We need a new global standard to curb intrusive spyware
The author is the Director of International Policy at Stanford University’s Cyber ??Policy Center
More than ten years later, the democratic government finally realized the harm of commercial spyware.Recent media reports have exposed how authoritarian regimes use Pegasus software from NSO Group Monitor journalists and politicians. The European Union has now tightened its regulations on the export of surveillance technology, and the US Department of Commerce last week determined that Israel-based NSO Group and three other hacker companies “engage in activities that violate the interests of national security or foreign policy.” America’s”. However, these modest steps are far from enough: what is needed is a global standard to control technologies that violate the right to privacy, the right to free assembly, and the right to freedom of speech.
From severe ransomware to suspicious neural algorithms that use AI to identify suspicious nonverbal activities, to facial and emotion detection technologies, software applications that conflict with liberal democratic values ??have proliferated.
Traditionally, export controls have been imposed on products that threaten national security, such as products that may promote the manufacture of nuclear weapons. The European Union recently expanded its export system to include spyware technology and use human rights violations as a standard for potential harm. However, since the NSO Group is located outside the European Union, it is not within the jurisdiction of Brussels. Without a broader international agreement, the options for containing these companies are limited.
The absence of global restrictions brings a further credibility risk: when liberal democracies actually allow the development and sale of digital weapons, how can they lobby against the abuse of human rights by authoritarian regimes?
Although restrictions on exports may help prevent the flow of intrusive technologies from democracies to dictatorships, imports and domestic use remain unresolved.Pegasus Project disclose In the heart of the European Union, how Hungarian Prime Minister Viktor Orban deployed a commercial surveillance system to target the few remaining independent media organizations in his country.
Even some democracies, such as the Netherlands, are guilty of purchasing hackers and surveillance systems, but did not disclose which ones. There is no doubt that they will claim that these are only used to track down the most serious criminal and terrorist suspects. However, this provides credibility and capital to an extremely harmful industry. If democracies are serious about curbing surveillance, they should increase transparency and lead by example.
In addition to adopting temporary measures or restrictions on individual companies, the United States should also cooperate with the European Union and other willing countries to develop new international standards for the use and trade of spyware.This will be the tangible result of President Biden’s upcoming office Democracy Summit, The virtual conference headed by the United States in early December aimed to prevent authoritarianism, fight corruption, and promote human rights.
In addition to spyware, there are many other technologies that require stricter scrutiny and supervision. Illegal mass surveillance systems, facial recognition software and tools used in illegal cyber operations are traded across borders to promote repression, conflict and instability.Bad cyber security is Now is the source of systemic risk This threatens the country’s resilience. Coordination needs to be strengthened to ensure that current legal technology does not provide the means for widespread violations of rights.
In addition, international agreements between democracies against malicious use of technology will help formulate multilateral norms. UN human rights experts once again this week warned about how technology companies can act as modern “mercenaries.” They warned: “Private actors provide a wide range of military and security services in cyberspace, including data collection, intelligence, and surveillance.”
In the future, licensing requirements should become the default setting for technology companies that violate human rights standards in democratic countries. This will ensure better control over end use and exports. Regulation will also allow mapping the way the software is deployed and increase transparency. Similarly, companies should strengthen their own risk management. When technology companies can undermine global security unhindered, the credibility of democracies is at stake.