![]() While these tools require physically confiscating a target’s device, the level of intrusiveness is comparable to if not greater than that of remote spyware technology. ![]() law enforcement agencies that have procured digital forensics technology to investigate criminal cases. Researchers have documented over two thousand U.S. The United States should reconsider its current permissive approach toward digital forensics and data extraction technologies.A good starting point would be to pressure European countries to set up a parallel entity list and to similarly sanction NSO Group, Candiru, and related firms. The United States should seek to multilateralize the Entity List with regard to spyware companies. ![]() blacklisting of NSO Group in 2021, which has driven the firm to the verge of bankruptcy-illustrate how economic leverage can force the industry to reckon with the consequences of human rights violations. They should improve their information-sharing and create unified registries of cyber surveillance firms. Governments in Europe, Israel, the United States, and other relevant jurisdictions should enhance their policy and regulatory cooperation on spyware. Spyware companies routinely cover their tracks by creating complex corporate structures to obfuscate their legal registration, what laws they are bound by, and who their clients are.The EU should push for more consistency and minimum standards of enforcement when it comes to governing the licensing and export of intrusive technology. Intellexa, which owns a number of surveillance firms, including Cytrox and Circles, established footholds in Cyprus, Greece, and Malta. For example, NSO Group established subsidiaries in Bulgaria and Cyprus to facilitate selling its products. In the European Union (EU), cybersecurity companies exploit regulatory fragmentation to establish offices in member states where implementation of export controls is known to be weak. Democratic governments have been inconsistent in tackling the human rights abuses enabled by spyware.Our data set shows that governments have transitioned from procuring spyware from older suppliers, like FinFisher and Hacking Team, to contracting with alternatives, such as NSO Group, Cytrox, and Candiru. Even if one supplier is sanctioned, there is sufficient financial motivation for other suppliers to fill in the gap. Ongoing high demand for intrusion technology contributes to the resilience of the commercial spyware and digital forensics market.These trends have made it less costly for governments and private actors to mount attacks and allow them to hide in the “noise” of open-source codes and gain plausible deniability. As large commercial firms face greater scrutiny from democratic governments about their practices, there is a corresponding increase in open-source and commercially available malware. In addition to top-level commercial spyware vendors like NSO Group and Cytrox, there is a burgeoning secondary tier of suppliers composed of boutique spyware firms, hacker-by-night operations, exploit brokers, and similar groups.Israel is the leading exporter of spyware and digital forensics tools documented in the global inventory: fifty-six out of seventy-four governments have procured commercial spyware and digital forensics technologies from firms that are either based in or connected to Israel, such as NSO Group, Cellebrite, Cytrox, and Candiru.Autocratic regimes are much likelier to purchase commercial spyware or digital forensics than democracies: forty-four regimes classified as closed autocracies or electoral autocracies procured targeted surveillance technologies between 20, contrasted with thirty electoral democracies or liberal democracies. ![]()
0 Comments
Leave a Reply. |