entity list – Techdirt (original) (raw)

Stories filed under: "entity list"

State Dept. Expands NSO Group-Targeting Ban To Include Anyone Who Misuses Commercial Malware

from the NSO-inadvertently-making-the-world-a-better-place dept

Well, NSO Group really made a mess of this for everyone. Ever since the devastating leak showing its customers routinely targeted journalists, government critics, dissidents, and human rights activists (you know, rather than the violent criminals and terrorists they said they’d use the spyware to track), things have gone from bad to worse to career-ending for the Israeli malware purveyor.

NSO had always been controversial, given its predilection for selling powerful phone exploits to some of the worst governments in the world. But it had managed to remain profitable and un-sanctioned for years, despite its willingness to get in bed with whatever autocrat would have it.

That all changed following the leak… which was then followed by a never-ending stream of negative press. Investigations into the company were initiated by several world governments, including NSO’s own, which also took the unprecedented step of limiting who the company could sell to.

NSO and one of its Israeli-based competitors, Candiru, also found themselves on the receiving end of a US State Department blacklisting late in 2021. The stated reason for this ban? NSO and Candiru were considered a threat to US national security.

The ERC determined that NSO Group and Candiru be added to the Entity List based on § 744.11(b) of the EAR: Entities for which there is reasonable cause to believe, based on specific and articulated facts, that the entity has been involved, is involved, or poses a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the United States and those acting on behalf of such entities. Specifically, investigative information has shown that the Israeli companies NSO Group and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.

Being Candiru or NSO Group is its own problem. With the latest move by the US State Department (prompted by two years of reports of abusive targeting), certain users of these companies’ spyware are no longer welcome in the United States.

This visa restriction policy is pursuant to Section 212 (a)(3)(C) of the Immigration and National Act, and allows the Department of State to implement visa restrictions for (1) individuals believed to have been involved in the misuse of commercial spyware, to target, arbitrarily or unlawfully surveil, harass, suppress, or intimidate individuals including journalists, activists, other persons perceived to be dissidents for their work, members of marginalized communities or vulnerable populations, or the family members of these targeted individuals; (2) individuals believed to facilitate or derive financial benefit from the misuse of commercial spyware described in prong (1) above, including but not limited to developing, directing, or operationally controlling companies that furnish technologies such as commercial spyware to governments, or those acting on behalf of governments, that engage in activities as described in prong (1) above; and (3) the immediate family members of individuals subject to the restrictions in prongs (1) and (2) above. For purposes of this policy, “immediate family members” include spouses and children of any age.

Malware abusers and their families: that’s potentially a whole lot of people who will have a bit more trouble traveling to or staying in the Land of the Free. And it’s all due to NSO Group and its unwillingness to keep its products out of the hands of serial human rights abusers. The company may state otherwise when approached for comment, but none of this would have happened if it hadn’t decided it was somehow OK to cash checks from autocrats.

Of course, while the policy is certainly tough enough, it’s difficult to see it being a particularly effective deterrent. People who like abusing human rights (and targeting dissidents, activists, journalists, etc.) aren’t going to stop doing it just because of some visa complications. On top of that, it’s extremely difficult to identify who exactly is behind malicious spyware deployments. In most cases, an educated guess will only point in a government’s direction. It’s almost impossible to pinpoint the origin of malware attacks because that’s pretty much the point of these products: to be undetectable and un-attributable if discovered.

Still, it’s the thought that counts, especially when the thought is now part of US foreign policy. And while it’s unlikely to make the worst governments in the world behave better, it might make malware purveyors think twice before handing out spyware to governments likely to abuse it. No company wants to be the one forced to answer uncomfortable questions poised by angry governments, especially when it knows the answers involve governments that aren’t above murdering and dismembering people who’ve displeased them.

Filed Under: entity list, malware, restricted visas, spyware, state departnment, surveillance
Companies: candiru, nso group

Israeli Malware Merchants NSO Group, Candiru Added To Commerce Department Export Blacklist

from the unwelcome-to-the-party,-pals dept

A couple of Israeli spyware purveyors have finally gotten themselves disinvited from the good graces of the federal government of the United States. The Commerce Department’s Bureau of Industry and Security has amended its export regulations to hand NSO Group and the more mysterious Candiru a “presumption of denial,” meaning they’ll have to prove they’re trustworthy again before US entities will be able to do business with them.

The new rules also make it more difficult for NSO and Candiru to sell their products using middlemen who aren’t affected by the regulations.

In addition, the ERC [End-User Review Committee] also determined that no license exceptions should be available for exports, reexports, or transfers (in-country) to the persons being added to the Entity List in this rule.

NSO and Candiru weren’t the only ones affected by this amendment, but they’re the most notable recipients of the export controls.

The ERC determined that NSO Group and Candiru be added to the Entity List based on § 744.11(b) of the EAR: Entities for which there is reasonable cause to believe, based on specific and articulated facts, that the entity has been involved, is involved, or poses a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the United States and those acting on behalf of such entities. Specifically, investigative information has shown that the Israeli companies NSO Group and Candiru developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.

Also added to the blacklist were two other malware purveyors located in countries the United States has a much frostier relationship with.

The ERC determined that Positive Technologies, located in Russia, and Computer Security Initiative Consultancy PTE. LTD., located in Singapore, be added to the Entity List based on their engagement in activities counter to U.S. national security. Specifically, these entities traffic in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.

US companies and agencies will now have to approach the Commerce Department and ask for permission to purchase exploits from these companies, with the presumption being that their requests will be denied. This effectively shutters a large and presumably profitable market for these companies. It also prevents US-based exploit developers from selling their discoveries to any of the affected companies. And it’s just another reputational hit for NSO Group, which has been remarkably resilient, considering its now fighting a PR battle on multiple fronts while being dragged down by its long, sordid past.

That hasn’t stopped it from complaining that this blacklisting is unfair. Here’s the statement it gave to The Record after the publication of the export regulation amendment.

NSO Group is dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed.

We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based the American values we deeply share, which already resulted in multiple terminations of contacts with government agencies that misused our products.

That is hilarious. It will be fun seeing how NSO proves it has the “world’s most rigorous compliance and human rights program” after it has been observed selling its products to countries with dismal human rights records. Combine that statement with its defense that it has no “visibility” into how its customers use its products and it’s pretty clear the “rigorous compliance program” NSO claims to have is about 50% delayed reaction and 50% bullshit.

Filed Under: commerce department, entity list, export regulations, malware, spyware
Companies: candiru, nso group

Google Joins The Evidence-Optional Assault On Huawei

from the intercontinental-blackballing dept

Tue, May 21st 2019 06:26am - Karl Bode

So we’ve noted several times now how the US efforts to blacklist Huawei from global telecom markets haven’t much in the way of, oh, supporting evidence. The Trump administration and FCC have taken all manner of actions to try and blackball the company, from pressuring U.S. carriers to drop plans to sell Huawei phones to the FCC’s decision to ban companies from using Huawei gear if they want to receive federal subsidies.

The underlying justification for these moves has centered on the idea that Huawei operates as a surveillance extension of the Chinese government, something that still hasn’t been proven despite a decade’s worth of claims to this effect, and an eighteen month investigation by the White House.

That’s not to say the Chinese government is an innocent little daisy. Nor is it meant to suggest that it’s impossible that Huawei spies on Americans. But the lack of any actual public evidence of spying remains troubling all the same, given that if the shoe were on the other foot, there’d be no shortage of face-fanning consternation on the part of American politicians and industry.

Enter Google, which this week decided that it’d be joining the evidence-optional festivities by announcing it would be severing Huawei’s Android license. The move forces Huawei to rely on the Android Open Source Project (AOSP), cutting it off from critical Google apps and services. The move, as Reuters notes, could prove devastating for one of the nation’s biggest smartphone manufacturers:

“The suspension could hobble Huawei?s smartphone business outside China as the tech giant will immediately lose access to updates to Google?s Android operating system. Future versions of Huawei smartphones that run on Android will also lose access to popular services, including the Google Play Store and Gmail and YouTube apps.”

As some were quick to note, the move may actually prove to be counterproductive, given the negative impact it could have on deploying timely security updates:

It would be in the national interest for @CommerceGov to exempt and allow cooperation with Huawei on cybersecurity efforts, specifically regarding Android fixes and the technologies used to deploy them.

Ostensibly these regulations are in the name of cybersecurity, after all. https://t.co/rlpntx5U1G

— Dan Kaminsky (@dakami) May 19, 2019

For its part, Google stated it was simply complying with the US Commerce Department?s decision to place Huawei on the ?Entity List,” a move that was justified as essential to ensuring network security. But the company largely ignored any criticism that such a move might actually undermine end-user security. And in the press, it’s almost bizarre how few reporters have noticed that public evidence of spying allegations is nonexistent:

The US has presented exactly

zero

evidence of Huawei devices being a greater security risk than any other Android phones. This is arbitrary, punitive, and hypocritical.https://t.co/KgxPA0auK7

— Vlad Savov (@vladsavov) May 20, 2019

It’s perfectly fine if your gut tells you Huawei is a surveillance proxy for the Chinese government, but that’s not the same as evidence. Also lost in this conversation is the fact that companies like Cisco have a long history of trying to gin up lawmaker hysteria on this subject for competitive advantage, or that this blackballing effort just mysteriously materialized at the same time US gear makers were worried about competing with cheaper Chinese gear as they rush to secure international fifth-generation (5G) network contracts.

Again, perhaps Huawei really is a spy and the last decade of similar hand-wringing is perfectly justified. But if that’s the case, it shouldn’t be hard to provide some public evidence supporting that allegation. And while some of the concern about Huawei may very well be driven by legitimate national security concerns, another significant chunk of these efforts is pretty clearly driven by good old vanilla protectionism. To ensure US policy is being driven more by the former than the latter, it might be a good idea if the press stopped playing parrot and demanded a little more in the way of actual proof.

Filed Under: android, china, donald trump, entity list, protectionism, security, us, white house
Companies: google, huawei