Press Releases

Today, Congressman Adam Schiff (D-Calif.), Chairman of the House Permanent Select Committee on Intelligence, delivered an opening statement at an open hearing on commercial cyber surveillance:

Good morning and welcome.  The Committee will come to order.

Without objection, the chair may declare a recess at any time.

This session will be conducted entirely on an unclassified basis. All participants are reminded to please refrain from discussing any classified national security information protected from public disclosure.  

Today, we are convening a public hearing on the acute, rapidly evolving threat posed by foreign commercial spyware.  

Public reports have shined a bright light on the robust market for powerful spying tools that are sold on the open market. The most sophisticated of these tools provide “zero click” access to all the information stored on a mobile phone, laptop, or other internet-connected device. E-mails, photographs, messages sent via encrypted apps, even the microphone on a device—literally nothing is out of reach.

This spyware could be used against every Member of this committee, every employee of the executive branch, every journalist or political activist. And aside from periodically updating the software on our devices, there’s little you can currently do to protect yourself from being targeted and compromised.

The availability of these tools in the hands of governments who previously lacked robust surveillance capabilities is truly a game changer for U.S. national security, which makes it an issue of particular concern to this Committee. It’s also a game changer for autocratic regimes that are looking for new means to surveil, intimidate, imprison, or even kill dissidents, journalists, and others who they view as a threat.

In 2021, a group of news organizations and researchers, acting under the banner of the Pegasus Project, sounded a public alarm about the potential for these hacking tools to be abused. Their starting point was a leaked list of more than 50,000 phone numbers that had been targeted by governments using spyware sold by one company, NSO Group.  

Since that disclosure, a steady stream of disturbing reports has revealed that thousands of journalists, civil society activists, and many others have had their devices compromised by NSO’s tools. 

One such individual, Carine Kanimba, is here with us today.  She will share the consequences that being targeted with spyware has had for her family. Ms. Kanimba’s experience should serve as a stark warning of the future that awaits us if countries and the private sector do not band together and act decisively to reign in foreign spyware companies.

But the threat is not limited to only people like Ms. Kanimba. It is also a threat to Americans, and particularly to U.S. government personnel serving overseas.

Late last year, multiple news organization reported that mobile phones used by U.S. diplomats in Uganda had been compromised by NSO’s Pegasus tool. It is my belief that we are very likely looking at the tip of the iceberg, and that other U.S. government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors. 

The Biden Administration has recognized the national security threat posed by commercial spyware and has taken action. 

Last November, the Commerce Department added four companies—including NSO Group—to its Entity List, which blocked them from accessing U.S. technology.  The Commerce Department stated this action was, quote, “based on evidence that these entities developed and supplied spyware to foreign governments” and that these companies’ activities were, quote, “contrary to the national security or foreign policy interests of the United States.”

Unfortunately, these listings have not deterred NSO or other foreign spyware companies from selling their tools to countries that could otherwise never develop such sophisticated surveillance capabilities indigenously. 

Clearly, additional actions are needed.  

The Intelligence Authorization Act, which was voted out of this Committee on a unanimous bipartisan basis last week, provided the Director of National Intelligence and the President with additional tools in foreign spyware companies—and also to ensure that foreign governments who target American officials pay a heavy price. 

Among the measures in our bill are sweeping new authorities for the DNI to prohibit the intelligence community from acquiring and using foreign spyware.  

Our bipartisan legislation further authorizes the DNI to block intelligence community contracts with U.S. companies that acquire, in whole or in part, any foreign spyware tool.  

We also granted the President new authority to sanction foreign spyware companies, their executives, and foreign government officials who target American officials with spyware. 

The nature of these foreign spyware tools makes them exceptionally hard to track and combat, and that’s precisely why the United States needs to put a greater emphasis on this threat, with the Intelligence Community playing a critical, lead role. I look forward to the testimony today from our three witnesses to assist this committee in fulfilling its obligations to make sure we stay ahead of this threat.

###