Prohibition on Use by the US Government of Commercial Spyware
Mar 30, 2023
Signed by: Joe Biden
Signed on: Mar 27, 2023
Published on: Mar 30, 2023
Mar 30, 2023
Signed by: Joe Biden
Signed on: Mar 27, 2023
Published on: Mar 30, 2023
Summary
Stops the US government from using commercial spying software that could be a security risk or has been used by other countries to harm people.
What problem does this solve?
Foreign governments use commercial spyware to spy on the US and to hurt activists, journalists, and others. This order stops the US government from buying or using spyware from companies that create these risks.
What does this order do?
Prohibits use of risky spyware
Forbids government agencies from using commercial spyware if it poses a security threat to the US or is used by foreign governments to abuse human rights.
Creates an intelligence watchlist
Requires the Director of National Intelligence to create and share a regular report on dangerous commercial spyware and its sellers.
Requires review of current spyware
Orders all agencies to check the spyware they currently use and stop using any that doesn't meet the new safety standards.
Sets rules for buying spyware
Makes agencies check intelligence reports and consider a spyware company's human rights record before buying their products.
Allows for emergency waivers
Permits top officials to grant a temporary, one-year waiver to use banned spyware in extraordinary circumstances when there are no other options.
Exempts research and testing
Allows the use of banned spyware for research, testing, or cybersecurity purposes to develop defenses against it.
Who does this affect?
- US government agencies
- Commercial spyware companies
- Foreign governments
What is the real world impact?
•
Protects US government information and workers
Prevents foreign spies from using commercial software to hack into US government computers and steal secret information or track government employees.
•
Promotes human rights and democracy
Stops the US from buying spyware from companies that sell to dictators who use it to silence journalists, activists, and political opponents.
When does this start?
This order sets multiple deadlines for government agencies, starting from March 27, 2023.
Intelligence assessment on spyware
Within 90 days of the order (by June 25, 2023), the Director of National Intelligence must issue the first intelligence assessment on commercial spyware.
Agency review of existing spyware
Within 90 days of the intelligence assessment, agencies must review all spyware they currently use.
Development of internal rules
Within 180 days of the order (by September 23, 2023), each agency must create its own internal rules for following this order.
First implementation report
Within 6 months of the order (by September 27, 2023), agencies must report on the actions they have taken to implement the new rules.
First annual report
Within 1 year of the order (by March 27, 2024), and every year after, agencies must provide a report on their use and purchase of commercial spyware.