Congress passed a law this week requiring the State Department to provide Congress with a list of surveillance technology companies to blacklist. The law specifically targets technology companies that have provided equipment “that has knowingly assisted or facilitated a cyber attack or conducted surveillance” targeting the United States, activists, journalists, politicians, or political dissidents. The legislation was passed as part of the National Defense Authorization Act and follows recent controversy generated by the spyware company NSO Group. NSO Group’s phone-hacking software Pegasus has been used to target “more than 1,000 people spanning more than 50 countries,” including politicians like Emmanuel Macron, journalists like Jamal Khashoggi, at least nine U.S. State Department officials, and other activists, lawyers, and businesspeople. In November, the Biden Administration blacklisted NSO Group, prohibiting U.S. companies from selling technology to the spyware company. EPIC’s Surveillance Oversight Project has advocated against surveillance of digital devices, and EPIC recently submitted a Freedom of Information Act (FOIA) request to the FBI seeking information about the Federal Government’s connections to NSO Group.