Spyware is a flourishing business and runs under the government’s radar despite efforts to crack down on the very lucrative and invasive digital surveillance economy.

Google’s Threat Analysis Group (TAG) published a report on Tuesday (6 Feb) with a series of insights on commercial surveillance vendors (CSVs).

CSVs the focus of U.S. and Google sights

These CSVs exacerbate the effect of cyber-crime when their tools tumble into the wrong hands, or in some cases land in the wrong ones for the right price.

The search engine giant keeps tabs on forty of these surveillance tools that offer their spyware to government clients. At the base of the published report each known CSV is accompanied by a detailed list of their actions and pay-to-access software.

The TAG report found that almost half of the ‘0-Day’ exploits that hit Google and Android devices are software designed by entities that develop spyware.

A ‘0-Day’ exploit is a vulnerability in a system not detected and it essentially gives the developers of that system zero days to fix the metaphorical hole in the defenses.

TAG unearthed that 25 0-days happened across the last year, with 20 of those being caused by software developed by a CSV.

According to the TAG report, Google believes “it is time for government, industry and civil society to come together to change the incentive structure which has allowed these technologies to spread.”

Last year the White House released an Executive Order (E.O.) prohibiting the use of commercial spyware that poses risks to the nations security.

In March of 2023 a joint statement was released by eleven nations as a shot across the bow to commercial spyware developers internationally.

”The misuse of these tools presents significant and growing risks to our national security, including to the safety and security of our government personnel, information, and information systems,” the joint statement read.

In a further strengthening of policy, the U.S. Secretary of State Anthony Blinken announced this week that visa restrictions would be applied to any individuals involved in the misuse of commercial spyware.

”The United States remains concerned with the growing misuse of commercial spyware around the world to facilitate repression, restrict the free flow of information, and enable human rights abuses,” said the release.

Blinken’s approach as Secretary of State mirrors that of Google, saying the U.S. “stands on the side of human rights and fundamental freedoms and will continue to promote accountability for individuals involved in commercial spyware misuse.”

Both the U.S. and the technology powerhouse have a dedicated approach to limit the impact CSVs can have on both the citizens United States and users globally, but it remains to be seen if spyware continues to be a presence in the background.

Featured image: Dall-E

Brian-Damien Morgan

Freelance Journalist

Brian-Damien Morganis an award-winning journalist and features writer. He was lucky enough to work in the print sector for many UK newspapers before embarking on a successful career as a digital broadcaster and specialist. His work has spanned the public and private media sectors of the United Kingdom for almost two decades. Since 2007, Brian has continued to add to a long list of publications and institutions, most notably as Editor of the Glasgow 2014 Commonwealth Games, winning multiple awards for his writing and digital broadcasting efforts. Brian would then go on to be integral to the Legacy 2014, Media and Sport Directorate of the Scottish Government. Working with ministers to enact change through sport with institutions like the Homeless World Cup. He would then lend his skills to multiple private sector institutions. Brian would win national acclaim helping his country deliver judicial education and communications during the pandemic-era. Earning a writ of personal distinction from the Lord President of Scotland for his efforts as the Head of Communications and Digital for the Judicial Office for Scotland. Brian has returned back to the thing he loves most, writing and commenting on developments across technology, gaming and legal topics, as well as any-and-all things sport related.