|
|
|
|
|
|
by notzuck
2428 days ago
|
|
|
Vupen turned into Zerodium. How would this law be enforced if (hypothetically) I took an encrypted pen drive to Zorodium's office, they like what I demo and pay me, they then resell. Who is tracking / investigating what just happened? How would they even know? Would getting an export license even be possible? |
|
|
For you selling to Zerodium, it would be the government agency in your country in charge of managing export controls. Unless you are bragging about it on social media, it is unlikely that they would know about you selling the exploit. As long as Zerodium doesn't tell your country about you selling the exploit, it will be very difficult for your country to find out (unless they investigate where you are getting tens of thousands of dollars from).
For Zerodium reselling, it primarily falls under the US Department of Commerce’s Bureau of Industry and Security (BIS). If they are selling to somebody nasty the Department of State's Bureau of International Security and Nonproliferation could be involved, along with Homeland Security. Since Zerodium is very public about buying and selling exploits, they are certainly on the radar of these agencies. If they don't see Zerodium applying for export licenses, they will investigate.
>Would getting an export license even be possible?
Contact your local government. It might be difficult to do so as an individual, so you could need to form a small company.