Unveiling Shadows: A UN Security Council Dialogue on the Dangers of Commercial Spyware

Ambassador Dorothy Shea
Deputy Representative to the United Nations
New York, New York
January 14, 2025

AS DELIVERED

I extend my gratitude to our presenters for imparting their knowledge to us. Your efforts in highlighting the risks associated with the misuse and spread of commercial spyware are crucial.

I also wish to acknowledge the industry pioneers, defenders of human rights, journalists, representatives of civil society, and cybersecurity specialists who are addressing this matter – many of whom are here with us today.

Esteemed colleagues, over a dozen nations co-sponsored today’s Arria, reinforcing the agreement on the dangers it poses to global peace and security, along with the associated human rights concerns.

While we have achieved advancements in certain aspects, considerable challenges persist – serious threats endure. The United States remains dedicated to spearheading the response, as we have since 2021, when media outlets alerted us to the exploitation of commercial spyware. Since then, an ongoing series of public disclosures, including reports from organizations like Citizen Lab, has drawn public awareness to the marketplace for significant cyber tools that offer so-called “zero click” access to all data stored on our Internet-connected devices. No information is beyond reach.

Moreover, the threat does not merely concern individuals like Ms. Gavarrete. Devices utilized by corporate leaders and elected officials – including those of diplomats – have been infiltrated. In 2023, a collaborative investigation among Access Now, Citizen Lab, Amnesty International, and other entities uncovered proof that spyware application occurs in an international conflict setting. Those reportedly targeted included civil society activists, journalists, and a UN representative. The use of commercial spyware has also been linked to global crime, weapons trafficking, corruption, and transnational repression.

In light of this alarming threat, the United States responded swiftly – initially by prohibiting four commercial spyware suppliers from utilizing U.S. technology, and subsequently by implementing bipartisan legislation that commits the U.S. government to addressing the risks posed by the misuse of commercial spyware.

In late 2023, President Biden enacted an Executive Order that, for the first time, imposed restrictions on the U.S. Government’s utilization of commercial spyware that threatens human rights and national security.

Over the past year, the U.S. Treasury Department imposed sanctions on six entities and seven individuals due to their involvement in developing, operating, and distributing commercial spyware technology that poses a substantial threat to global peace and security. Among the sanctioned entities is the Intellexa Spyware Consortium, a coalition of firms selling a comprehensive array of highly intrusive spyware products under the brand “Predator.” Quite fitting.

In 2024, the Department of State limited the travel capability of numerous individuals believed to have engaged in the misuse of commercial spyware to target journalists, activists, and dissenters entering the U.S.

These actions communicated a powerful message to the commercial spyware industry: accountability will be enforced.

Additionally, these steps have urged some vendors to incorporate responsible business practices and respect for human rights in their investment and operational strategies.

However, let me clarify: we cannot confront an international threat of this scale without collaboration from the global community. Therefore, the United States has also initiated efforts to unite like-minded nations around a common approach.

In 2023, eleven countries endorsed the Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware. This statement has been updated to include the commitments of eleven more nations over the past year. That figure will rise to a total of 23 countries – as of the last 24 hours, as I have learned – since Slovenia has just declared its intention to join the statement.

We urge all nations concerned about the threat posed by commercial spyware and willing to collaboratively combat its spread and misuse to engage with the Joint Statement members on this matter. Additionally, we welcome other multilateral initiatives, such as the Pall Mall process initiated by the United Kingdom and France.

Certainly, the UN must play its part, which is why we deemed it essential to organize today’s Arria. Our dialogue builds upon the efforts of numerous UN bodies that have recognized the urgent need to confront this threat.

For instance, in 2022, the OHCHR cautioned about the risks posed by the increasing misuse of commercial spyware to human rights in a report to the Human Rights Council. And in 2023, the UN Special Rapporteur on the Promotion and Protection of Human Rights While Countering Terrorism acknowledged that the rising misuse of commercial spyware jeopardizes human rights and undermines legitimate counter-terrorism initiatives.

Recently, the Human Rights Council acknowledged by consensus the hazards posed by commercial spyware misuse to democratic ideals and the execution of human rights and fundamental freedoms. The Global Digital Compact likewise urges states to “ensure that legislation and regulations concerning technological use in areas such as surveillance and encryption comply with international law.”

Colleagues, it is evident that there is widespread consensus here at the UN, regarding the risks that commercial spyware imposes on peace and security, human rights, and sustainable development. The question that remains is: What further actions can we take concerning this threat?

Like nearly every country represented here today, the United States clearly backs voluntary initiatives to bridge digital disparities and foster capacity building – as every Member State should have the opportunity to access the advantages of technology. We are also committed to ongoing discussions among Member States to reinforce cybersecurity and tackle cyber threats. We do not consider these discussions to be mutually exclusive. Moreover, we are not advocating for double standards.

Even as we acknowledge that governments utilize commercial technologies to conduct legitimate law enforcement and intelligence, we urge governments to implement safeguards and processes that create models for rights-respecting procurement and application of commercial spyware. This can be as straightforward as the methodology in the U.S. Executive Order, which prohibits our Federal agencies from employing commercial spyware products tied to prior abuses.

We also encourage governments to enhance export controls to prevent the spread of these technologies lacking safeguards and to provide justice and reparation for victims of commercial spyware – all while affirming their commitment to freedoms of expression, association, and peaceful assembly, and safeguarding and maintaining civic spaces.

These initiatives are the only rational response to a threat that undermines our nations’ sovereignty and the full spectrum of principles that underpin our mission.

I want to again express my appreciation to our presenters for sharing their insights and, particularly in Ms. Gavarrete’s case, your personal experiences. I admire your dedication to upholding the rule of law and eliminating corruption. The United States stands united with you and other victims of commercial spyware violations. We eagerly anticipate discussing how we can further collaborate to enhance the protection of our citizens and uphold international peace and security from the misuse and spread of commercial spyware.

In conclusion, I must mention that it is regrettable that a Member State opted to use their remarks to disparage the United States. It is a regrettable diversion from the significant issue we have all gathered to discuss today. And it is a claim that we reject.

I thank you.

###

By United States Mission to the United Nations | 14 January, 2025 | Topics: Highlights, Remarks and Highlights