On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, marking the first time this type of software – also known as government or mercenary spyware – has been discussed at the Security Council.
The goal of the meeting, according to the US Mission to the United Nations, was to “address the implications of the proliferation and abuse of commercial spyware for maintaining international peace and security.” The United States and 15 other countries have requested the meeting.
Although the meeting was mostly informal and did not end with concrete proposals, most of the countries involved, including France, South Korea and the United Kingdom, agreed that governments should take action to control proliferation and commercial spyware abuse. Russia and China, however, have dismissed the concerns.
John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has been investigating spyware abuses since 2012, gave testimony in which he raised the alarm about the proliferation of spyware produced by “a secretive global ecosystem of developers, brokers, intermediaries and boutique companies,” which “is threatening international peace and security, as well as human rights.”
Scott-Railton called Europe “an epicenter of spyware abuse” and fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in recent years.
Contact us
Do you have more information on government spyware makers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Also speaking were representatives from Poland and Greece, countries that have had their own spyware scandals involving software made by NSO Group and Intellexa, respectively.
The representative of Poland highlighted local legislative efforts aimed at ensuring “greater control, including by the judiciary, over the relevant operational activities of security and intelligence services,” also recognizing that spyware can be used legally. “We are not saying that the use of spyware is never justified or even required,” the representative of Poland said.
And the Greek representative highlighted the country’s 2022 bill to ban the sale of spyware.
Russia, however, blamed the United States. The Russian representative, referring to the historic revelations about NSA spying by the US whistleblower Edward Snowden, said that “it was precisely the United States that created a real system of global surveillance and illegal interference in the private lives of its citizens and citizens of other countries and continue to perfect this system.”
The Chinese representative criticized the meeting itself, saying that discussing “so-called commercial spyware and maintaining international peace and security is putting the cart before the horse with respect to the most harmful proliferation activities by governments.”
“After the Stuxnet incident, the proliferation of advanced domestic cyber weapons has created a series of serious risks on the Internet, which are much more harmful than commercial spyware,” the Chinese representative said, referring to the Stuxnet malware that was developed as part of a US-American initiative. Israeli operation aimed at sabotaging Iran’s nuclear weapons program.
During the Biden administration, the U.S. government took several actions against commercial spyware, including sanctioning Israeli spyware makers NSO Group and Candiru, as well as Greece-based Intellexa and its founder Tal Dilian; and the imposition of travel bans against individuals involved in the spyware industry. Last year, people who work or have worked in the spyware industry expressed concern that fines and other punitive measures could affect them personally.
