Britain and France to discuss misuse of commercial cyber intrusion tools

Summary: The United Kingdom and France are set to initiate a consultation aimed at addressing the proliferation and misuse of commercial cyber intrusion tools, as part of the Pall Mall Process. This initiative seeks to establish good practices and standards for the use of such tools, involving various stakeholders from states, industry, and civil society.

Threat Actor: Unknown | unknown
Victim: Various | various

Key Point :

  • The consultation will invite stakeholders to share views on best practices for commercial cyber intrusion tools.
  • The Pall Mall Process aims to limit the misuse of hacking tools, with a focus on national security and human rights implications.
  • Concerns exist regarding the differing views on cyber intrusion tools among diverse communities.
  • Previous warnings from GCHQ highlighted the misuse of spyware by over 80 countries, raising significant ethical and security questions.
  • Intermediary meetings before the 2025 Paris conference may be crucial for the success of the initiative.

The United Kingdom and France will soon launch a consultation on how to tackle “the proliferation and irresponsible use” of commercial cyber intrusion tools, according to a statement by the U.K. government.

This dialogue will be part of the Pall Mall Process, a government initiative aimed at limiting the misuse of commercial hacking tools, such as spyware.

“Through this consultation, we will invite stakeholders to share views on good practices relating to commercial cyber intrusion capabilities,” the U.K. government said in a statement on Friday, adding that states, industry organizations, and civil society experts with relevant expertise could join the dialogue.

“Note that we may share your details with our partners in the French government, as the Pall Mall Process is a joint initiative,” the statement added.

The Pall Mall declaration was signed during a diplomatic conference in February, led by the U.K. and France, and joined by “a coalition of states, businesses, and civil society,” including multinational companies such as Apple, BAE Systems, Google and Microsoft. The parties agreed to meet again in Paris in 2025.

In a comment to Recorded Future News, U.K. cybersecurity researcher Andrew Dwyer called the consultation “a genuine attempt by the U.K. and France to develop some guidance on what ‘good practice’ looks like with regard to cyber intrusion tools.”

Dwyer noted that while the consultation is unlikely to achieve much on its own, it will help shape broader standards for the use of commercial hacking tools.

The difficulty with such an initiative, he added, “is understanding how the diverging views on cyber intrusion tools will be resolved across diverse communities — and how that is presented.”

Last year, Britain’s cyber and signals intelligence agency, GCHQ, warned that more than 80 countries had purchased spyware over the past decade.

While some of those countries had purchased the hacking tools for legitimate law enforcement purposes, others used them “to target journalists, human rights activists, political dissidents and opponents, and foreign government officials,” the agency stated.

The growing market “raises questions and concerns over its impact on national security, human rights and fundamental freedoms, international peace and security,” the Pall Mall declaration stated.

Cybersecurity researchers have previously raised concerns about whether the states could put the Pall Mall declaration into practice. Conducting intermediary meetings ahead of the conference in early 2025 could be one of the keys to success, according to French policy expert in tech governance and diplomacy Jérôme Barbier.

With the Paris conference approaching, “it is essential that a consultation is conducted in advance to inform future discussions,” Dwyer said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Source: https://therecord.media/united-kingdom-france-pall-mall-process-cyber-intrusion-tools