[Epoch Times October 21, 2021](Epoch Times reporter Gao Shan compiled a report) The US Commerce Department announced a long-awaited regulation on Wednesday (October 20). Officials hope that this rule will help prevent the export or resale of hacking tools to the CCP and Russia, while still enabling cross-border cybersecurity cooperation.
According to the “Washington Post” (Washington Post) report, the regulation will come into effect within 90 days, and the scope of application includes software such as “Pegasus” that has attracted much attention recently. “Pegasus” is a powerful spyware, sold to governments by the Israeli company NSO Group. Some governments use it to monitor dissidents and journalists.
The regulation will prohibit the sale of hacking software and equipment to the CCP, Russia, and other worrying countries, unless approved by the Bureau of Industry and Security (BIS) of the U.S. Department of Commerce.
A senior official of the US Department of Commerce said that the purpose of the regulations is not to prevent US researchers from cooperating with overseas colleagues to find software defects, or to prevent cybersecurity companies from responding to hacking incidents.
This regulation has been brewing for many years and was shelved for fear of hindering cyber defense efforts. The officials hope that they have now reached the right balance.
A senior official said: “The reason is that these tools may be abused for human rights violations, tracking and identifying dissidents, and disrupting networks or communications, but they also have very reasonable and legitimate cybersecurity uses.” According to the agency’s development. The basic rule, the official requested anonymity. “Therefore, the regulation restricts the export of such products to the troubled countries.”
Officials said that the US Department of Commerce has implemented export controls on products containing encryption technology, so the new regulations will apply to products that do not contain encryption technology.
Officials said that there may be few American companies whose products are subject to this regulation, but any company outside the United States that sells software or technology from the United States to develop network intrusion products must obtain authorization.
This rule is complicated. For example, if a US company wants to provide “intrusive spyware” to the governments of Israel, the United Arab Emirates, and Saudi Arabia, it needs to obtain a license for this. But if the software will be used for cyber defense purposes, such as penetration testing, and will be sold to non-government personnel, then there is no need to apply for a license.
According to the regulations, any intrusive software sold to anyone in the CCP or Russia, even for cyber defense purposes, regardless of whether they work for the government or not, requires a license.
Before deciding whether to grant a license, the Bureau of Industrial Security of the Ministry of Commerce will review the end user.
Kevin Wolf, former assistant secretary of export management at the Ministry of Commerce, said: “This is one of the main purposes of applying for a license.” “Do we believe that overseas companies will use it for the reasons mentioned above? In doubt, their application will be rejected.”
This provision will bring the United States into line with the 42 European and other allies of the Wassenaar Arrangement. The “Wassenaar Agreement” establishes a voluntary export control policy for military and dual-use technologies or products that can be used for both civil and military purposes.
China is not a member of the Wassenaar Agreement, but Russia is a member of the agreement.
Israel is also not a member of the organization, but it has voluntarily adopted control measures, although this apparently did not prevent “Pegasus” from being sold to Saudi Arabia and being used by the Saudi Arabian authorities to track journalists and dissidents because of the implementation of the “Wa The control measures of the Senner Agreement vary in different ways.
Israel’s NSO company stated that it does not sell products to the CCP and Russia and requires its customers to use it only for law enforcement or counter-terrorism purposes.
Most other Wassenaar countries have also implemented regulations on hacking tools. Officials say the United States will be the last or almost the last country to do so.
This issue was delayed because of its complexity and because the National Security Agency did not want to hinder legitimate cybersecurity efforts. Unlike most other “Wassenaar Accord” member countries, the United States has a huge cybersecurity industry.
Editor in charge: Ye Ziwei#
.