United States defense contractor L3Harris is in talks with NSO Group, a blacklisted Israeli spyware company, to purchase the firm’s spyware tools. 

The Biden administration is warning that this potential acquisition is deeply concerning and would raise serious counterintelligence and security concerns for the U.S. government, according to The Washington Post.

“The unusual transaction appears to be an attempt to salvage some utility from a firm facing serious financial straits, by selling its most valuable product — its hacking code and access to the software’s developers — to a company that would restrict its use to the United States and trusted Western allies,” authors Ellen Nakashima and Craig Timber write. 

However, the deal faces several challenges, including a lack of support from the Biden administration. “The U.S. Government opposes efforts by foreign companies to circumvent U.S. export control measures or sanctions,” a White House official said in a statement.

Late last year, the NSO Group was blacklisted on the U.S. Entity List for its use of spyware that may have targeted smartphones belonging to journalists, dissidents, human rights activists and more. NSO’s surveillance technology, Pegasus, has allegedly been used by the company’s government clients to target American citizens, including Carine Kanimba, daughter of Rwandan dissident Paul Rusesabagina, and U.S. state department officials working overseas, The Guardian reports

An L3Harris spokesperson said, “We are aware of the capability and we are constantly evaluating our customers’ national security needs. At this point, anything beyond that is speculation.”

The White House said it had not been involved in the reported potential transaction. A senior White House official says that any U.S. company, especially a cleared U.S. defense contractor, should be cognizant that a transaction with a blacklisted firm would “not automatically remove a designated entity from the Entity List, and would spur intensive review to examine whether the transaction poses a counterintelligence threat to the U.S. Government and its systems and information, whether other U.S. equities with the defense contractor may be at risk, to what extent a foreign entity or government retains a degree of access or control, and the broader human rights implications.”

Mike Parkin, Senior Technical Engineer at Vulcan Cyber, says the potential purchase of Pegasus developer, NSO, by L3Harris is an interesting development. “The revelation of tools like Pegasus shined a light on how sophisticated these things can be and just what was available at the commercial level. These tools are commonly associated with state and state-sponsored organizations, and with L3Harris’s position as a defense contractor, NSO is an obvious fit.”

What does this mean for privacy and personal security advocates? Parkin believes it remains to be seen on national and international levels. “There is always a difficult balancing act between privacy, personal liberty, and national security interests. Whether government and industry can strike that balance remains to be seen,” he says.