Britain and France to discuss misuse of commercial cyber intrusion tools

The United Kingdom and France will soon launch a consultation on how to tackle “the proliferation and irresponsible use” of commercial cyber intrusion tools, according to a statement by the U.K. government.

This dialogue will be part of the Pall Mall Process, a government initiative aimed at limiting the misuse of commercial hacking tools, such as spyware.

“Through this consultation, we will invite stakeholders to share views on good practices relating to commercial cyber intrusion capabilities,” the U.K. government said in a statement on Friday, adding that states, industry organizations, and civil society experts with relevant expertise could join the dialogue.

“Note that we may share your details with our partners in the French government, as the Pall Mall Process is a joint initiative,” the statement added.

The Pall Mall declaration was signed during a diplomatic conference in February, led by the U.K. and France, and joined by “a coalition of states, businesses, and civil society,” including multinational companies such as Apple, BAE Systems, Google and Microsoft. The parties agreed to meet again in Paris in 2025.

In a comment to Recorded Future News, U.K. cybersecurity researcher Andrew Dwyer called the consultation “a genuine attempt by the U.K. and France to develop some guidance on what ‘good practice’ looks like with regard to cyber intrusion tools.”

Dwyer noted that while the consultation is unlikely to achieve much on its own, it will help shape broader standards for the use of commercial hacking tools.

The difficulty with such an initiative, he added, “is understanding how the diverging views on cyber intrusion tools will be resolved across diverse communities — and how that is presented.”

Last year, Britain’s cyber and signals intelligence agency, GCHQ, warned that more than 80 countries had purchased spyware over the past decade.

While some of those countries had purchased the hacking tools for legitimate law enforcement purposes, others used them “to target journalists, human rights activists, political dissidents and opponents, and foreign government officials,” the agency stated.

The growing market “raises questions and concerns over its impact on national security, human rights and fundamental freedoms, international peace and security,” the Pall Mall declaration stated.

Cybersecurity researchers have previously raised concerns about whether the states could put the Pall Mall declaration into practice. Conducting intermediary meetings ahead of the conference in early 2025 could be one of the keys to success, according to French policy expert in tech governance and diplomacy Jérôme Barbier.

With the Paris conference approaching, “it is essential that a consultation is conducted in advance to inform future discussions,” Dwyer said.