More countries to act against spyware abuse

Content of the article

Graphics by Juleta Martirosyan via GettyImages.ca

Canada, the United States, France and the United Kingdom are among 25 countries, as well as groups representing nations, today pledging to crack down on the misuse of commercial spyware by some governments and law enforcement agencies.

Content of the article

The so-called Pall Mall process – after an initial two-day meeting in London – has promised to create principles for governments and the IT industry to oversee the development and use of these applications.

Content of the article

The conference was also attended by IT giants like Google, Microsoft and Meta. The declaration was signed by the 55-nation African Union and the six-nation Gulf Cooperation Council, including Saudi Arabia.

Among the weapons that countries with spyware developers can use are export controls that deny the sale of spyware to certain countries. Another could be regulations restricting the use of spyware by government departments or police departments. For example, last year US President Joe Biden issued an executive order restricting federal agencies from using commercial spyware without White House approval.

Separate to the Pall Mall Process announcement, the US announced on Monday that visa restrictions would be imposed on anyone trying to enter a country known to abuse commercial spyware.

Commercial spyware, usually installed surreptitiously on mobile devices by the victim clicking on a link or visiting an infected website, is often marketed and marketed for use by police departments or intelligence agencies against fraudsters or foreign spies. However, some countries use it to spy on activists and journalists.

Content of the article

Content of the article

Consumer-targeted spyware can also be found in mobile app stores, marketed as tools employers can use to monitor employees or as a way to track a person's partner.

The Pall Mall Declaration calls for unspecified actions to be taken, in part, to hold states accountable for their activities in violation of international human rights law and to hold non-state actors accountable in domestic systems.

“The growing commercial market for the development, facilitation, procurement and use of commercially available cyber security capabilities raises questions and concerns about its impact on national security, human rights and fundamental freedoms, international peace and security, and the free, open, peaceful . , stable and secure cyberspace,” the participants said in the declaration.

“Without international and meaningful multilateral action, the growth, diversification, and inadequate oversight of this market increase the likelihood of profit-driven targeting or disruption of a wide range of targets, including journalists, activists, human rights defenders, and government. officials,” said the declaration. “It also risks facilitating the spread of potentially destructive or disruptive cyber capabilities to a wide range of actors, including cybercriminals. Uncontrolled distribution can increase the breadth of access to sophisticated capabilities and, as a consequence, the complexity of incidents to detect and mitigate for cyber defense. This trend contributes to an unintended increase in cyberspace.

Content of the article

“We recognize that many of these tools and services can be used for legitimate purposes in the broader market, but they must not be designed or used in ways that threaten the stability of cyberspace or human rights and fundamental freedoms. an approach inconsistent with applicable international law, including international humanitarian law and international human rights law. Also, they should not be used without proper safety precautions and supervision. We decide to explore legal and responsible usage parameters.”

The next conference will be held in France next year.

The conference comes after groups including the University of Toronto's Citizen Lab published research suggesting that software like Pegasus has been used, possibly by governments.

In a recent report by Citizen Lab and Access Now, the iPhones of some reporters and lawyers in Jordan were infected or targeted by the Pegasus virus.

“Overall, this process is a positive step, albeit incomplete,” Citizen Lab director Ron Deibert said in an email. “It is good that governments are recognizing the serious harm done by the spy-for-hire and for-hire industries and are pledging to take action to reduce that harm. It is now important that governments turn these words into action. Many governments are still in the hacking business, and the agencies that use these tools are shrouded in secrecy and not publicly accountable, including Canada.

This is not the first attempt by some governments to curb the use of spyware. Last March, 11 countries, including Canada and the US, issued a joint statement on commercial spyware abuse.

The post Other countries taking action against spyware abuse appeared first on IT World Canada.

This section is provided by IT World Canada. ITWC covers the enterprise IT spectrum, providing news and information for IT professionals aiming to succeed in the Canadian market.

Content of the article