The U.S. Treasury Department this week removed three Iranian individuals from its sanctions list who had been previously accused of working for Intellexa, the consortium known for developing Predator spyware. The decision comes despite recent investigations highlighting the spyware’s potential to bypass human rights safeguards and continued concerns from researchers.
The sanctions against Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou were initially imposed by the Biden administration in 2024 as part of a broader effort to target operators of commercial spyware. The Treasury Department announced the deletions as part of a routine update to its sanctions programs, offering no immediate detailed explanation for the reversal.
Intellexa Sanctions Removal Sparks Concern
The move to delist individuals associated with Intellexa and its Predator spyware has raised questions among cybersecurity experts and civil liberties advocates. These individuals were previously designated under the Biden administration’s sanctions for their alleged roles within the Intellexa Consortium.
Alleged Roles in Intellexa Consortium
According to the U.S. Treasury Department’s prior designations, Merom Harpaz was identified as a manager for Intellexa S.A., a key member of the consortium. Andrea Nicola Constantino Hermes Gambazzi was described as the functional owner of Thalestris Limited and Intellexa Limited, other entities within the group. Sara Aleksandra Fayssal Hamou was noted as a corporate offshore specialist who provided managerial services to the consortium.
While the U.S. official cited a “normal administrative process” in response to a petition for reconsideration, the timing is notable. This sanctions removal occurs shortly after investigations revealed that Intellexa appeared to maintain the ability to remotely access systems of Predator customers, even after previous sanctions were in place. This capability has drawn scrutiny regarding its implications for human rights.
Continued Spyware Activity and Human Rights Concerns
Recent reports published last month indicated an expansion in Predator spyware’s targeting activities. These reports also detailed the exploitation of malicious mobile advertisements as a method to infect targets, further amplifying concerns among researchers and human rights advocates who monitor the commercial spyware industry.
Organizations like Access Now and the Citizen Lab have publicly expressed their reservations about the sanctions removals. Natalia Krapiva, senior tech-legal counsel at Access Now, stated on social media that the public deserves transparency regarding the evidence that substantiates these individuals’ separation from the Intellexa Consortium.
John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab, described the removals as “puzzling.” He suggested that such actions might be interpreted within the mercenary spyware sector as a signal that U.S. sanctions can be circumvented through lobbying efforts. The implication, according to Scott-Railton, is that individuals involved in such activities, even if they pose risks, might find ways to avoid consequences.
Looking Ahead
The U.S. official emphasized that sanctions powers include the flexibility to remove designations when circumstances change, consistent with legal frameworks. However, the lack of specific public details surrounding the reconsideration process for these Intellexa-linked individuals leaves room for continued scrutiny. The next steps may involve further reports on the operational status of Intellexa or potential responses from other international bodies. The ongoing debate over the regulation and impact of commercial spyware will likely continue to shape future U.S. policy decisions.