• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Government & Public Sector

U.S., Canada Urged To Toughen Fight Against Commercial spyware

Howard Solomon by Howard Solomon
August 2, 2022
in Government & Public Sector, Privacy, Security
0 0
0

U.S. government intelligence employees should be banned for life from working for “foreign offensive operators” as one means of fighting commercial spyware, a member of a Canadian internet research group has told Congress.

John Scott-Railton, senior researcher at the University of Toronto’s Citizen Lab, made the proposal Wednesday while testifying before the House Permanent Select Committee on Intelligence on combating foreign commercial spyware such as NSO Group’s Pegasus and Saito Tech Ltd.’s Candiru.

While Congress has proposed that employees working for the National Security Agency (NSA) and other government intelligence groups be banned from joining what he called foreign offensive operators for 30 months after leaving their jobs, plus five years of mandatory reporting on what they are doing, Scott-Railton argued the ban should be for life.

“We would not let a nuclear weapons scientist go work for a potential adversary in three years,” he argued. “We should not do so with hacking technology.”

His testimony was echoed on Thursday by Citizen Lab director Ron Diebert, who said Ottawa should impose a lifetime ban for those who have worked in the Canadian intelligence and law enforcement agencies from working with “mercenary spyware firms.”

Developers of commercial spyware often say they only sell to law enforcement agencies for fighting crime, Scott-Railton testified. But, he added, governments often use it to spy on opposition leaders, reporters, and other groups that aren’t liked, as well as for espionage against other governments.

Over the years, Citizen Lab, part of U of T’s Munk School of Global Affairs and Public Policy, has issued numerous reports on the threat of commercial spyware. In 2021 it helped Microsoft identify and patch two Windows vulnerabilities it says were used by Candiru. Earlier this month Citizen Lab said Pegasus spyware was found on devices of 30 pro-democracy activists in Thailand.

Leading IT countries like the U.S., the U.K., Russia, and China have the ability to create their own spyware, Scott-Railton said. But he warned against the spread what he called “mercenary spyware” — meaning spyware that can be bought or rented by governments with less sophisticated capabilities.

Last year the U.S. blacklisted several companies for selling commercial spyware.

But in his Congressional testimony he urged Washington to do more to fight commercial spyware. As reported by The Record, Scott-Railton told Congress that NSO Group received investment from the Oregon Public Employee Retirement System (Oregon-PERS) and the Alaska Permanent Fund Corporation via the private equity firm Novalpina Capital, and suggested more substantial financial crackdowns.

He said not only should there be lifetime bans for certain people from working for foreign commercial spyware companies or government agencies, the government should also:

  • prevent U.S. federal agencies from doing business with identified problem companies. “Getting federal contracts is the ultimate prize for any defense contractor and their investors,” said Scott-Railton. “Removing this opportunity would have an immediate impact;”
  • expand the tools available to hold identified problem companies, and their officers, accountable, including sanctions, and work to co-ordinate these actions with allies, such as the Five Eyes intelligence group of the U.S., Canada, the U.K., Australia, and New Zealand;
  • apply diplomatic pressure to the countries that have become safe havens for the spyware industry, and that are enabling identified problem companies to thrive without regulation or oversight;
  • pass legislation ensuring comprehensive U.S. export control and transparency requirements for domestically-developed spyware, including extensive due diligence for national security risks and human rights concerns.
  • continue support for internet security and privacy promoting technologies through the Open Technology Fund.

In an email Thursday Citizen Lab director Ron Diebert said Ottawa should follow the example that has been set by the United States and some European allies in fighting commercial spyware.

That includes holding hearings on the risks and threats of the mercenary spyware industry, especially since we know from public research that Canadians have been victims of spyware used by foreign governments here, and developing strong export control guidelines for the Canadian surveillance industry. Currently, there are no such Canadian restrictions, he wrote.
Parliament should also impose regulatory penalties on firms that are known to facilitate human rights bans abroad, modeled after the U.S. Commerce Department’s designated entity list, he added.
Ottawa should also develop a publicly available set of procurement guidelines for Canadian agencies who purchase spyware, detailing the vendors and committing to never undertaking procurement with firms that are connected to human rights abuses abroad.
The government should “issue clear and forceful statements at the highest levels that Canada takes this threat seriously, especially considering we are chairing the Freedom Online Coalition this year,” Diebert also said.
Public Safety Canada has been asked for comment. At press time the department said it is working on a response.

The post U.S., Canada urged to toughen fight against commercial spyware first appeared on IT World Canada.

Tags: DIdotGovpostmediasecurity strategiesspywaretop story

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Why are you leaving?

About Tech News Day

Tech News Day is a daily publication featuring key daily news stories about technology and how it affects businesses. We know that you are busy and that there’s a lot of information coming at you. While there are lots of programs that will curate based on what you have already read or followed, Tech News Day picks the new stories that we feel are most relevant.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways. If you want to do a deeper dive and get even more information, we provide a link to at least one of the longer stories from one of our sources (we are often following stories from more than one source).

We also have a daily podcast, published each morning so that you can get the news stories of the day from wherever you get your podcasts.

We hope you find this to be useful to you in keeping up to date in these challenging times. We love your input and opinions. You can use our feedback widget to rate individual stories or you can write us at NewsDesk@technewsday.com.

Click Here

-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00