US moots legal scrutiny of commercial spyware

The United States Congress is seeking public funding for a legally mandated report into the threats presented by foreign governments using commercial spyware, in the wake of recent scandals such as the alleged hacking of murdered US journalist Jamal Khashoggi and Amazon boss Jeff Bezos' phones.

As part of the S3905 Intelligence Authorisation Act for Fiscal Year 2021 presented to the US lower house, the proposed law requires the Director of National Intelligence (DNI) to submit a report to Congress on the threats posed to the country by foreign governments using commercial spyware.

The unclassified report must be submitted no later than six months after the IAA is enacted, and cover the threats to private US citizens and state personnel in America and overseas.

Which governments pose the greatest threats and the nature of these must also be included in the report.

The DNI must also report on the source of the spyware being used, and whether or not they are made with American technology, by US companies or entities domiciled in the country, or in overseas nations.

Recommendations by the DNI on how governments can most effectively mitigate spyware threats are also required.

The IAA wil further mandate that US civil and military intelligence agencies compile a report on "foreign adversaries" trying to supply telco and information security equpment to the the Five Eyes nations, which includes Australia and New Zealand.

China and Russia are singled out as foreign adversaries.

The report will provide an assessment of US intelligence sharing as well as military force posture in any Five Eyes country that currently uses or intends to use telco or cybersecurity equipment made by foreign adversaries of America.