Vladimir Tsakanyan
In a striking reversal of Biden-era enforcement measures, the Trump administration has lifted sanctions on three executives connected to Intellexa, the consortium behind the notorious Predator spyware. This decision exposes fundamental tensions in how democratic nations balance national security concerns, commercial interests, and human rights in an increasingly digital world where surveillance technology has become a global commodity.
The Undoing of a Crackdown
In March 2024, the Biden administration sanctioned seven individuals tied to Intellexa, describing the consortium as a complex international network that enabled the spread of commercial spyware to authoritarian regimes. The sanctions targeted Sara Hamou, Andrea Gambazzi, and Merom Harpaz—individuals accused of providing critical managerial, financial, and executive services to the spyware operation.
The reversal came swiftly. The Treasury Department characterized the removal as part of a routine administrative process following reconsideration petitions, noting that each individual had demonstrated steps to separate themselves from Intellexa. Yet this bureaucratic framing obscures a more significant policy shift: while founder Tal Dilian remains sanctioned, the infrastructure that enabled Predator’s proliferation is being quietly rehabilitated.
The Predator Threat: More Than Surveillance
Understanding the gravity of this decision requires examining what Predator actually does. The spyware enables governments to spy on individuals through zero-click and one-click attacks, granting attackers complete device access including the ability to remotely activate microphones and cameras. This isn’t theoretical—the spyware was allegedly used to covertly surveil more than 50 U.S. government officials, journalists, and policy experts worldwide.
The Intellexa consortium’s Predator spyware sits at the center of a major scandal involving surveillance of a journalist, a prominent opposition figure, and dozens of others in Greece, while investigative reports in 2023 revealed that the Vietnamese government attempted to hack members of the U.S. Congress using Intellexa’s tools. These weren’t isolated incidents but part of a systematic pattern of abuse that prompted the original sanctions.
The Greek Watergate: A Case Study in Spyware Governance Failure
The Greek surveillance scandal provides perhaps the clearest window into how commercial spyware undermines democratic institutions. The scandal, known as “Predator Gate” or the Greek Watergate, involved the use of Predator software to monitor journalists, politicians, and other public figures. In 2022, Nikos Androulakis, leader of the socialist PASOK party, received an alert that his phone had been targeted by Predator, and later discovered he was also under surveillance by Greece’s National Intelligence Service.
What makes this case particularly instructive is the government’s response. A Supreme Court investigation concluded that no state ministry or agency had used Predator, placing responsibility on four individuals linked to private companies. Yet the government faced criticism for appearing to lack determination in identifying those responsible for spying on its own ministers and military personnel, with investigators leaving empty-handed after raiding Intellexa’s Athens offices months after the scandal broke.
The structural implications are disturbing. Court testimony revealed that Intellexa continued operating despite U.S. sanctions by conducting activities under alternative corporate structures, with former employees working through intermediary companies while performing identical functions. This pattern demonstrates how commercial spyware companies exploit corporate opacity to evade accountability.
The Cybersecurity Policy Dilemma
The sanctions removal illuminates several critical challenges facing cybersecurity policy:
The Attribution Problem: Commercial spyware exists in a gray zone between legitimate intelligence tools and weapons of repression. Unlike traditional military hardware, software can be deployed, transferred, and modified with minimal physical infrastructure. Leaked training videos revealed that Intellexa retained the capability to remotely access customer systems, meaning the company would have access to data on individuals targeted by governments. This creates complex questions about responsibility when abuse occurs.
The Enforcement Gap: Despite sanctions being ostensibly about preventing harm to U.S. interests, enforcement mechanisms remain inadequate. Recent research found that while Predator use appears to have slowed in 2025, it remains deployed in countries worldwide including Iraq, Pakistan, and Mozambique. The continued operation suggests sanctions alone cannot halt the mercenary surveillance market.
The Alliance Paradox: Democratic nations face a particular challenge: authoritarian states can surveil their populations without legal constraints, while democracies must balance security needs against civil liberties. Unlike authoritarian rivals such as China or Russia, the U.S. cannot legally monitor private critical-infrastructure operators without their consent, creating uneven protection across sectors. This asymmetry puts liberal democracies at a structural disadvantage in both offensive and defensive cyber operations.
The Human Rights Dimension
The sanctions removal carries profound implications for human rights and press freedom. Digital freedom advocates expressed alarm at the delisting, questioning what evidence demonstrates that the individuals have ceased involvement with Intellexa-affiliated entities that targeted U.S. officials from both parties with spyware.
The concern is well-founded. Amnesty International found forensic evidence confirming that Intellexa’s Predator was used in specific surveillance abuses in Greece and Egypt, including against Greek journalist Thanasis Koukakis, whose phone was targeted with Predator in 2020 and 2021. These weren’t isolated technical failures but deliberate targeting of individuals investigating corruption and holding power accountable.
Shifting Policy Priorities
The Trump administration’s action reflects a broader recalibration of cybersecurity priorities. A June 2025 executive order on strengthening national cybersecurity redirected focus toward artificial intelligence, post-quantum cryptography, and countering foreign actors while reducing federal oversight. This approach prioritizes technological competition with state adversaries like China over controlling the commercial surveillance market.
China has emerged as the leading state-sponsored cyber adversary, with the “Salt Typhoon” group breaching nine U.S. telecommunications firms in 2024 and intercepting communications of government officials, tech executives and journalists. Former FBI Director Christopher Wray called it the most significant cyber espionage campaign in history. Against this backdrop, the administration may view private sector spyware companies as less urgent threats.
The Broader Pattern: What This Signals
The sanctions removal cannot be viewed in isolation. It represents a policy signal about how the U.S. will engage with the global surveillance technology market. By allowing individuals to petition their way off sanctions lists relatively quickly—within two years of the original designation—the government sends a message about the durability of consequences for enabling digital repression.
The decision marks a stark reversal from the Biden administration’s comprehensive crackdown on spyware manufacturers through sanctions, blacklisting, international pacts, and visa bans. That multi-layered approach recognized that commercial spyware represents a systemic threat requiring sustained, coordinated pressure across diplomatic, economic, and legal domains.
The new approach appears more transactional: demonstrate formal separation from sanctioned entities, and sanctions can be lifted. But this misunderstands how the mercenary spyware market operates. Court testimony in Greece showed that former Intellexa employees continued the same work through intermediary companies, with identical software, client bases, and duties. Corporate restructuring doesn’t eliminate capability or intent—it merely obscures accountability.
The International Context
This policy shift occurs as other democracies grapple with similar challenges. Following exposure of Greece’s surveillance scandal, new legislation in 2022 legalized the use of surveillance software by state security services under strict conditions. Rather than creating accountability, the scandal prompted legal accommodation of capabilities that were previously prohibited.
This pattern—scandal followed by legalization—reveals how commercial spyware normalizes invasive surveillance. When governments discover powerful tools exist and adversaries use them, political pressure builds to “level the playing field” rather than establish meaningful constraints. The result is a global race to the bottom in digital privacy protections.
Implications for Democratic Governance
The deeper concern is what this reveals about democratic nations’ capacity to govern emerging technologies. Commercial spyware poses a unique challenge: it’s developed by private companies, sold to governments, used against civilians, and justified by national security concerns that resist public scrutiny. This combination makes effective oversight exceptionally difficult.
Research indicates that Predator was used to target more than 50 U.S. government staffers working worldwide. When American officials are themselves victims of technology sold to foreign governments, the line between cybersecurity policy and counter-intelligence blurs. The sanctions removal suggests that corporate separation, rather than ceasing harmful activity, has become the operative standard for rehabilitation.
Moving Forward: The Need for Systemic Reform
The Intellexa case demonstrates that current policy tools—sanctions, export controls, and criminal prosecution—are insufficient to address the commercial surveillance threat. These measures target individuals and entities after harm occurs, but do little to prevent the underlying market dynamics that incentivize development and sale of invasive technologies.
Effective reform would require several elements: international agreements establishing clear norms against mercenary surveillance; robust due diligence requirements for technology companies; transparency measures allowing public scrutiny of government surveillance capabilities; and most critically, recognition that commercial spyware is fundamentally incompatible with democratic governance.
The Trump administration’s decision to lift sanctions on Intellexa executives suggests we’re moving in the opposite direction—toward accommodation of commercial surveillance as an inevitable feature of modern statecraft. This path leads to a world where privacy is a luxury, dissent is surveyable, and the infrastructure of democratic discourse exists under persistent threat of compromise.
Conclusion
The removal of sanctions on three Intellexa executives represents more than a bureaucratic decision—it’s a referendum on how seriously the United States takes the threat posed by commercial spyware to democratic institutions, human rights, and its own national security interests. By allowing individuals to distance themselves from sanctioned entities and regain access to the U.S. financial system, the government signals that consequences for enabling digital repression are temporary and negotiable.
This sends a troubling message at a critical moment. As artificial intelligence capabilities expand, post-quantum encryption becomes necessary, and nation-states invest billions in cyber arsenals, the mercenary surveillance market grows more sophisticated and dangerous. Researchers note that Intellexa may remain more active than is readily apparent due to changes in domain naming conventions that make it harder to find its infrastructure.
The Greek surveillance scandal, the targeting of U.S. officials, and the continued operation of Predator across multiple continents all point to the same conclusion: current approaches to governing commercial spyware have failed. The sanctions removal doesn’t just undo previous enforcement—it validates the strategies of evasion and corporate restructuring that allow these capabilities to persist despite international pressure.
Democratic nations face a choice: develop comprehensive frameworks that genuinely constrain the commercial surveillance market, or accept that privacy, press freedom, and the integrity of democratic institutions will continue to erode. The Trump administration’s decision suggests which path we’re currently on. Whether there’s political will to change course remains to be seen.
Leave a comment