More like this

Business

Arrow

Government

Get ready to tear into next round of hacker tool rules in Wassenaar Arrangement refresh

Public consultation to be held on rewritten draft update

The US government has said it will give everyone the chance to pull apart its latest attempt at redrafting its implementation of the Wassenaar Arrangement.

That arrangement is a pact governing the export of weaponry between participating nations, including America. An earlier proposed update to the text included a blanket ban on tools used by security researchers to test software and networks – a move that sparked outcry.

There are a variety of utilities, such as network mappers and fuzzers, that are used by hackers, but are also essential tools for the cybersecurity industry, and these would have been banned from export under the proposed tweaks.

Then, mid-2015, the US government said it had heard all the complaints against the changes, and agreed to go back to the drawing board. Now it's confirmed there will be a public consultation on the next draft update.

"Stakeholders raised serious concerns regarding the scope of the draft rule to implement the 2013 Arrangement among the 41 Wassenaar party states on intrusion software during the proposed rule comment period," said Caroline Tess, the senior director of legislative affairs for the US National Security Council in a newly released letter [PDF].

"As a result, the Department of Commerce has advised that it will not issue a final rule until at least one more round of public comment on a revised draft rule."

The letter was a response to the request for a complete rethink by Representative Jim Langevin (D-RI) and Michael McCaul (R-TX), co-chairman of the Congressional Cybersecurity Caucus. In addition, over 100 members of Congress also signed the letter protesting the rule changes.

"I thank Ambassador Rice for re-engaging the National Security Council on this important issue," said Langevin.

"It is clear that the original proposed rule would have 'come at the expense of legitimate cybersecurity activities'; closer NSC involvement will help a revised rule steer clear of these pitfalls. However, as we learned at the Homeland Security Committee hearing last month, the underlying problem may lie in the Arrangement language itself, meaning the only solution may be to go back to Wassenaar and renegotiate."

That's going to be a tricky proposition – negotiations between the 41 member states would be trickier than herding cats. The US government would, no doubt, prefer to simply rewrite the initial poorly worded draft. ®

Sponsored: 2016 Cyberthreat defense report