US rule would restrict sales of commercial hacking tools
After a string of hacking scandals involving private surveillance companies, the United States is seeking to place further restrictions on the sale of commercial hacking tools, in hopes of cracking down on industry abuses against the foreigner.
On Wednesday, the Commerce Department announced a to reign change that will impose new restrictions on the resale or export of “certain items that may be used for malicious cyber activity”. This applies to tools used to infiltrate digital systems and perform surveillance, such as notorious commercial spyware, Pegasus—As well as other hacking and “intrusion” software, the Washington Post reported for the first time. The rule, which has reportedly been in the works for years, will come into effect in 90 days.
While the intricacies of the new 65-page rule are somewhat thorny, the biggest result is a new licensing requirement for US companies wishing to sell hacking tools to countries “at risk of national security or weapons. of mass destruction “, as well as” “countries subject to an American arms embargo”, announcement said. Roughly translated, this means that the biggest geopolitical rivals of the United States, namely Russia and China, are on this list, along with a few others. Companies wishing to sell hacking tools to these countries will now need to acquire a special license from the Bureau of Industry and Security of the Department of Commerce. Applications for such licenses will be considered individually to determine whether they are appropriate.
“The United States government opposes the misuse of technology to infringe human rights or carry out other malicious cyber activity, and these new rules will help ensure that American companies do not not authoritarian practices. the announcement States.
The new changes, while seemingly long, follow multiple high-profile hacking scandals that have threatened human rights and involve malicious cyber activity. Most notably, spyware company NSO Group has been at the center of an ongoing controversy, spurred by the publication of a major journalistic investigation detailing the extent which its malware has been used to hack journalists, politicians and human rights activists around the world. NSO has reportedly sold its services to governments around the world — a number with poor human rights records and use company malware to spy on dissidents and critics.
In September, another scandal erupted after three former U.S. intelligence officers admitted to hacking into US computer systems at the behest of BlackMatter, a Middle Eastern cybersecurity company working for the government of the United Arab Emirates. The incident inspired proposed rule changes this would make it more difficult for former intelligence officers to work for foreign governments.
US Secretary of Commerce Gina Raimondo said in a statement that the rule was designed to limit “malicious” cyber activity while protecting “legitimate” uses of the technology.
“The United States is committed to working with our multilateral partners to prevent the spread of certain technologies that can be used for malicious activities threatening cybersecurity and human rights,” said Raimondo. “The Commerce Department’s Interim Final Rule imposing export controls on certain cybersecurity items is a tailored approach that protects US national security from malicious cyber actors while ensuring legitimate cybersecurity activities. “