Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses – CyberScoop
Twenty-one nations signed on to a voluntary accord last week in Paris to govern the use of commercial hacking tools commonly known as spyware, after more than a year of work on the agreement.
The Pall Mall Process, or Code of Practices for States, has four pillars for the responsible use of the surveillance tech, which it labels “commercial cyber intrusion capabilities” (CCICs): accountability, precision, transparency and oversight.
Among its recommendations are establishing steps to ban vendors who engaged in illegal or irresponsible behavior, writing regulations to ensure that the technology is used only in lawful and necessary situations, applying export controls with consideration for human rights, creating policies that define the appropriate use of technology for cybersecurity purposes, and encouraging vendors to publish coordinated vulnerability disclosure procedures.
It’s the second major international voluntary agreement to counter the misuse of commercial spyware, following a United States-led effort in 2023 that as of earlier this year had 23 signatories, including many who enlisted with the France/United Kingdom-led Pall Mall Process. It comes in response to a growing market for commercial hacking tools that threaten human rights and cybersecurity, according to the text of the code.
“Without international and meaningful multistakeholder action, the growth, diversification, and insufficient oversight across this market raises the likelihood of increased irresponsible targeting of a range of public and private targets, including journalists, human rights defenders and government officials, as well as critical national infrastructure,” the code states. “It also risks facilitating the spread of potentially destructive or disruptive cyber capabilities to a wider range of actors, including cyber criminals.
“Increasing access to sophisticated capabilities may expand the complexity of incidents and opportunities for irresponsible use, and could contribute to unanticipated risks arising from the interaction of multiple actors in cyberspace, including potential unintentional escalation in cyberspace,” it continues.
The nations signing on to the accord were Austria, Denmark, Estonia, France, Germany, Ghana, Greece, Hungary, Ireland, Italy, Japan, Kosovo, Luxembourg, Moldova, Netherlands, Poland, Slovakia, Slovenia, Sweden, Switzerland and the United Kingdom. Some of those nations are confirmed or suspected spyware users, but the list excludes Israel, a major hub for spyware firms, and many of the worst alleged abusers.
The supporting nations say the document isn’t the end of the initiative.
“We intend to regularly review progress on the implementation of these voluntary good practices and on improving accountability across the market,” the code reads. “We resolve to keep this Code of Practice up to date with developments in the threat landscape.”
The post Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses appeared first on CyberScoop.
–
Read More – CyberScoop