Troubled that former American spies are plying their trade for foreign governments, Congress has passed new legislation requiring U.S. spy agencies to provide an annual assessment detailing the risks such conduct poses for national security.
The new measure was driven by a Reuters investigation revealing how former National Security Agency employees clandestinely assisted a foreign cyber espionage operation in the United Arab Emirates, helping the monarchy target rivals, dissidents and journalists.
Max Rose, a Democratic Congressman from New York, called the contracting practices revealed by Reuters “absolutely chilling” when he initially proposed the legislation on the floor of the U.S. House of Representatives last year.
In an emailed statement this week, Rose said the U.S. government has “no comprehensive understanding” of the national security implications triggered when former U.S. intelligence experts go to work overseas.
The new measure, Rose said, will help Congress learn “the full scope of this issue and what steps are needed to keep our nation’s secrets safe.”
This provision was signed into law as part of the Defense Department’s spending bill last month. It will require Washington’s intelligence community to provide Congress with an annual assessment of risks to national security posed by “retired and former personnel of the intelligence community” who work as intelligence contractors to foreign governments.
The legislation is the second measure Congress signed into law in recent weeks targeting foreign spying work. Another new piece of legislation directs the State Department to report to Congress how it controls the spread of cyber tools and to disclose any action it has taken to punish companies for violating its policies.
Before offering hacking tools or services to foreign governments, contractors must generally obtain approval from the U.S. State Department. While it’s usually legal for retired intelligence personnel to work for foreign governments – provided they don’t reveal U.S. secrets – some defense experts and lawmakers fear the practice poses risks to the United States.
The secret UAE hacking unit uncovered by Reuters was initially created to help the country fight terrorism. Reuters revealed how it evolved into a tool for the monarchy to quash dissent. The clandestine program, known as Project Raven, helped local security forces track activists, who were sometimes later tortured.
The Office of the Director of National Intelligence said it was aware of the new legislation but did not respond to further questions. The UAE Embassy in Washington did not respond to a request for comment. In response to Reuters reporting, a senior UAE official last year said the country possessed a “cyber capability” vital to helping it protect itself.
A State Department spokesman declined to comment. The agency previously said human rights concerns are carefully weighed before such approvals are issued but declined to comment on the authorizations granted for Project Raven.