Security News > 2021 > October > Uncle Sam to clip wings of Pegasus-like spyware – sorry, 'intrusion software' – with proposed export controls

More than six years after proposing export restrictions on "Intrusion software," the US Commerce Department's Bureau of Industry and Security has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code.

The BIS on Wednesday announced an interim final rule that defines when an export license will be required to distribute what is basically commercial spyware, in order to align US policy with the 1996 Wassenaar Arrangement, an international arms control regime.

The rule [PDF] - which spans 65 pages - aims to prevent the distribution of surveillance tools, like NSO Group's Pegasus, to countries subject to arms controls, like China and Russia, while allowing legitimate security research and transactions to continue.

The Commerce Department said the US government "Opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that US companies are not fueling authoritarian practices."

"The Commerce Department's interim final rule imposing export controls on certain cybersecurity items is an appropriately tailored approach that protects America's national security against malicious cyber actors while ensuring legitimate cybersecurity activities."

The US in 2015 proposed placing export restrictions on cybersecurity tools, but encountered headwinds when the US cybersecurity industry objected, saying the rules were too broad and would interfere with security fixes.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/20/us_intrusion_software_rules/