On Nov. 3, 2021, the Biden administration blacklisted the NSO Group, forbidding any U.S. business with the Israeli hacking-for-hire company. Yet recent reporting from the New York Times reveals that, five days later, a U.S. government affiliate signed a
secret contract
to acquire one of the firm’s spy tools. And despite the White House’s claims that it is fighting against commercial spyware — software for collecting mobile phone data without user knowledge or consent — this contract remains active. How can President Joe Biden expect to gain international support against spyware proliferation when his administration can’t follow its own guidelines?
This is damning for an administration that claims to lead
by example
on the global stage. News of the covert contract broke just days after the White House announced an
executive order
to regulate the U.S. acquisition of surveillance tools. It also follows the
international initiative
to combat spyware proliferation that Biden launched at the second
Summit for Democracy
. Such hypocrisy threatens America’s ability to align its allies to a common approach against spyware threats.
Unfortunately, this is not the first spyware controversy for the United States. In 2019, under the Trump administration, the FBI
bought
the NSO Group’s
Pegasus software
. This purchase occurred despite the fact that Pegasus, which infects mobile phones without user interaction,
has enabled
human rights violations around the globe. For example, just a year earlier in 2018, Saudi agents used Pegasus
to track
Washington Post columnist
Jamal Khashoggi
before gruesomely murdering him in Istanbul. FBI Director Christopher Wray initially claimed the bureau acquired the spy tool purely for research purposes. But internal documents subsequently showed the FBI had been developing plans to use Pegasus actively.
What is most alarming about the Biden administration’s recent NSO Group contract is the complete lack of transparency surrounding it. Riva Networks, the New Jersey-based government contractor behind the deal,
conducted negotiations under the fake alias
“Cleopatra Holdings.” Moreover, the CEO of Riva Networks signed the NSO Group contract using a false name. In all likelihood, the firm secured the contract on behalf of a federal department or agency: “Cleopatra Holdings” has previously executed at least one contract for the FBI.
Worse yet, administration officials seemingly had no knowledge of this backroom deal.
Sadly, this lack of awareness is not without precedent. For instance, the Biden administration appeared asleep at the wheel when U.S. defense contractor
L3Harris tried to acquire the NSO Group
after its blacklisting in November 2021. L3Harris had nearly completed the buyout before the White House even knew about it. The company even had a draft agreement in place with the Commerce Department to proceed given the NSO Group’s blacklisted status. Biden’s team only learned of the negotiations through
online leaks
and then
publicly announced its opposition
to kill the deal at the last minute.
Biden’s ignorance of his own administration’s activity inspires little confidence in America’s leadership ability abroad. Still, the White House has managed to recruit
10 partner nations
in its efforts to stem the global spyware (perhaps not because of Biden but despite him). Aligning spyware purchasing and export standards with these countries — Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, and the United Kingdom — will require substantial coordination. But it won’t be the herculean diplomatic effort America faces with other democratic allies such as
Israel
,
Greece
, and
Spain
that are key drivers of the international spyware market.
Effectively addressing the
national security
and
human rights
challenges posed by commercial spyware will require sustained American leadership. But salvaging Washington’s reputation from its own spyware missteps will be no easy task.
Reputations and credibility abroad
are difficult to build and complicated to maintain.
The apparent rift
between White House rhetoric and intelligence agencies’ desires for private-sector surveillance capabilities makes this even more of an uphill battle. Any action to reduce the spread and abuse of spyware tools requires greater transparency and accountability — starting at home.
If America cannot rein in its own spyware appetite, the Biden administration’s collaborative efforts abroad will become nothing more than empty symbolic gestures. Unfortunately, the White House is off to a poor start.
CLICK HERE TO READ MORE FROM RESTORING AMERICA
Jason Blessing, Ph.D., is a Jeane Kirkpatrick visiting research fellow with the foreign and defense policy department at the
American Enterprise Institute
. His research focuses on cybersecurity as well as trans-Atlantic relations. Follow him on Twitter
@JasonABlessing
.
