U.S. blacklists spyware vendors over national security concerns

The Commerce Department placed spyware vendors Cytrox and Intellexa on a trade blacklist Tuesday after determining that the companies threaten U.S. national security.

Why it matters: The blacklist prevents any U.S. entities from conducting business or transacting with these companies.

The big picture: The Biden administration has been focused on cracking down on the proliferation of commercial spyware vendors.

• Earlier this year, President Biden signed an executive order banning U.S. government agencies and departments from using commercial spyware that poses a national security risk.
• In 2021, the U.S. also blacklisted Israeli spyware vendors NSO Group and Candiru.

Between the lines: Researchers have linked European firm Cytrox to the Predator spyware, which has been found on phones belonging to an exiled Egyptian politician, an Egyptian news host and a Greek politician.

• Cytrox is also assumed to be a member of Intellexa, a broader business organization for government mercenary surveillance vendors.
• Reuters reported in 2020 that Intellexa has worked with intelligence agencies in Southeast Asia and Europe.
• Both Intellexa and Cytrox have business holdings located around the world. The Commerce Department's trade blacklist designations affect Cytrox and Intellexa's holdings in Greece, Hungary, Ireland and North Macedonia, according to a Federal Register notice.

Details: Cytrox is known for developing exploits that allow government customers to hack into someone's phone without them knowing.

• Over the years, researchers at Citizen Lab, Meta and Google have called out the companies' capabilities, noting it's allowed various groups to successfully and stealthily hack both iOS and Android devices.

What they're saying: "Without appropriate guardrails, these tools can be misused to conduct intrusive and harmful surveillance on a wide range of targets, including against activists, dissidents, journalists and political opposition," a senior administration official told reporters during a press call.

• "We are also encouraging other countries to consider measures they can take within their own respective systems," the official added.

Yes, but: Governments still have had a strong interest in purchasing the technology to gain insights into other countries' operations.

• Notably, the Biden administration has not banned all uses of spyware within the U.S. government — the ban only covers use cases involving companies the administration deems a threat to national security, such as Cytrox, NSO Group and others.