“Commerce Department announces new rule aimed at stemming sale of hacking tools to Russia and China”
The Washington Post, October 20, 2021
By Ellen Nakashima
““We’re trying to walk the line between not impairing legitimate cybersecurity collaboration across borders, but trying to make sure these pieces of hardware and software technology aren’t obtained and used by repressive governments,” the senior official said.”
The Commerce Department on Wednesday announced a long-awaited rule that officials hope will help stem the export or resale of hacking tools to China and Russia while still enabling cybersecurity collaboration across borders.
The rule, which will take effect in 90 days, would cover software such as Pegasus, a potent spyware product sold by the Israeli firm NSO Group to governments that have used it to spy on dissidents and journalists.
It would bar sales of hacking software and equipment to China and Russia, as well as to a number of other countries of concern, without a license from the department’s Bureau of Industry and Security (BIS).
What it is not intended to do, senior Commerce Department officials say, is prevent American researchers from working with colleagues overseas to uncover software flaws, or cybersecurity firms from responding to incidents.
The rule had been in the works for years, stalled earlier by fears that it would stymie defensive work in the cyber field. Now officials hope they have reached the right balance.
“The rationale is these are items that can be misused to abuse human rights, to track and identify dissidents or disrupt networks or communications, but they also have very legitimate cybersecurity uses,” said one senior official, who spoke on the condition of anonymity under ground rules set by the agency. “So what the rule does is restrict these exports to the problematic countries.”
About the Author:
Ellen Nakashima is a national security reporter with The Washington Post. She was a member of two Pulitzer Prize-winning teams, in 2018 for coverage of Russia’s interference in the 2016 election, and in 2014 and for reporting on the hidden scope of government surveillance.