Latest in Cyber security

Image credit:

US backpedals on plan to regulate hacking software

Share
Tweet
Share
Save

Sponsored Links

After a huge outcry from the security community, the US government will re-write proposed regulations on software used to hack smartphones and computers, according to Reuters. The Department of Commerce wants to heavily restrict the development and testing of exploits, zero-days and other intrusion software, which sounds like a good thing on the face of it. However, security professionals discovered that it would've severely limited, and possibly even criminalized, research into surveillance software. That might have made internet security worse than ever by keeping such exploits confined to the black market.

The use of exploit software by governments exploded into prominence with news of a security breach of the Hacking Team. That outfit, which has supplied zero-day exploits to oppressive regimes like Sudan, was itself hacked, with the intruders stealing up to 400GB of data. That included virtually all the source code for its products and exploits, including zero-day attacks on software like Windows and Adobe Flash. Those vulnerabilities in turn forced companies like Microsoft to scramble to produce software patches.

The US Commerce Department stepped in around the same time with its proposed new legislation. Those rules will eventually form America's commitment to the 41-nation Wassenaar Arrangement designed to curb "weaponized" software. As security journalist Violet Blue reported earlier for Engadget, it's not just that the government got the rules wrong, they also don't seem to know what they were doing. "(Its) attempts to regulate are based on poor definitions such as 'intrusion software' and on jargon such as 'zero-days' and 'rootkits," said security expert Sergey Bratus.

The government gave interested parties until July 20th to comment, and companies like Black Hat and Google gave it an earful. Google called the rules "dangerously broad and vague," while Black Hat said they could "significantly restrict and/or eliminate the depth and types of research curated by many members of our security community, especially those that collaborate internationally."

G7 Leaders Meet For Summit At Schloss Elmau
President Obama recently called for stronger American cybersecurity

The Commerce Department told Reuters that "all comments will be carefully reviewed and distilled, and the authorities will determine how the regulations should be changed," a process it said could take months. It added that "a second iteration of this regulation will be promulgated, and you can infer from that that the first one will be withdrawn." From that, it's clear that the avalanche of complaints during the comment period had the intended effect. As Blue told us, "we're only nine days past the closing of the comment period, so it's kind of amazing to see (the US government) move so fast."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

Alienware's Aurora desktop and gaming monitors get a huge redesign

Alienware's Aurora desktop and gaming monitors get a huge redesign

View
US gives Huawei another 90 days to serve existing customers

US gives Huawei another 90 days to serve existing customers

View
Supreme's 'burner' phone is built for hypebeasts

Supreme's 'burner' phone is built for hypebeasts

View
'Superhot' and 'Hotline Miami' hit Nintendo Switch today

'Superhot' and 'Hotline Miami' hit Nintendo Switch today

View
Google stops sending Android cell signal data over privacy concerns

Google stops sending Android cell signal data over privacy concerns

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr