The Washington PostDemocracy Dies in Darkness

Opinion Blacklisting this Israeli spyware firm is only a first step

A NSO Group branch in the Arava Desert in southern Israel. (Amir Cohen/Reuters)
Placeholder while article actions load

The Israeli spyware firm NSO Group has made a habit of brushing off bad news stories about authoritarian regimes’ use of its product to snoop on dissidents by simply denying its involvement. The company cannot, however, write off the latest headline: The United States has added NSO to a blacklist prohibiting it from receiving U.S. technologies after finding its tools have indeed helped foreign governments “maliciously target” officials, activists, academics and journalists.

The move on Wednesday was a step major and modest at the same time. The practical, legal implications are relatively straightforward: NSO Group and the other three entities included in the designation effectively can no longer do business with any U.S. firm, which could prove challenging since products and services from Amazon, Microsoft, Dell and other U.S. companies have been essential to NSO in disseminating its spyware. That spyware exploits system vulnerabilities to gain access to users’ accounts and devices. The reputational effect may be even more significant, a potential deterrent to customers and investors alike. NSO had hoped to make an initial public offering at a multibillion-dollar valuation.

Now what about the rest of this sprawling and shadowy industry? Spyware has proved a threat to civil society around the globe. The de facto shunning of a particularly skilled purveyor is progress, but what’s really needed are hard and fast rules to check the proliferation of a technology ostensibly designed to catch criminals but all too commonly exploited to quash opposition. These rules are essential not only here but in all nations with a stated commitment to democracy. Ideally, governments would pledge not to procure spyware from any company or country that doesn’t do due diligence on its clients. They would also create export-control regimes mandating independent, public, human rights assessments for the development and sale of these tools, including investigations into the rule of law in the end user’s country. NSO Group has adopted a human rights policy, but the enforcement mechanism has been little more than “trust us.”

President Biden’s administration showed with this week’s decision that it is prepared to confront the spyware hazard. But a global challenge needs a global response. Perhaps beginning in the upcoming Summit for Democracy, the United States must lead the way to that answer — ensuring that companies no longer can get away with selling a dangerous product merely by refusing to acknowledge that the danger exists.