The European Union has classified spyware as a restricted item requiring an export license, much like weapons:
Companies which make spyware will have to apply for permission to export the software once new EU regulations come into effect in late December.
Officially referred to as “intrusion software”, the software will now be included on the EU’s list of “dual use” items, defined as “goods, software and technology normally used for civilian purposes but which might have military applications or contribute to the proliferation of weapons of mass destruction.”
The restriction means that companies will have to apply for a licence to export spyware, although it doesn’t affect the sale of the software within the UK. Inclusion on the dual-use list places the technology alongside nuclear reactors, ultra-high-resolution cameras, and rocket fuel.
While the regulation is implemented by the European commission, the British government supports the restriction of spyware. “The UK has made it clear over the last two years that we believe that while these kind of technologies do have legitimate uses, they also pose threats to national security and to human rights and should be subject to export controls,” said a spokesperson for the Department for Business, Innovation and Skills.
Hopefully, this the export of such software to repressive regimes, as FinFisher did with its FinFish spyware, which it probably exported to Egypt, Bahrain, Ethiopia, etc.
Additionally, I hope that it will serve to also restrict the use of such programs by commercial entities.
Things like tracking cookies, and Verizon’s new “super cookies”, should be included in this category.