• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

US Government Sets Rules for Hacking Tool Exports

October 22, 2021 By Josh Stuifbergen

The US Department of Commerce announced export controls on hacking tools used for surveillance. The aim is to curb access to authoritarian governments who have been identified for human rights violations and abuses. Any companies who intend to sell their wares abroad will need to acquire a License Exception Authorized Cybersecurity Exports (ACE). An additional license is required for any companies seeking to do business with a country of national security concern or subject to a US arms embargo.

This change comes several years after the department’s initial attempt to implement a similar rule. The business community and other stakeholders worried that the wording was too broad and could negatively impact the security community. After taking public comment, revisions now include certain exceptions for activities such as vulnerability disclosure and cyber incident response, among other changes. The rule will take effect 90 days from its October 20th, 2021 announcement.

This rule is a move in the right direction, and it offers clearer boundaries to organizations and companies seeking to sell services or share their research outside the US. The security industry has been rapidly evolving. Companies and individuals have increasingly walked a tight rope of domestic and international security laws. One example of this gray area researchers find themselves in is working for a private offensive security company in a foreign country. Kim Zetter’s Zero Day blog post features an interview with a former NSA staffer who went on to work for the private company DarkMatter in the United Arab Emirates (UAE). The company’s operations involved offensive surveillance operations on behalf of the UAE’s security agency against foreign states. These actions eventually led the Justice Department to convict several former US intelligence staff for breaking multiple laws. On the other end of the spectrum is an interview with Mark Dowd on the Risky Biz podcast, who talks about the legal zero-day industry and the relationship they have with selling to Five Eye countries.

Share This:

Related

Filed Under: Editorial Articles Tagged With: ACE, hacking tools, License Exception Authorized Cybersecurity Exports, US Department of Commerce

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • CISA Warns of Weaponized RMM Software
  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Report Roundup
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use