Overview
WorldECR quoted Peter Jeydel in "New surveillance rule 'a square peg in a round hole’?" — an article appearing in the publication's November issue. The piece discusses the implications of – and reactions to – a new interim final rule from the US Commerce Department's Bureau of Industry and Security (BIS).
The proposed rule would establish controls for "the export, reexport, or transfer (in-country) of certain items that can be used for malicious cyber activities" and create a license exemption: Authorized Cybersecurity Exports (ACE).
As BIS seeks public feedback on the rule's implications for American industry and cybersecurity, Jeydel comments that the rule is "highly technical and complex, but ultimately contains a mix of good news and bad for the cybersecurity community."
Jeydel continues that "While BIS states in its press announcement that the rule is only intended to regulate 'malicious cyber activities', its scope is broader than that. In at least its basic compliance obligations it will impact the entire cybersecurity sector…similar export controls have been in place for years in the EU and other jurisdictions… the US for its part has delayed implementation of this rule for years due to the controversy that has surrounded it."
In summarizing stakeholder sentiment, Jeydel says that "Many stakeholders (including some within the US government and other governments) have viewed this effort to impose export controls on 'intrusion software' items as fundamentally misguided, as the same cyber tools can be used either for positive (security) purposes or for nefarious (hacking or surveillance) purposes. Therefore, the critics say, it is like putting a square peg in a round hole to try to use export controls in this context."
The full article can be read at WorldECR (subscription required).