Western firms should not sell spyware to tyrants
THE ARMS trade is lucrative and controversial. Over $80bn-worth of weapons are exported by Western countries each year. The business is governed by a mesh of rules designed to prevent—or at least limit—proliferation and misuse. This system is imperfect, but does have some bite. In Britain court cases have contested the legality of weapons sales to Saudi Arabia because they may have been used against civilians in Yemen. Germany froze exports to the kingdom in 2018.
These days, though, physical weapons such as missiles, guns and tanks are only part of the story. A growing, multi-billion-dollar industry exports “intrusion software” designed to snoop on smartphones, desktop computers and servers (see article). There is compelling evidence that such software is being used by oppressive regimes to spy on and harass their critics. The same tools could also proliferate and be turned back against the West. Governments need to ensure that this new kind of arms export does not slip through the net.
Dozens of firms are involved in the cyber-snooping business; the largest has been valued at $1bn. Many are based in Western countries or their allies, and employ former spooks who learned their craft in intelligence agencies. There is a legitimate business selling cyber-intelligence tools to foreign customers—for example, to help governments track terrorists or investigate organised criminals. Unfortunately, in some cases, these surveillance tools have ended up in the hands of autocratic governments with more sinister aims.
A recent lawsuit brought by WhatsApp, for instance, alleges that more than 1,400 users of its messaging app were targeted using software made by NSO Group, an Israeli firm. Many of the alleged victims were lawyers, journalists and campaigners. (NSO denies the allegations and says its technology is not designed or licensed for use against human-rights activists and journalists.) Other firms’ hacking tools were used by the blood-soaked regime of Omar al-Bashir in Sudan. These technologies can be used across borders. Some victims of oppressive governments have been dissidents or lawyers living as exiles in rich countries.
Western governments should tighten the rules for moral, economic and strategic reasons. The moral case is obvious. It makes no sense for rich democracies to complain about China’s export of repressive digital technologies if Western tools can be used to the same ends. The economic case is clear, too: unlike conventional arms sales, a reduction in spyware exports would not lead to big manufacturing-job losses at home.
The strategic case revolves around the risk of proliferation. Software can be reverse-engineered, copied indefinitely and—potentially—used to attack anyone in the world. The smartphone apps targeted by such spyware are used by everyone, from ordinary citizens to prime ministers and CEOs. There is a risk that oppressive regimes acquire capabilities that can then be used against not just their own citizens, but Western citizens, firms and allies, too. It would be in the West’s collective self-interest to limit the spread of such technology.
A starting-point would be to enforce existing export-licensing more tightly. These rules were designed for an earlier age, but the principle remains the same: if firms cannot offer reasonable assurances that their software will be used only against legitimate targets, they should be denied licences to sell it. Rich countries should make it harder for ex-spooks to pursue second careers as digital mercenaries in the service of autocrats. The arms trade used to be about rifles, explosives and jets. Now it is about software and information, too. Time for the regime governing the export of weapons to catch up.■
Gloss