U.S. lawmakers call on spy chief to rein in spread of hacking tools

By Christopher Bing May 20 (Reuters) - U.S. lawmakers want the State Department and intelligence community to help rein in the sale of surveillance tools by private companies to repressive regimes, according to a letter signed by a bipartisan group of congressmen released on Monday. The effort, led by Democratic Representative Tom Malinowski, is the second request in the last week asking the State Department to provide information about its approval process for U.S. companies that sell offensive cyber capabilities and other surveillance services to foreign governments. The letter to Secretary of State Mike Pompeo and Director of National Intelligence Daniel Coats references a Reuters report in January which showed a U.S. defense contractor provided staff to a United Arab Emirates hacking unit called Project Raven. The UAE program utilized former U.S. intelligence operatives to target militants, human rights activists and journalists in the Middle East as well as American citizens. "As your investigation and a lot of others have made clear, this is a totally unregulated place," Malinowski said in a phone interview on Monday. "Most Americans would be disturbed that highly advanced hacking tools that are used by intelligence agencies to catch terrorists are sold on the open market to governments that use them against ordinary Americans as well as dissidents in their own countries." The Office of the Director of National Intelligence confirmed receiving the letter and had no further comment. The State Department does not comment on congressional correspondence. Lawmakers say they are increasingly concerned about the spread of advanced surveillance technologies which can be used by authoritarian governments to hunt down political opponents. The letter, sent on Friday, recommended that the U.S. government "enhance its ability" to prevent former U.S. intelligence officials from becoming mercenaries for foreign intelligence services. It also encouraged American allies to similarly investigate the issue within their own countries. "Repressive governments are obviously interested in using these capabilities to hunt down their political opponents but we shouldn't forget the United States is full of people who are critical of governments overseas, who are refugees of dictatorships," said Malinowski, who is a member of the House Foreign Affairs Committee. Under U.S. law, companies selling cyber offensive products or services to foreign governments require State Department permission under certain circumstances. Reuters previously reported that State Department officials granted permission to a U.S. contractor, Maryland-based CyberPoint International, to assist an Emirates intelligence agency in surveillance operations, but it is unclear how much they knew about its activities in the UAE. (Reporting by Christopher Bing; Editing by Richard Chang)