GENERAL TECHNOLOGY NOTE
The export of "technology" which is "required" for the "development", "production" or "use" of items controlled in the Dual-Use List is controlled according to the provisions in each Category. This "technology" remains under control even when applicable to any uncontrolled item.
Controls do not apply to that "technology" which is the minimum necessary for the installation, operation, maintenance (checking) or repair of those items which are not controlled or whose export has been authorised.
Controls do not apply to "technology" "in the public domain", to "basic scientific research" or to the minimum necessary information for patent applications.
GENERAL SOFTWARE NOTEThe Lists do not control "software" which is any of the following:1. Generally available to the public by being:a. Sold from stock at retail selling points without restriction, by means of:
- Over-the-counter transactions;
- Mail order transactions;
- Electronic transactions; or
- Telephone call transactions; and
b. Designed for installation by the user without further substantial support by the supplier;
From page 72-74:Note: Entry 1 of the General Software Note does not release "software" controlled by Category 5 - Part 2 ("Information Security").2. "In the public domain"; or
3. The minimum necessary "object code" for the installation, operation, maintenance (checking) or repair of those items whose export has been authorised.
Note: Entry 3 of the General Software Note does not release "software" controlled by Category 5 - Part 2 ("Information Security").
DUAL-USE LIST - CATEGORY 4 - COMPUTERS
4.A SYSTEMS, EQUIPMENT AND COMPONENTS
4.A.5. Systems, equipment, and components therefor, specially designed or modified for the generation, operation or delivery of, or communication with, "intrusion software".
4.D SOFTWAREPage 209 defines "intrusion software" :
Note: The status of "software" for equipment described in other Categories is dealt with in the appropriate Category.
4.D.1. "Software" as follows:
a. "Software" specially designed or modified for the "development" or "production" of equipment or "software" specified by 4.A. or 4.D.
4.D.2. "Software" specially designed or modified to support "technology" specified by 4.E.
4.D 4. "Software" specially designed or modified for the generation, operation or delivery of, or communication with, "intrusion software".
4. E. TECHNOLOGY
4. E. 1. "Technology" as follows:
1. "Technology" according to the General Technology Note, for the "development", "production" or "use" of equipment or "software" specified by 4.A. or 4.D.
c. "Technology" for the "development" of "intrusion software".
DEFINITIONSa. The extraction of data or information, from a computer or network- capable device, or the modification of system or user data; or
Cat 4 "Intrusion software"
"Software" specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network- capable device, and performing any of the following:
b. The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.
- "Intrusion software" does not include any of the following:a. Hypervisors, debuggers or Software Reverse Engineering (SRE) tools;
b. Digital Rights Management (DRM) "software"; orc. "Software" designed to be installed by manufacturers, administrators or users, for the purposes of asset tracking orrecovery.
- Network-capable devices include mobile devices and smart meters.
Technical Notes1. 'Monitoring tools': "software" or hardware devices, that monitor system behaviours or processes running on a device. This includes antivirus (AV) products, end point security products, Personal Security Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) or firewalls.
2. 'Protective countermeasures': techniques designed to ensure the safe execution of code, such as Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) or sandboxing.