From Yossi Melman at Haaretz.com
The change tightens oversight of “intrusion software” designed to break into smartphones and decipher encryption on digital devices. Companies specializing in forensic cybertechnology will be affected most. That’s the field dealing with the development of software that helps law enforcement agencies collect evidence and reconstruct cellphone data in criminal investigations.
The treaty is known as the Wassenaar Arrangement, named after the Dutch city where it created in 1966, governs nine dual-use technologies and 22 categories of weaponry. The pact has its origins in the Cold War and was initially aimed at preventing the transfer of information from NATO countries to the members of the Warsaw Pact, the Communist bloc led by the Soviet Union.
Now the Wassenaar Arrangment will regulate intrusion technologies. Anyone who wants to require wants to buy and sell to them to obtain a license.
Intrusive systems in the forensic cybertechnology world exploit operating systems’ weaknesses to install malware and Trojan horses. One of the most prominent companies in the field is the controversial Israeli firm the NSO Group, which developed a software tool a decade ago called Pegasus that makes use of weaknesses in the design of smartphones to extract data by circumventing the phones’ security systems.
That is expected to make it more difficult for law enforcement (because the need for a license could delay time-sensitive investigations). But it will also make life harder for the tech firms in the field (because the licensing requirement will make it more difficult for them to do business).