US cracks down on tools for foreign hacking

The Commerce Department on Wednesday took steps to crack down on the sale of certain hacking products used by foreign governments and other groups to surveil and repress individuals.

The agency’s Bureau of Industry and Security issued an interim final rule that establishes controls on the export, reexport or transfer of certain cybersecurity items, requiring a license to ship these products to any countries posing a national security or weapons of mass destruction risk, such as China and Russia.

Some governments banned: Users restricted from using these products, which include surveillance tools, would include governments posing a threat or subject to arms embargoes, and users who intend to use the products in a way that would compromise information systems without the owner’s permission.

“These items warrant controls because these tools could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it,” the rule reads.

Commerce Secretary Gina Raimondo said Wednesday that the rule was intended to protect human rights.

Some background: The rule was issued following growing concerns about the use of hacking tools by foreign governments for surveillance purposes.

Apple last month released emergency updates for many of its products following the discovery of a vulnerability that allowed Israeli company NSO Group to infect Apple products with spyware. The vulnerability was discovered when Citizen Lab was investigating a phone used by a Saudi Arabian activist that had been infected with NSO Group spyware.