The U.S. Commerce Department on Wednesday announced new rules
barring the sales of hacking software and equipment to
authoritarian regimes and potentially facilitate human rights abuse
for national security (NS) and anti-terrorism (AT) reasons.
The mandate[1], which is set to go into
effect in 90 days, will forbid the export, reexport and transfer of
“cybersecurity items” to countries of “national security or weapons
of mass destruction concern” such as China and Russia without a
license from the department’s Bureau of Industry and Security
(BIS).
“The United States Government opposes the misuse of technology
to abuse human rights or conduct other malicious cyber activities,
and these new rules will help ensure that U.S. companies are not
fueling authoritarian practices,” BIS said[2]
in a press release.
The rule does not cover “intrusion software” itself, but rather
the following —
- Systems, equipment, and components specially designed or
modified for the generation, command, and control, or delivery of
intrusion software (ECCN[3]
4A005) - Software specially designed or modified for the development or
production of systems, equipment, and components (ECCN
4D001.a) - Software specially designed for the generation, operation,
delivery, or communication with intrusion software (ECCN 4D004),
and - Technology required for the development, production, and use of
systems, equipment, and components, and development of intrusion
software (ECCNs 4E001.a and 4E001.c)
However, it’s worth noting that the restriction does not apply
when it comes to responding to cybersecurity incidents or for
purposes of vulnerability disclosure, as well as for pursuing
criminal investigations or prosecutions that may follow in the wake
of digital intrusions.
It also doesn’t apply when the items are being sold to any
“favorable treatment cybersecurity end user,” which could be a U.S.
subsidiary, providers of banking and other financial services,
insurance firms, and civil health and medical institutions.
The move is expected to align the U.S. with 42 European and
other countries such as Australia, Canada, India, Russia, and South
Korea, who are members of the Wassenaar Arrangement[4]
that lays out voluntary export control policies on conventional
arms and dual-use goods and technologies, including internet-based
surveillance systems.
“The United States is committed to working with our multilateral
partners to deter the spread of certain technologies that can be
used for malicious activities that threaten cybersecurity and human
rights,” U.S. Secretary of Commerce Gina M. Raimondo said.
“The Commerce Department’s interim final rule imposing export
controls on certain cybersecurity items is an appropriately
tailored approach that protects America’s national security against
malicious cyber actors while ensuring legitimate cybersecurity
activities,” Raimondo added.
References
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/Rb2K8GbxPXk/us-government-bans-sale-of-hacking.html