The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February.
The crackdown has begun with 13 individuals and their close families (i.e., spouses and children) linked to commercial spyware operations.
Taken pursuant to Section 212 (a)(3)(C) of the Immigration and Nationality Act, these visa restrictions allow the Secretary of State to exclude visa applications whose entry would have adverse foreign policy consequences for the U.S., effectively banning those linked to commercial spyware from entering the country.
“As part of the United States’ efforts to counter the ongoing proliferation and misuse of commercial spyware as documented today in the Department of State’s Country Reports on Human Rights Practices, the Department is taking steps to impose visa restrictions on 13 individuals who have been involved in the development and sale of commercial spyware or who are immediate family members of those involved,” said State Department spokesperson Matthew Miller.
“These individuals have facilitated or derived financial benefit from the misuse of this technology, which has targeted journalists, academics, human rights defenders, dissidents and other perceived critics, and U.S. Government personnel.”
The visa restrictions are part of a broader effort to combat the rapid spread and misuse of spyware. This initiative includes restrictions on the U.S. government’s own use of commercial spyware that poses a risk to national security or human rights and also involves export controls and sanctions to promote accountability.
Secretary of State Antony J. Blinken announced this new visa restriction policy back in February, targeting misuse of commercial spyware linked to “arbitrary detentions, forced disappearances, and extrajudicial killings.”
The Biden Administration also issued an Executive Order in March 2023 to prevent using mercenary surveillance tools that pose risks to foreign policy interests or national security.
It also worked with 36 other governments under the Freedom Online Coalition to establish guiding principles for governments to prevent human rights abuses related to surveillance technology.
Last July, the Bureau of Industry and Security (BIS) in the Commerce Department added four European spyware companies to its Entity List because of their involvement in trafficking exploits used to hack the devices of high-risk individuals around the world.
The State Department says the commercial spyware tools developed by Intellexa S.A. from Greece, Intellexa Limited from Ireland, Cytrox Holdings Zrt from Hungary, and Cytrox AD from North Macedonia were used to intimidate political adversaries, restrict freedom of speech, suppress dissent, and monitor journalists’ activities on a global scale.
Earlier this month, Apple notified iPhone users in 92 countries about a “mercenary spyware attack” that aimed to compromise their devices remotely.
In March, Google’s Threat Analysis Group (TAG) and Google subsidiary Mandiant also said that commercial surveillance vendors have been behind 50% of all zero-day exploits targeting Google products and Android devices in 2023.