


On Nov. 3, 2021, the Biden administration blacklisted the NSO Group, forbidding any U.S. business with the Israeli hacking-for-hire company. Yet recent reporting from the New York Times reveals that, five days later, a U.S. government affiliate signed a secret contract to acquire one of the firm’s spy tools. And despite the White House’s claims that it is fighting against commercial spyware — software for collecting mobile phone data without user knowledge or consent — this contract remains active. How can President Joe Biden expect to gain international support against spyware proliferation when his administration can’t follow its own guidelines?
This is damning for an administration that claims to lead by example on the global stage. News of the covert contract broke just days after the White House announced an executive order to regulate the U.S. acquisition of surveillance tools. It also follows the international initiative to combat spyware proliferation that Biden launched at the second Summit for Democracy . Such hypocrisy threatens America’s ability to align its allies to a common approach against spyware threats.
Unfortunately, this is not the first spyware controversy for the United States. In 2019, under the Trump administration, the FBI bought the NSO Group’s Pegasus software . This purchase occurred despite the fact that Pegasus, which infects mobile phones without user interaction, has enabled human rights violations around the globe. For example, just a year earlier in 2018, Saudi agents used Pegasus to track Washington Post columnist Jamal Khashoggi before gruesomely murdering him in Istanbul. FBI Director Christopher Wray initially claimed the bureau acquired the spy tool purely for research purposes. But internal documents subsequently showed the FBI had been developing plans to use Pegasus actively.
What is most alarming about the Biden administration's recent NSO Group contract is the complete lack of transparency surrounding it. Riva Networks, the New Jersey-based government contractor behind the deal, conducted negotiations under the fake alias “Cleopatra Holdings.” Moreover, the CEO of Riva Networks signed the NSO Group contract using a false name. In all likelihood, the firm secured the contract on behalf of a federal department or agency: “Cleopatra Holdings” has previously executed at least one contract for the FBI.
Worse yet, administration officials seemingly had no knowledge of this backroom deal.
Sadly, this lack of awareness is not without precedent. For instance, the Biden administration appeared asleep at the wheel when U.S. defense contractor L3Harris tried to acquire the NSO Group after its blacklisting in November 2021. L3Harris had nearly completed the buyout before the White House even knew about it. The company even had a draft agreement in place with the Commerce Department to proceed given the NSO Group’s blacklisted status. Biden’s team only learned of the negotiations through online leaks and then publicly announced its opposition to kill the deal at the last minute.
Biden’s ignorance of his own administration’s activity inspires little confidence in America’s leadership ability abroad. Still, the White House has managed to recruit 10 partner nations in its efforts to stem the global spyware (perhaps not because of Biden but despite him). Aligning spyware purchasing and export standards with these countries — Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, and the United Kingdom — will require substantial coordination. But it won’t be the herculean diplomatic effort America faces with other democratic allies such as Israel , Greece , and Spain that are key drivers of the international spyware market.
Effectively addressing the national security and human rights challenges posed by commercial spyware will require sustained American leadership. But salvaging Washington’s reputation from its own spyware missteps will be no easy task. Reputations and credibility abroad are difficult to build and complicated to maintain. The apparent rift between White House rhetoric and intelligence agencies’ desires for private-sector surveillance capabilities makes this even more of an uphill battle. Any action to reduce the spread and abuse of spyware tools requires greater transparency and accountability — starting at home.
If America cannot rein in its own spyware appetite, the Biden administration’s collaborative efforts abroad will become nothing more than empty symbolic gestures. Unfortunately, the White House is off to a poor start.
CLICK HERE TO READ MORE FROM RESTORING AMERICAJason Blessing, Ph.D., is a Jeane Kirkpatrick visiting research fellow with the foreign and defense policy department at the American Enterprise Institute . His research focuses on cybersecurity as well as trans-Atlantic relations. Follow him on Twitter @JasonABlessing .