The next step in our fight against spyware
Today, we joined several other U.S. technology companies in filing an amicus brief in Dada v NSO Group Technologies aimed at protecting journalists, civil society groups, software providers and people around the world from the dangers of spyware.
Although the use of spyware typically only affects a small number of people at a time, its wider impact ripples across society by contributing to threats to free speech, the free press and the integrity of elections worldwide. To protect those rights, and continue our litigation strategy of establishing legal precedent to stop bad actors from exploiting gray areas in the law, today’s filing is meant to raise the consequences for spyware vendors and provide important legal recourse for victims.
Right now, many victims of spyware-enabled attacks are often using U.S.-based platforms — like Android or iOS — outside the United States. Our filing argues that victims of spyware-enabled attacks should be able to take legal action in the U.S. against spyware vendors under existing anti hacking laws — even if they were hacked abroad. This is imperative to narrow the attack vectors exploited by spyware vendors — and companies from GitHub to Microsoft agree.
Our efforts to date
In recent years, we’ve seen the spyware industry grow to meet the demand for surveillance capabilities. While spyware vendors and their proponents often point to the use of these tools for important law enforcement purposes, countless abuses have been uncovered. This deeply troubling trend poses a clear and present danger to free speech, freedom of the press and the open Internet.
Today’s legal filing continues our ongoing work to combat spyware, protect users and support a secure digital world. We’ve consistently worked to identify and expose spyware campaigns, educate people about the risks, and develop solutions to stop this growing threat to civil societies and foundational human rights.
Our Google Threat Intelligence team regularly shares our analysis of the tactics and techniques employed by malicious actors. We were the first major tech company to detect and publicly share details about NSO’s Pegasus spyware in 2017. In our most recent report, Buying Spying, we shared how NSO Group is only one of dozens of companies fueling this industry. In fact, our research shows that half of the known 0-day exploits targeting Google products and Android devices stem from commercial surveillance vendors.
We have been vocal in advocating for greater transparency and accountability from spyware vendors, as well as stronger regulations and oversight to prevent the misuse of these powerful tools. Momentum for action is growing. Over the past year, the U.S. government and other like-minded nations have taken important steps to curb domestic use of these technologies. Similarly, the Pall Mall process, led by the governments of the UK and France, is driving international alignment across government, industry and civil society on guidelines to combat the proliferation of these digital weapons.
Protecting national security
This amicus brief marks another milestone in our fight against spyware, and the movement to protect journalists and other individuals targeted by these malicious tools. As our amicus makes clear, we believe the spyware industry presents a national security risk to the United States and clearly impacts the interests of Americans — and people around the world. We will continue to leverage our expertise, resources, and influence to advocate for greater protections against spyware and other online threats.
