US Commerce Dept pinky swears it won't push American spyware on world-plus-dog
Or maybe just not let foreign govts buy this stuff at all?
The US Commerce Department has promised to stop promoting American-made commercial spyware to foreign governments.
In a letter sent to US Senator Ron Wyden (D-OR), the federal government dept finally provided details about the policies adopted by its International Trade Administration (ITA) intended to prevent any further promotion of US surveillance technology overseas.
"For the first time the department is making clear that the United States will not help companies find foreign markets for products or services that undermine democracy or enable repressive surveillance and discrimination," Wyden said in a statement.
The ITA, which is part of the Commerce Department, promotes American goods and services abroad. In May, Wyden sent a letter to US Commerce Secretary Gina Raimondo demanding answers about its pushing of commercial spyware overseas.
Championing this technology to foreign powers presents a rash of ethical issues for the United States as it stands today. Earlier this year, President Joe Biden issued an executive order that somewhat prohibits the US government from using commercial spyware. In that EO, Biden pointed out that commercial spyware has been used by authoritarian regimes to target activists and journalists.
More important than the blatant hypocrisy there, however, is that governments continue to use snooping software to spy on these and other individuals — including academics, human rights advocates, political dissidents and opposition party leaders, even tech employees — and sometimes, after being surveilled, these people end up dead.
Last year, the ITA confirmed to Senator Wyden that it has encouraged foreign governments to buy this type of tech, but it refused to answer the senator's questions about which products it endorsed and in which markets. The Department of Commerce still seems to be stonewalling on both, but more on that later.
Then, in March, the ITA assured Wyden's office that it had issued a new policy to restrict the promotion of surveillance products — but it refused to share that policy without a formal letter.
Wyden, who chairs the Senate Finance Committee, which has jurisdiction over international trade policy, played along. He submitted a formal request to the ITA, and then also asked for a list of the "surveillance, policing, or public safety technology companies" it has provided trade assistance to over the last five years.
On October 19, Caitlin Kovalkoski, the director of the office of legislative and intergovernmental affairs international trade administration replied to Wyden in a letter [PDF]:
ITA shares your commitment to promoting American businesses and workers. As Secretary Raimondo has made clear, we want to promote trade and investment in areas that do not threaten our core economic and national security interests or human rights values. I am proud that ITA has taken steps to ensure that its policies align with these principles.
These steps include adding a "detailed human rights addendum" to its existing Global Markets Client Eligibility Policy. This updated policy establishes a process under which ITA will determine if providing export assistance raises any human rights concerns — and, we'd assume, peddling spyware overseas would raise at least a few red flags.
If the ITA concludes that any American goods could cause harm, then it's supposed to decline export promotion and assistance. Additionally, the ITA pledged to provide better training for staff on human rights' issues in various countries, and allowing them to decline assistance because a US export could lead to human rights violations.
"One of those examples was the export of facial recognition software to a foreign government that had used similar technology to suppress dissidents and opponents of the government," the letter says.
"Finally, ITA has included a new section on human rights in its public-facing Client Eligibility Policy webpage," Kovalkoski said. "The page now reflects ITA's latest guidelines, including the Human Rights Addendum."
Notably, the letter doesn't answer Wyden's questions about which technology and vendors the government agency has promised in the past. The senator addressed this missing info in his statement, but also said he appreciated Commerce's "thoughtful response."
"While I remain concerned about the US government's prior promotion of these technologies, I look forward to monitoring the implementation of these new policies and ensuring they are followed in practice," Wyden said.
Where's the teeth?
Some privacy advocates say Commerce's response doesn't go far enough to alleviate concerns about human rights' abuses. Calli Schroeder, senior counsel and global privacy counsel at the Electronic Privacy Information Center (EPIC), told The Register that the Feds should make public the full training guidance and all applicable policies, as well as the list of technology companies that received assistance from the ITA.
"Frankly, I'm not sure this policy has any teeth or will meaningfully change the ITA's actions. I can't be. Because there is no transparency here," Schroeder said. "It is unacceptable that the ITA are still not providing information on what companies they have provided trade assistance to or what countries were targets of these efforts."
Plus, it's difficult for the US to hold any moral high ground while advocating for these products, she added.
- US govt pushes spyware to other countries? Senator Wyden would like a word
- Indian politicians say Apple warned them of state-sponsored attacks
- Apple squashes security bugs after iPhone flaws exploited by Predator spyware
- Ex-Meta security staffer accuses Greece of spying on her phone
"Promoting the use of surveillance tech and spyware under the guise of 'advocating for US businesses' smacks uncomfortably of eroding global human rights for a profit," Schroeder said. "The very nature of the technology makes it impossible to promote use of spyware in a way that does not threaten human rights values."
While a review process is "helpful," the US has no business exporting things like spyware and facial recognition tech, and others, including advanced data analytics and automated license plate readers, should be added to the list, she said.
"We've repeatedly seen this technology abused and, once exported, the ITA and the US as a whole has very little control over whether it will be abused or fall into the hands of repressive regimes," Schroeder said. ®