On April 3–4, 21 countries, led by France and the United Kingdom, signed a non-binding Code of Practice to address the multiple challenges they face from the proliferation and irresponsible use of “the development, facilitation, purchase, transfer and use of commercial cyber intrusion capabilities (CCIC).” I have written previously on the potential of the “Pall Mall Process,” emerging from the U.K.-France Cyber Initiative to regulate spyware. Now this new Code of Practice demonstrates concrete action to advance regulation and accountability of a surveillance tech market conspicuously defined by misuse, egregious human rights violations and a lack of transparency. This week’s court ruling ordering NSO Group to pay $167 million damages to Meta, highlights the gravity of the harms caused to journalists, human rights advocates, lawyers and government officials. The decision reflects a growing recognition that civil remedies should count the costs of the violations caused by spyware. But this one case does not solve the larger problem of systemic abuse and underscores the pressing need for robust international frameworks to regulate commercial spyware and protect human rights.
One Step Forward? Agreement on Spyware Regulation in the Pall Mall Process
