Biden Executive Order Bans Federal Agencies From Using Commercial Spyware

The Biden administration on Monday announced a new executive order that would broadly ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. From a report: The move to ban federal agencies -- including law enforcement, defense and intelligence -- from using commercial spyware comes as officials confirmed that dozens of U.S. government personnel had their phones targeted. Human rights defenders and security researchers have for years warned of the risks posed by commercial spyware, created in the private sector and sold almost exclusively to governments and nation states. [...] In a call with reporters ahead of the order's signing, Biden administration officials said that the United States was trying to get ahead of the problem and set standards for other governments and its allies, which buy and deploy commercial spyware. The order is the latest action taken by the government in recent years, including banning some spyware makers from doing business in the U.S. and passing laws aimed at limiting the use and procurement of spyware by federal agencies.

Anti-Israeli move?

[sinij]

This is strange move, as it does not ban spyware or criminalizes its development, rather prevents purchasing from commercial vendors, which have to be on the approved lists to sell, which are in turn mostly Israel-based companies.

Re:

[MachineShedFred]

That's a whole lot of words for "no u".

Re:

[ewibble]

While I think you are right it probably isn't anti-Isreal, or its to much of a cognitive leap for me to be comfortable with. (I also don't know if the dog catcher part is true, either, https://forward.com/fast-forwa... [forward.com] 17 voted against condemning BDS so I think the dog catcher part is hyperbole). But I don't know how only using government developed spying software protects peoples privacy more.

To me its more likely a diversion, to say look we are not spying, we don't use commercial spyware, when they have p

Re:

[MachineShedFred]

There is something to be said for "we're not using spyware developed outside of our ability to audit and fully understand what it's doing, and where the data is also going."

Not using spyware at all isn't a feasible position for a government to take, unfortunately. The next best is that we're not using spyware that has also been compromised to send all that data to someone else who may or may not be a US ally, to use for whatever the hell they like.

Amazingly progressive.

[CyberRacer]

Now they're only allowed to use proprietary in house developed spyware that poses threats to human rights and national security.

Re:Amazingly progressive.

[jacks smirking reven]

It is kinda different though. I am not saying it's "good" from a moral point of view since it probably isn't but ther is what I would consider a line between what agencies do as far as intelligence operations for their own goals and supporting companies that would do that type of work and sell it for profit which I could argue is actually worse.

At least with a spyware developed and used solely by the US agencies there is some degree of democratic control. A private company, much less a foreign one has little to no safeguards that can be enacted really.

Re:

[The Faywood Assassin]

I would agree. With in-house software the government can at least have the assurance the software won't carry unexpected payload and spy on the agency using it as well.

Re:

[CyberRacer]

I appreciate your distinction, however given the histories of such agencies (CIA, NSA, DARPA, FBI, etc.) going well beyond what I would consider moral, I no longer have any trust that they are even bound by the 'safeguards' we know, let alone the ones we haven't yet even considered as a societal whole.

Re:

[jacks smirking reven]

No one is asking you to trust them though, that's reflected through who you vote for, specifically the President and which members get chosen to the SSCI and HPSCI since they have oversight over those agencies operations.

That said do I trust our own agencies over the NSO Group who are accountable only to their customers and their shareholders? Ever so slightly in my opinion.

Re:

[ewibble]

Of course, unless you get a private company to subcontract parts of it. Then you its technically government developed but no better than company developed software.

Re:

[jacks smirking reven]

I mean I imagine most tools the agencies used are subcontracted to some degree, it's kinda how the vast majority of military equipment and software gets made. I think there still is a difference in the NSA paying L3-Harris to build them a tool just for them and no one lese versus a company developing and selling a tool to anyone with the cash to pay the price for it.

Re:

[MachineShedFred]

Also, there is a pretty good legal framework about what certain agencies are chartered to do. Example: the CIA is not permitted to spy on US citizens, as part of their charter.

That's what the FBI is for!

Re:

[sabbede]

Have you considered how an intelligence gathering tool harms our national security unless our enemies are using it against us? They are already breaking our laws to spy on us, and this won't even slow them down. What it will do is slow us down, making it harder to detect spies and carry out our own intelligence gathering.

I have mixed feelings about the topic, but when presented with laughably absurd arguments I become suspicious of the position being advanced as well as the people making it, their moti

Re:

[groobly]

Except that the in-house stuff is not developed in-house, it's developed under contract, so really, it is a distinction without a difference.

whitehouse link

[Anonymous Coward]

https://www.whitehouse.gov/bri... [whitehouse.gov]

Commercially Developed Only

[SmaryJerry]

Basically he's saying he wants to stop supporting the marketplace for spyware so other countries don't get an option to buy it, meanwhile spending billions of military spending developing the in-house tools for the US to spy on everyone anyways.

Re:

[drinkypoo]

They need the talent in-house anyway, might as well not contribute to stuff that anyone could use for any purposes.

Re:

[sabbede]

Does that make sense given that other countries have their own in-house developers in their intel agencies? Even if they didn't, they would represent a more than sufficient customer base to keep commercial spyware developers afloat on a sea of profits.

So, what's really going on? This won't do anything to hinder foreign spies and American spies have their own tools, so what would this ban accomplish? The article mentions finding spyware on the phones of US government officials, but how would this law d

In other words ...

[Skapare]

... develop it yourself.

Re:

[schwit1]

How is this off topic? The government already does this for location data it can't get a warrant for.

Does EO include the Harris Stingray?

Re:

[bussdriver]

More likely they privately chatted with the politicians' secret girlfriends (or boys) and congress shut up; except for Bernie who they have absolutely nothing on, but nobody listens much to him anyway.

Removing Capitilistic greed from the equation

[Gibgezr]

This is a good move. Does it solve all the issues about privacy and nation-level spying? No, but that's a seemingly insolvable problem anyway, so don't be surprised: NOTHING can solve that. What it does do is reduce the profit motive of companies to research and develop this technology so they can "get rich", meaning there's less people to buy this tech from. If you want the capability you have to build it, not just shop around and buy it (or at least, they are trying to make it harder to find someone who w

Re:

[HiThere]

Well, it's a good sounding move. I'm not sure what enforcement is going to be like, though. And he's still not saying they can't buy the data from the market. (

*Should* he say that? I dunno. What's really needed is to shut down that market, but the history of such attempts isn't encouraging.

This does very little.

[usedtobestine]

All it means is that government departments now have to pay for the NSA/FBI/CIA developed spyware/malware.

So...

[excelsior_gr]

...are they all switching to Linux?

Finally... the year of the Linux Desktop!

[Anonymous Coward]

Since they're banning commercial spyware that means Windows 10, Windows 11 and Microsoft 365 are out!

Phone apps

[Splyncryth]

Most well known phone apps already grab and beam back to the mother ship information government organizations want. So no need to install spyware onto someones phone, when the end user already agreed to be spied upon by corporations!

No problem.

[biggaijin]

The US's in-house spyware is a lot better anyway. The NSA builds it better.

Any teeth to this executive order

[misnohmer]

If some government agency used commercial spyware to collect date, what are the consequences? Everyone who knew, signed off on such a purchase, goes to jail (including POTUS, if they had any part in approving, buying, or covering up purchases of such software)? Is evidence gathered by such commercial software automatically now considered illegally collected and therefore inadmissible in court, along with any other "fruit of the poisonous tree" information? Or is this just empty virtue signaling, doing noth

Wait, we can't use it because it was used on us?

[sabbede]

"...comes as officials confirmed that dozens of U.S. government personnel had their phones targeted."

Targeted by whom? Because that only makes sense as a justification if the US Government was spying on its own employees. If that is the case, then the issue is not whether or not the government can buy the software, it is why the hell is the government is spying on itself.

If that isn't the case, and foreign governments were getting onto the phones of officials, then this is an idiotic decision to hamst

that's cute...

[Quake1v1]

Now how about getting rid of the PATRIOT act and disabling the NSA's home grown spyware?