Greece, countries that have had their own spyware scandals involving software produced by NSO Group and Intellexa respectively, also weighed in.
Poland’s representative pointed to local legislative efforts to establish “more control, including judicial control, over the relevant operational activities of security and intelligence services,” while also acknowledging that spyware can be used in a legal manner. “We are not saying that the use of spyware is never justified or required,” said Poland’s representative.
And the Greek representative noted the country’s 2022 bill to ban the sale of spyware.
Russia, in turn, blamed the United States. The Russian representative, referring to the historic revelations of NSA spying by American whistleblower Edward Snowden, said that, “it was the United States specifically that created a real system for global surveillance and illegal interference in the private lives of its citizens and other countries and continue to improve this system.”
China’s representative criticized the meeting itself, saying the discussion of “so-called commercial spyware and maintaining international peace and security is putting the cart before the horse, compared to the most harmful proliferation activities by governments.”
“Since the Stuxnet incident, the proliferation of advanced national cyber weapons has created a series of major risks on the Internet, which are far more harmful than commercial spyware,” China’s representative said, referring to the malware- it Stuxnet that was developed as part of an American program. The Israeli operation was aimed at sabotaging Iran’s nuclear weapons program.
During the Biden administration, the US government has taken several actions against commercial spyware, including sanctioning Israeli spyware manufacturers NSO Group and Candiru, as well as Greece-based Intellexa and its founder Tal Dilian; and imposing travel bans against people involved in the spyware industry.
Last year, people who work or have worked in the spyware industry told TechCrunch they expressed concerns that sanctions and other punitive measures would affect them personally.
