States must sign new Israeli spyware end-user declaration
The Defense Export Controls Agency (‘DECA’), a department of the Israeli Ministry of Defense, has tightened the control of cyber exports and published an updated version of the ‘End-User Declaration’. The development comes in the wake of allegations around the export of Israeli ‘spyware’ and the inclusion of the NSO Group, producer of the Pegasus surveillance software product, on the US BIS Entity List.
According to the Ministry of Defense, from now, ‘A state interested in acquiring a cyber or intelligence system is required to sign the declaration as a condition for issuing an export license. The updated user declaration was formulated by the Ministries of Defense and Foreign Affairs, as part of the State of Israel’s update of its export control policy with regard to cyber systems.’
It said that the update ‘is part of a series of measures taken in the last several years regarding cyber export controls. As part of the controls mechanism, Israel approves the export of cyber systems solely to governments for the purposes of investigation and prevention of terrorism and crime. Israel controls cyber exports in accordance with its legislation, which is based on the Wassenaar Arrangement.’
It added, ‘The updated declaration implements the policy of the Ministry of Defense to control the end use of cyber systems. The declaration obligates the acquiring state to restrict the use of cyber systems for the investigation and prevention of crime and terrorism. The definition of serious crime and terrorism has been clarified in the declaration.
‘The updated declaration also states circumstances under which the use of cyber systems is prohibited, and explicitly specifies the possible sanctions in the event of non-compliance with the obligations set forth in the declaration (including restricting the use of the cyber system or shutting down the system).’
https://www.gov.il/en/departments/news/mod-tightens-control-of-cyber-exports-6-december-2021