The U.S. Wants to Crack Down on Sales of Commercial Hacking Tools for Obvious Reasons

After a slew of hacking scandals involving private surveillance companies, the U.S. is looking to impose new restrictions on the sale of commercial hacking tools—in the hopes of clamping down on abuse perpetuated by the industry.

© Photo: KIRILL KUDRYAVTSEV/AFP (Getty Images)

On Wednesday, the Commerce Department announced a rule change that will put new limitations on the resale or export of “certain items that can be used for malicious cyber activities.” This applies to tools used to infiltrate digital systems and conduct surveillance—such as the notorious commercial spyware, Pegasus—as well as other hacking and “intrusion” software, the Washington Post first reported. The rule, which has reportedly been in development for years, will be put into effect in 90 days.


Load Error

While the intricacies of the new 65-page rule are somewhat thorny, the biggest result is a new license requirement for American companies that want to sell hacking tools to countries “of national security or weapons of mass destruction concern,” as well as to “countries subject to a U.S. arms embargo,” the Commerce Department’s announcement says. Roughly translated, this means that America’s biggest geopolitical rivals—namely, Russia and China—are on that list, along with a few others. Firms that wish to sell hacking tools to those countries will now have to acquire a special license from the Commerce Department’s Bureau of Industry and Security. Requests for such licenses will be reviewed on an individual basis to determine whether they are appropriate.

“The United States Government opposes the misuse of technology to abuse human rights or conduct other malicious cyber activities, and these new rules will help ensure that U.S. companies are not fueling authoritarian practices,” the announcement states.

The new changes, while apparently long percolating, come on the heels of multiple, high-profile hacking scandals that have threatened human rights and involve malicious cyber activities. Most prominently, the spyware firm NSO Group has been at the center of ongoing controversy, spurred by the publication of a large journalistic investigation detailing