The Department of Commerce’s Bureau of Industry and Security (BIS) is banning U.S. citizens from dealing with four companies the agency says acts against national security interests by trading and selling spyware and hacking tools to foreign governments.
In a new written rule, Commerce is amending its Export Administration Regulations (EAR) by adding four entities to the Entity List, which identifies groups where there is reasonable cause to believe they have been involved, are involved, or pose a significant risk to being or becoming involved in activities that run contrary to the national security interests of the U.S.
The four entities listed in the new rule are the NSO Group and Candiru in Israel, Positive Technologies in Russia, and Computer Security Initiative Consultancy PTE. LTD in Singapore.
“The End-User Review Committee (ERC), composed of representatives of the Departments of Commerce (Chair), State, Defense, Energy and, where appropriate, the Treasury, makes all decisions regarding additions to, removals from, or other modifications to the Entity List,” Commerce said.
ERC determined that NSP Group and Candiru are entities where there’s reasonable cause to believe they pose significant risk to U.S. national security and foreign policy interests. It cited information that the companies developed and supplied spyware to foreign governments which was used to target government officials, journalists, businesspeople, activists, academics, and embassy workers.
Positive Technologies and Computer Security Initiative Consultancy, meanwhile, were added to the list based on evidence that they “traffic in cyber exploits use to gain access to information systems, threatening privacy and security of individuals and organizations worldwide.”
“ERC determined that the conduct of the above described four entities raises sufficient concerns that prior review, via the imposition of a license requirement for exports, reexports, or transfers (in-country) of all items subject to the EAR involving these four entities and the possible issuance of license denials or the possible imposition of license conditions on shipments to these entities, will enhance BIS’s ability to prevent violations of the EAR or otherwise protect U.S. national security or foreign policy interests,” wrote Commerce.
Further, ERC says that no license exceptions should be available for exports, reexports, or transfers to persons added to the Entity List in the rule.