wordpress blog stats
Connect with us

Hi, what are you looking for?

New US rules are supposed to curb Pegasus-like spyware from getting in the wrong hands

The limits imposed on spyware exports by the US government could be a crucial step that ushers in global moratoriums.

Export controls have been announced by the United States (US) in an interim measure for products that can be used for “malicious cyber activities”, according to a press release by the US government’s commerce department. It means that American exporters will need a license to sell cybersecurity products to countries of national security or weapons of mass destruction concern, it added.

The license will also be necessary for countries under a U.S. arms embargo. Cybersecurity items include hacking and surveillance tools like the Pegasus spyware. The new rules will be effective in 90 days as the department’s Bureau of Industry and Security (BIS) has requested public comments. 

The clandestine nature of surveillance technology came under fire in the aftermath of the Pegasus Project’s revelations. Many rights groups demanded tighter export controls and moratoriums on the sale of such technology to states with a poor human rights record. The US government’s proposed rules could be a response to these demands as it is one of the leading cybersecurity exporters in the world. 

Details of the proposed rule

  • BIS has explained that end users targeted by this interim rule include a ‘government end user’. 
  • The License Exception ACE imposes an end-use restriction in situations where the exporter has reason to believe that the ‘cybersecurity item’ will be used to affect the confidentiality and integrity of information without authorisation from the owner at the time of export.  
  • US exporters must refer the US State Department’s guiding principles for transactions involving foreign government for surveillance products to minimise the risk of misuse by governments to violate or abuse human rights.
  • The rule is complex by design, as per The Verge. The website adds that if the software is specifically for cyber defense and not sold to anyone associated with the government, no license would be needed.
  • The Commerce Department has export controls on products containing encryption, so the new rule applies to products that do not contain encryption, Washington Post reported.

Why is the US late to align with the Wassenaar Agreement?

The Wassenaar Arrangement is a voluntary export control regime that sets rules on the export of dual-use (civilian & military) technologies. It has 42 participating countries including India. 

The proposed rules are not meant to create roadblocks for American researchers from working with overseas colleagues and cybersecurity firms, according to a Washington Post report. 

The delay was a result of BIS’s concerns of impeding legitimate cybersecurity work which sees a lot of cross-border exchanges. Therefore, the rule had been in the works for years but government officials feel they have reached the right balance with the proposed rules, the report added. 

Advertisement. Scroll to continue reading.

Overview of developments on export of surveillance tech in the past

October 2020: The US State Department released due diligence guidelines for American companies exporting products, including surveillance software abroad.

July 2021: The US, UK, EU and allies released a joint statement accusing China of carrying out malicious cyber activities and has urged Chinese authorities to address the situation.

July 2021: WhatsApp’s chief executive officer Will Cathcart urged governments to step in and impose a complete moratorium on the spyware industry in an interview with The Guardian in the wake of the Pegasus project‘s revelations.

September 2021:  UN High Commissioner Michelle Bachelet, at the EU’s Committee on Legal Affairs and Human Rights, said that it was time for a pause. She said that until compliance with human rights standards can be guaranteed, governments should implement a moratorium on the sale and transfer of surveillance technology.

India’s purported misadventure

A couple of months ago, a cyber espionage campaign by India targeted government and telecom entities in China and Pakistan, according to a report by Forbes.

The aforementioned new rules would have made it difficult for India to go through with this attack.  India used zero day vulnerabilities sold by Exodus Intelligence, a zero day exploit broker based in Austin, Texas, to run a campaign from June 2020 to April 2021. Exodus cut off’ India from buying its zero day exploit research.

Advertisement. Scroll to continue reading.

Zero day exploit brokers are companies that sell information about crucial software vulnerabilities and software which could exploit them.

Also read: 

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ