More than a dozen Democratic lawmakers have called on the Biden administration to sanction four cyber surveillance firms for “enabling human rights abuses” by “selling powerful surveillance technology to authoritarian governments.”
The letter, led by Sen. Ron Wyden of Oregon and House Intelligence Chairman Adam Schiff of California, asks the Treasury Department to sanction Israeli spyware vendor NSO Group, Emirati cybersecurity firm DarkMatter and European surveillance firms Nexa Technologies and Trovicor – as well as the firms’ top executives.
The lawmakers allege that the private market for hacking tools used to spy on journalists and diplomats has run amok, and they want the Biden administration to expand its crackdown on the invasive software.
The letter follows reporting this month from Reuters and CNN that the iPhones of about a dozen State Department employees had been hacked using potent spyware made by NSO Group. The company said in a previous statement that it had cut off the “relevant customers’ access” to its systems and is investigating the matter.
In an emailed statement to CNN, an NSO Group spokesperson said it contributes to US national security interests and investigations and terminates contractors with customers that are suspected of violating its policies.
Nicolas Mienville, a spokesperson for Nexa Technologies said in an emailed statement Thursday that the company “is not a spyware firm” and that “the solution provided doesn’t decrypt any Internet communication.”
Trovicor did not respond to a request for comment. DarkMatter could not be reached for comment.
The Treasury Department declined to comment.
The Biden administration has moved to curb sales of hacking tools while pledging to make human rights a key tenet of US cybersecurity policy. The Commerce Department has already moved to block NSO Group and three other firms – Candiru, Positive Technologies and Computer Security Initiative Consultancy – from doing business with US tech firms.
The Democratic lawmakers want the administration to go farther.
“These surveillance companies do depend on the U.S. financial system and U.S.-based investors, particularly when they eventually wish to raise billions by listing on the stock market,” the lawmakers wrote in their letter to Treasury Secretary Janet Yellen and Secretary of State Antony Blinken.
The lawmakers call for the Biden administration to levy sanctions using the Global Magnitsky Human Rights Accountability Act, a law that gives the president authority to sanction people for egregious human rights abuses.
Reuters first reported on the letter.
NSO Group is the best known of the four firms, having been sued by Apple and Facebook for allegedly violating a US anti-hacking law. NSO Group denies the allegations. Cybersecurity researchers have documented years of alleged abuse of NSO Group’s spyware by governments. The spyware has allegedly been found on the phones of journalists and human rights workers from Mexico to Morocco.
NSO Group says it sells its tools only to vetted customers for law enforcement and counterterrorism purposes, and that it investigates allegations of abuse of its software.
Nexa Technologies sold surveillance technology to the governments of Egypt and Libya, while the repressive government of Bahrain has been an alleged client of Trovicor, according to the lawmakers’ letter.
But Mienville, the Nexa Technologies spokesperson said the firm was not involved in any contract in Libya.
In Egypt, Mienville said, the the firm said its technologies was used to help fight terrorism. “The solution was sold in strict compliance with all existing regulations, and European export controls have been scrupulously complied with,” Nexa Technologies added.
The human toll of spyware has come into sharper focus in recent months through US court documents.
DarkMatter helped set up a cyber espionage program for the United Arab Emirates government, Reuters has reported. Targets of the surveillance included Americans, according to charges filed by the Justice Department in September against Marc Baier, Ryan Adams and Daniel Gericke – three former US intelligence and military operatives allegedly involved in the program.
A prominent Saudi activist, Loujain al-Hathloul, last week sued DarkMatter, Baier, Adams and Gericke in US federal court, accusing the three men of hacking her iPhone, leading to her detention in the UAE and transfer to Saudi Arabia, where, she says, she was imprisoned and tortured.
Attorneys for Baier, Adams and Gericke in the case brought by the Justice Department did not immediately respond to voicemails and emails seeking comment Wednesday.