BIS Adds 4 Companies to Entity List for 'Malicious' Cyber Activities
The Bureau of Industry and Security added four technology companies in Israel, Russia and Singapore to the Entity List for “acting contrary” to U.S. foreign policy and national security through “malicious cyber activities,” BIS said in a notice released Nov. 3. The companies either operate or supply technologies in the cyberintelligence and information security sectors and will be subject to a license review policy of presumption of denial for all items subject to the Export Administration Regulations. No license exceptions will be available for controlled exports to the four companies. The additions are effective Nov. 4.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
BIS said it added the two Israeli companies -- NSO Group and Candiru -- for developing and supplying spyware to foreign governments that then use the technologies to “maliciously target” government officials, journalists, businesspeople, activists, academics and embassy workers. The technologies have allowed authoritarian governments to target dissidents “outside of their sovereign borders to silence dissent,” the Commerce Department said. Russia, Turkey and others have reportedly used spyware produced by Candiru, and NSO Group has been accused of misusing spyware for hacking of human rights activists and journalists. NSO said it is "dismayed by the decision" by Commerce, "given that our technologies support U.S. national security interests and policies by preventing terrorism and crime." It said it will "advocate for this decision to be reversed," according to a Nov. 3 statement.
BIS added Russia’s Positive Technologies and Singapore’s Computer Security Initiative Consultancy to the Entity List because they “traffic in cyber exploits used to gain access to information systems,” which threatens the security of people and organizations “worldwide.” The Treasury Department sanctioned Positive Technologies in April for supporting Russian intelligence services (see 2104150019).
The additions are part of an effort to “stem the proliferation of digital tools used for repression,” Commerce said. They also come about two weeks after the agency announced new upcoming export controls on cybersecurity items to better restrict dangerous cyber technologies (see 2110200036 and 2110270019). Commerce Secretary Gina Raimondo said the agency is “committed to aggressively using export controls” to stop the proliferation of technologies “that threaten the cybersecurity of members of civil society, dissidents, government officials, and organizations here and abroad.”
All exports, reexports and transfers that now require a license as a result of the increased export restrictions that were aboard a carrier to a port as of Nov. 4 may proceed to their destinations under the previous eligibility, BIS said.