Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Protesters in Cairo use cell phones to photograph a tear gas container in 2011. Photo: Karimphoto via Getty Images

A new report shows that a military contractor has likely sold spyware to repressive regimes. But the study's authors and other experts differ on how to stop the problem.

The big picture: That study, released Tuesday by the University of Toronto's Citizen Lab, found that 36 surveillance networks used commercial militarized spyware made by the Israeli NSO Group.

  • Many countries operated more than one network, and six of the suspected countries — including Bahrain, Kazakhstan and Saudi Arabia — had histories of using spyware to target dissidents, journalists and other civil targets.
  • Some uses veered toward the petty: One cluster of infections hit supporters of a soft drink tax in Mexico.

NSO is far from the only spyware maker that sells its tools to countries that might be repressive.

  • It happens often enough that companies follow the same script. “They say, ‘We only sell to law enforcement. We’re self-regulating,'" says Bill Marczak, the author of the Citizen Lab report. "But if this wasn’t being used to target civil society, it would never cross our desks.”

We can't get rid of the industry altogether. Lots of countries use commercial spyware for legitimate purposes. The study's list includes the U.S. and Canada, and the new U.S. strategy for military cybersecurity released earlier this week calls for more use of "off-the-shelf" hacking tools.

Citizen Lab's solution: regulation. “The best step to keep the tools in line would be a process of export controls with humanitarian restrictions rather than just defense and national security ones,” says Marczak.

Yes, but: The security industry is still stinging from the last time a powerful group of countries tried to do just that.

  • The nations of the Wassenaar Arrangement, an arms export pact that includes the U.S., EU and others, tried to use that agreement to slow the spread of commercial malware to repressive regimes in 2013.
  • The move was ultimately a disaster. Poor definitions in the agreement inadvertently applied limits not just to spying tools, but to research into spying tools, security testing software and other products that might need to replicate something bad to accomplish something good. Researchers — and Congress — rebelled.

Katie Moussouris, a cybersecurity expert brought in by the State Department to renegotiate the Wassenaar Arrangement, says, "We’ve already seen for 20 years that export controls on software have been hard to do with surgical precision."

  • Moussouris, the CEO of Luta Security, says better alternatives might include sanctions against misbehaving countries or intervention under the military's new cyber strategy.

The bottom line: There are no easy fixes.

  • "Stopping humanitarian abuses is something I think we as human beings typically support," says Moussouris. But there isn't any consensus on how to do that, safely, given the lessons learned the last time nations tried.

Go deeper

Progressives pressure Schumer to end filibuster

Senate Majority Leader Chuck Schumer. Photo: Win McNamee / Getty Images

A progressive coalition is pressuring Chuck Schumer on his home turf by running a digital billboard in Times Square urging the new majority leader to end the Senate filibuster.

Why it matters: Schumer is up for re-election in 2o22 and could face a challenger, and he's also spearheading his party's broader effort to hold onto its narrow congressional majorities.

4 hours ago - Health

U.S. surpasses 25 million COVID cases

A mass COVID-19 vaccination site at Dodger Stadium on Jan. 22 in Los Angeles, California. Photo: Mario Tama/Getty Images

The U.S has confirmed more than 25 million coronavirus cases, per Johns Hopkins data updated on Sunday.

The big picture: President Biden has said he expects the country's death toll to exceed 500,000 people by next month, as the rate of deaths due to the virus continues to escalate.

GOP implosion: Trump threats, payback

Spotted last week on a work van in Evansville, Ind. Photo: Sam Owens/The Evansville Courier & Press via Reuters

The GOP is getting torn apart by a spreading revolt against party leaders for failing to stand up for former President Trump and punish his critics.

Why it matters: Republican leaders suffered a nightmarish two months in Washington. Outside the nation’s capital, it's even worse.

You’ve caught up. Now what?

Sign up for Mike Allen’s daily Axios AM and PM newsletters to get smarter, faster on the news that matters.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!