Britain and France assemble diplomats for international agreement on spyware

The United Kingdom and France are to jointly host a diplomatic conference at Lancaster House in London this week to launch a new international agreement addressing “the proliferation of commercial cyber intrusion tools.”

According to the Foreign Office, 35 nations will be represented at the conference, alongside “big tech leaders, legal experts, and human rights defenders,” and the “vendors involved in developing and selling cyber intrusion tools and services.”

A list of the intrusion tool vendors has not yet been made public, although multinational companies including Apple, BAE Systems, Google and Microsoft are confirmed to be among the attendees.

The conference will be opened by U.K. Deputy Prime Minister Oliver Dowden announcing “a new international initiative to be signed by participating states and businesses” called the Pall Mall Process.

“Signing the declaration at the conference, states and other attendees will commit to taking joint-action on the issue, including meeting again in Paris in 2025,” the Foreign Office explained.

It is not clear what this joint-action will entail.

Last year, Britain’s cyber and signals intelligence agency GCHQ warned that more than 80 countries had purchased spyware over the past decade — an assessment based on a fusion of “classified intelligence, industry knowledge, academic material and open source.”

While some of those countries had purchased the hacking tools for legitimate law enforcement purposes, others used them “to target journalists, human rights activists, political dissidents and opponents and foreign government officials,” the agency stated.

These controversial uses of the technology are the main driver behind international action to tackle proliferation.

This need was stressed last March in a joint statement issued by the governments of Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the U.K. and the U.S.

“The misuse of these tools presents significant and growing risks to our national security, including to the safety and security of our government personnel, information, and information systems,” the joint statement warned.

It followed President Joe Biden signing an executive order banning federal agencies from using commercial spyware that could pose security risks to the U.S. or had already been misused by foreign actors.

The executive order sought to address a growing number of incidents of spyware abuse abroad as well as reports of it being used improperly to target U.S. officials, government systems and ordinary citizens.

The Biden administration previously sanctioned spyware vendor NSO Group in 2021 by placing the company, which was founded by two former Israeli military officials, on its so-called Entity List.

The company responded by retaining lobbyists who had experience with both the National Security Agency and Commerce Department to represent its interests in Washington.

The Lancaster House cyber conference follows in the mold of the AI Safety Summit that Britain hosted last year, resulting in a declaration signed by attendees including the U.S. and China to recognise the potential risks posed by AI.

While British officials have applauded the successes of this conference — and are apparently seeking to replicate it with the Lancaster House cyber conference — it is not yet apparent what impact it could have in global AI development.