NEW: clear US policy towards mercenary spyware industry in the new #NDAA.
And it's *bad news* for shady spyware companies.
Quick thread of highlights from Sec 6318 of this robust bit of legislation 1/
2/ First, there's a yearly reporting requirement from the intelligence community.
Including deep dive into the finances, corporate structures of mercenary spyware companies.
And their customers.
And who is actually being hacked + whether that includes targeting of US. #NDAA
3/ Next, the DNI gets the authority to prohibit purchase & use by USG of mercenary spyware.
AND can block US Intelligence from doing biz with companies that have acquired mercenary spyware.
There is a waiver authority.
4/. DNI is also directed to beef up guidance & reporting on protecting devices from foreign commercial #spyware.
+ requirement that appropriate Congressional committees get briefed if US personnel get targeted.
+ consultation with private sector to identify risks.
#NDAA
5/ #NDAA also directs DNI to report to Congress on potential for US to lead allies & Five Eyes partners to a harmonized effort to mitigate counterintelligence risks of foreign commercial #spyware.
Nightmare fuel for notorious mercenary spyware companies.
6/ Compared to original #NDAA, I note sanctions language is out, but this remains a promising first step towards tackling foreign commercial #spyware.
Let harmonization with allies begin...
NDAA amendments (I've been tweeting Sec. 6318) rules.house.gov/sites/democrat…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.