US Bans Hacking Tool Sales to China and Russia

New Export Restrictions on Hacking Tools Announced

The U.S. Department of Commerce has declared a forthcoming ban on the export of hacking tools to governments exhibiting authoritarian tendencies. This action is intended to limit infringements on human rights and curtail other harmful cyber operations.

Details of the Export Ban

Initially reported by The Washington Post and subsequently verified by the Commerce Department, the regulation will effectively prohibit the export or resale of hacking software and related equipment to nations like China and Russia, alongside other countries identified as areas of national security concern. A license from the Bureau of Industry and Security (BIS) will be required for such transactions.

Broader National Security Approach

This decision follows earlier restrictions imposed by the Biden administration in March. These previous measures limited the export of advanced U.S. technologies – including sophisticated semiconductors and software utilizing encryption for data security – to both China and Russia. This demonstrates a continuing firm stance on national security matters concerning these two countries.

Targeted Software and Implementation

The new sanctions are scheduled to take effect within 90 days. They will encompass software like Pegasus, a spyware created by the Israeli firm NSO Group. This software has been reportedly utilized by several authoritarian regimes to compromise the mobile devices of prominent critics, including journalists, activists, politicians, and business leaders.

Exemptions for Cybersecurity Research

Conversely, software designed specifically for cyber defense is excluded from the licensing requirements. This ensures that U.S.-based cybersecurity researchers can continue to collaborate internationally and responsibly disclose vulnerabilities to software developers. A prior proposed rule in 2015 generated nearly 300 comments expressing concerns about potential impacts on legitimate cybersecurity work.

Alignment with International Standards

This regulation aligns the U.S. with the 42 European nations and allies participating in the Wassenaar Arrangement. This arrangement establishes voluntary export control policies for both military and dual-use technologies.

Statement from Commerce Secretary Raimondo

“The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights,” stated Commerce Secretary Gina M. Raimondo. “The Commerce Department’s interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America’s national security against malicious cyber actors while ensuring legitimate cybersecurity activities.”

Public Comment and Finalization

The Commerce Department, having experienced the impact of the Russia-linked SolarWinds hack last year, is providing a 45-day period for public comment on the rule. Feedback is specifically requested regarding the potential costs of compliance and any possible effects on legitimate cybersecurity endeavors. The agency will then have an additional 45 days to incorporate changes before the rule is finalized.

Key Takeaways

The U.S. is restricting the export of hacking tools to authoritarian governments.
The ban targets countries like China and Russia.
Cyber defense software is exempt from the new regulations.
The rule aligns with international export control standards.