The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact.
The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024. The goal of the Pall Mall Pact is to regulate Commercial Cyber Intrusion Capabilities (CCICs), or what we usually refer to as spyware and surveillance tools.
Signed by France, the UK, Japan, and 18 other EU member states, the Code of Practice is a voluntary non-binding agreement establishing “best practices” among governments in relation to the development, facilitation, purchase, transfer, and use of commercial cyber intrusion tools and services.
Primarily, it aims to tackle the misuse of powerful cybertools sold on the open market. These tools, often developed by private companies like the NSO Group and Paragon Solutions, have been exploited by state and non-state actors to surveil journalists, human rights defenders, activists, and even government officials. The misuse of spyware has raised concerns about its impact on democracy, human rights, and national security.
By promoting international collaboration among governments, combined with industry players like Google and Microsoft, civil society organizations, and academics, the pact represents a collective effort to regulate an industry that has operated almost without reins.
The ongoing proliferation of spyware poses existential risks to privacy and civil liberties. Commercial hacking tools have enabled intrusive surveillance practices that undermine fundamental freedom and human rights. For example, spyware can infiltrate smartphones and computers, granting unauthorized access to sensitive data such as messages, emails, and location information.
Initially, countries like the United States opted not to sign the Pall Mall Pact but to pursue similar initiatives independently. However, this fragmentation could dilute global efforts to regulate spyware effectively. Not ideal, since its voluntary nature already raises questions about its effectiveness.
While not legally binding, the Code offers building blocks for the future and builds momentum for further development. It also offers the participating states a framework for further discussion and national implementation into laws.
In an increasingly digital world, privacy is a growing concern. As our recent research showed, a majority of people feel isolated in securing their sensitive information from companies, governments, AI models, and scammers.
Privacy is more than a personal concern. It’s a cornerstone of democracy and human rights. The Pall Mall Pact offers a roadmap for protecting these values against the misuse of powerful surveillance technologies. No one should be subject to arbitrary or unlawful interference with their privacy, as set out in the International Covenant on Civil and Political Rights and other applicable international and regional treaties.
We don’t just report on privacy—we offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.