Newly passed laws will drive the U.S. State Division to reveal how it polices the sale of cyber tools and services abroad.
The transfer followed an investigation that revealed that American intelligence contractors clandestinely assisted a foreign spying operation in the United Arab Emirates (UAE), helping the government to crack down on internal dissent.
The legislation directs the State Division to report to Congress within three months on how it controls the unfold of cyber tools and to reveal any action it has taken to punish firms for violating its policies.
Under U.S. law, corporations selling hacking services or products to foreign governments must first acquire permission from the State Division.
U.S. legislators and human rights advocates have grown more and more concerned that hacking skills developed for U.S. spy services are being bought overseas with meager oversight.
The provision was a result of a probe, congressional staffers said, which confirmed U.S. defense contractors ran a hacking group in the UAE referred to as Project Raven and that the State Division granted permission to three firms to help the Emirati government in surveillance.
A State Division spokesperson refused to remark. The agency beforehand said human rights issues are carefully weighed before such permits are issued; however, they declined to comment on the authorizations granted for Project Raven.
The UAE Embassy in Washington didn’t reply to a request for comment. A senior Emirati official in 2019 mentioned the nation held a “cyber capability” that it required to protect itself.
The brand new reporting guideline was part of the State Division’s 2020 budget bill passed into law by President Trump on December 20.