back to article Uncle Sam to clip wings of Pegasus-like spyware – sorry, 'intrusion software' – with proposed export controls

More than six years after proposing export restrictions on "intrusion software," the US Commerce Department's Bureau of Industry and Security (BIS) has formulated a rule that it believes balances the latitude required to investigate cyber threats with the need to limit dangerous code. The BIS on Wednesday announced an interim …

  1. Clausewitz 4.0

    It is good to limit some companies with dangerous capabilities

    It is good to limit some companies with dangerous capabilities.

    Unfortunately, a software developed "in-house" by officers cannot be regulated the same way, nor its partners can be restricted.

  2. sanmigueelbeer Silver badge

    if you want to sell Pegasus or similar device-penetration software, and you have a presence in the US, you need a license to sell to China, Russia, or the other covered governments

    This only restricts Pegasus.

    If, for example, China, Russia, Iran or NK happens to "stumble upon" the source code ... all bets are off.

    I think this is so "double standard" on the part of the US government -- BIS did not slap an "export control" over EternalBlue, did they?

    1. Anonymous Coward
      Anonymous Coward

      The rule is pure bullshit. Pegasus has been used by Turkey to spy on journalists on Canada, Turkey and other countries. It has been used by the Mexican government to spy on journalists investigating the murder of students. It has been used by the United Emirates to spy on journalists, dissidents and even US citizens. All of those countries won't be affected by this dummy legislation.

      And the countries it's supposed to ban have their own alternatives and won't reach for NSO to spy on whoever they want to spy.

  3. Potemkine! Silver badge

    Smoke and mirrors.

    Israel gets whatever it wants from Uncle Sam.

    1. Yet Another Anonymous coward Silver badge

      And now no US company will be able to compete with it and all it has to do is hire a separate company to handle sales and marketing on the USA

  4. Anonymous Coward
    Anonymous Coward

    One Nation Under Surveillance

    If Export licenses are forbidden then they're purely for keeping tabs on the local inmates?

    1. Anonymous Coward
      Anonymous Coward

      Re: One Nation Under Surveillance

      Not at all. The US is free to deploy it against anyone they like, apparently, just not *sell* it to "bad actors."

      For all the bleating about China's firewall and surveillance, the US and even more so the UK seem to be just trying to distract from what they do themselves on a much LARGER scale than China...

      The whole "Five Eyes" agreement is a sham, for that matter. Everyone promises not to spy on their own citizens under the agreement. They say nothing about spying on their partner's citizens and reporting back to their home countries.

      Funny how much of international politics and policies is about "feel good" statements that everybody makes sure are phrased such that THEY can skirt the rules...

  5. hammarbtyp

    We constantly have to make changes to our systems to cover the export control requirements of the Wassenaar Arrangement. Basically there is a clause that says any device that can encrypt to a certain level, arbitrary data needs an export license.

    Problem is that while we have to extra cost in both admin and development to ensure we meet the export controls, the actual standard is so out of date that the level of encryption specified is easily available through open source software. So it is not so much the horses have bolted, but they have settled down and have families.

    The agreement is an artifact of the cold war, where the US government thought they could control such information. Maybe it was feasible in the 1990's, but it is far harder to do so today. However it puts a cost and burden on manufacturers to show they have put a finger over a hole in a sieve

    1. iron Silver badge

      As someone who broke the crypto laws regularly in the 90s with the help of PGP, no it wasn't feasible.

  6. amanfromMars 1 Silver badge

    Strewth! Still Stuck Steadfast and Fast in the Past

    The fact that there be those who think that they can practically sanction and effectively prevent dangerous cyber threat/treat actors from exercising and exploiting what they discover/uncover/invent, tells everyone with skin in the field that such forces have catastrophically failed to grasp and comprehend the already changed and rapidly evolving state of present and future virtually augmented realities for live media programming ....... which you might like to realise is the ubiquitous lever and portal through which Jane Doe and Joe Sixpack both receive and can distribute their sets of instructions for employment/enjoyment and which some many leading systems use for current mentoring and real-time monitoring of progress ‽ .

  7. You aint sin me, roit

    To paraphrase gun control opponents

    If you outlaw intrusion software then only outlaws will have intrusion software.

    And rogue nation states... and the US... and the UK... and anyone else NSO will sell to...

    Fine words though. Fine words.

  8. Jimmy2Cows Silver badge

    ensure that US companies are not fueling authoritarian practices

    Better not sell to the UK then. I only wish I were joking. All our recent governments seem hell bent on becoming more and more authoritarian, while claiming to support freedom and democracy. Just as a "democratic republic of..." dictatorship tends to.

  9. Fred Flintstone Gold badge

    Ah yes, export controls.

    Because that worked oh so well in the past., surely.

    Those who fail to learn from history are doomed to repeat it..

  10. Anonymous Coward
    Anonymous Coward

    Ah, I see they're still trying to prop up the facade that Israeli companies like NSO aren't really skunkworks organizations for doing the work that is ILLEGAL on US ground.

    1. jtaylor

      "Ah, I see they're still trying to prop up the facade that Israeli companies like NSO aren't really skunkworks organizations for doing the work that is ILLEGAL on US ground."

      Do you mean that Israel is unusual in having companies that are façades? That seems an odd place to draw the line. And what do you mean by "façade?" Companies that do things where they are legal and not where they are illegal? What's your suggested alternative? Companies that do things illegally?

      1. Anonymous Coward
        Anonymous Coward

        I love it when people try to claim I said all kinds of things I didn't.

        Israel and its businesses are well known pawns of the US interests, and the US is well known funder and fund raiser for those operations. One need only pay attention to security headlines to see how often Israel's technology has been abused by US police forces and the like to realize Israel is the skunkworks country where all the work that would get shut down quickly on US soil gets done.

        The US and their "intelligence" operations have many such connections in the world. When they want to do something illegal, they FIND ways to make it happen while keeping their own hands clean.

  11. nijam Silver badge

    > clip wings of Pegasus-like spyware with proposed export controls

    Well, that will work. I'm sure it will.

  12. Anonymous Coward
    Anonymous Coward

    How much hypocrisy and misdirection do I have to take?

    Quote: ".....the US government 'opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities...' "


    ......except when it's the US government itself engaged in "misuse".


    See Edward Snowden for details! Oh....and what about the cosy relationship between Cisco and the NSA?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like