US govt to ban export of hacking tools to authoritarian regimes

Image: Lucas Sankey

The Commerce Department's Bureau of Industry and Security (BIS) today announced new controls that would ban U.S. companies from exporting and reselling software and hardware tools that could be used to fuel authoritarian practices through malicious hacking activities and human rights abuse.

The rule will become effective in 90 days and will effectively ban the export of "cybersecurity items" for National Security (NS) and Anti-terrorism (AT) reasons.

It also establishes a new License Exception Authorized Cybersecurity Exports (ACE) that bans exports and resale of these items to problematic countries, such as China and Russia, without a license.

The complete list includes states of weapons of mass destruction or national security concern or subject to a U.S. arms embargo.

"The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices," the BIS said.

BIS' new rule says that these items warrant controls because they could be leveraged to conduct malicious cyber activities, including but not limited to surveillance, espionage, or other actions that would disrupt, deny or degrade access to network devices.

"Today's rule is consistent with the result of BIS's negotiations in the Wassenaar Arrangement (W.A.) multilateral export control regime and with a review of comments from Congress, the private sector, academia, civil society, and other stakeholders on previously proposed BIS rulemaking in this area," the Commerce Department bureau said.

U.S. Secretary of Commerce Gina M. Raimondo added that the new rule is designed to block malicious threat actors' access to hacking tools that could be used to target U.S. entities and threaten U.S. national security, while also allowing their use for legitimate purposes.

"The United States is committed to working with our multilateral partners to deter the spread of certain technologies that can be used for malicious activities that threaten cybersecurity and human rights," Raimondo said.

"The Commerce Department's interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America's national security against malicious cyber actors while ensuring legitimate cybersecurity activities."

Related Articles:

US announces visa ban on those linked to commercial spyware

US charges two more suspects with DraftKing account hacks

US offers up to $15 million for tips on ALPHV ransomware gang

$700 cybercrime software turns Raspberry Pi into an evasive fraud tool

US sanctions crypto exchanges used by Russian darknet market, banks