In November 2021, following numerous reports of misuse, the Biden administration placed surveillance technology companies—including the Israeli firm NSO Group—on the Commerce Department's Entity List, a designation that “prohibits export from the United States to NSO of any type of hardware or software, severing the company from a vital source of technology.” So-called “spyware,” such as the NSO Group's Pegasus software, is used to hack into mobile devices, “secretly harvest[ing] all of the data on a phone and deploy[ing] the microphone and camera.” Although surveillance technology companies assert that they sell software to governments for use in criminal and terrorism investigations, investigative reporting has revealed numerous instances of misuse of surveillance technology to spy on journalists, lawyers, and activists, among others. WhatsApp and Apple have sued NSO Group in U.S. federal court for exploiting their platforms to spy on users, and through measures like the Entity List, the Biden administration is attempting to curb the misuse of surveillance technology. Congress has also taken steps to restrict the use of spyware, including by requiring the secretary of defense, in consultation with the director of national intelligence and other federal agencies as appropriate, to report to Congress a list of companies that sell surveillance technology that has been misused. Challenges, however, remain as new companies exploit a burgeoning market for surveillance technology.

Kristen Eichensehr, United States Makes Efforts to Curb Misuse of Surveillance Technology, 116 American Journal of International Law, 426–432 (2022).
UVA Law Faculty Affiliations