The State Department will on a case-by-case basis deny visas for individuals seeking to travel to the United States and who have been implicated in the misuse of commercial spyware, Secretary of State Antony Blinken announced Monday.
The move by the State Department is the latest in a string by the Biden administration that seeks to curtail the proliferation of commercial spyware. Last year, President Joe Biden signed an executive order banning federal agencies from using commercial spyware that poses a national-security risk to the United States. Meanwhile, the Commerce Department has added several commercial spyware vendors implicated in human rights abuses to its so-called “entity list,” which bans U.S. firms from carrying out transactions with them.
But it is unclear what impact Monday’s visa ban will have on the further proliferation of commercial spyware. In a call with reporters ahead of the announcement, a senior administration official said that the policy will be applied based on information available to the U.S. government when an individual applies for a visa.
Because visa information is confidential, actions by the Department of State to prevent individuals implicated in spyware abuse are unlikely to be made public.
European or Israeli executives of spyware companies potentially affected by the ban would no longer be eligible to participate in the visa waiver program that ordinarily allows citizens of Israel and many European states to travel visa-free to the United States. These individuals would be notified that they would need to apply for a visa to travel to the United States.
While the consequences of Monday’s announcement remain unclear, the senior administration official, who spoke on the condition of anonymity, said that the move represents “an important signal to those involved in this industry.”
The new rules will target individuals who “facilitate or derive financial benefit from the misuse of commercial spyware,” including those who are involved in “developing, directing, or operationally controlling companies that furnish technologies such as commercial spyware to governments, or those acting on behalf of governments,” according to a State Department statement.
The order considers the misuse of commercial spyware to include uses of the technology that “target, arbitrarily or unlawfully surveil, harass, suppress, or intimidate individuals including journalists, activists, other persons perceived to be dissidents for their work, members of marginalized communities or vulnerable populations.”
John Scott-Railton, a senior researcher at the Citizen Lab and a leading expert on commercial spyware, welcomed the move to slap visa restrictions on those who abuse commercial spyware. By seeking individual accountability, the visa rules address “corporate shell games” used by spyware companies to obfuscate ownership. With the new rules, “it doesn’t matter what company name you’re using this month, you’re still not going to Disney World,” Scott-Railton said, adding that visa restrictions may also deter investors looking to get into the commercial spyware space.
The widespread proliferation of commercial spyware technology has resulted in a global industry providing advanced espionage tools to governments around the world. These technologies — made by firms such as NSO Group, Intellexa and Cytrox — have been widely implicated in human rights abuses globally.
Just last week, Human Rights Watch reported that two of its employees in Jordan were targeted by Pegasus, a surveillance tool sold by Israel’s NSO Group.
The use of commercial spyware has also become a growing concern to the U.S. government, with at least 50 U.S. government employees targeted by such espionage tools around the world, according to the senior administration official.
Updated Feb. 5, 2024: This article has been updated to reflect its impact on U.S. visa waiver programs.
Updated Feb. 6, 2024: This article has been updated with comment from John Scott-Railton.