- The Washington Times - Thursday, July 30, 2015

An uproar over proposed export restrictions on software used to break into computers and smartphones has caused the Department of Commerce to go back to the drawing board.

Adjustments that had been proposed in May to the Wassenaar Arrangement, a multinational agreement concerning the export of weapons and so-called “dual-use” technology, drew fire from technologists who said adoption would hinder the work of security researchers whose access to those same tools would end up being restricted if the proposal was approved.

On Wednesday, however, the Commerce Department said it would revise the language amid hundreds of complaints.

“All of those comments will be carefully reviewed and distilled, and the authorities will determine how the regulations should be changed,” a spokesman for the Commerce Department told Reuters. “A second iteration of this regulation will be promulgated, and you can infer from that that the first one will be withdrawn.”

The U.S. had initially backed rewriting the rules of the arms contract in order to limit the spread of “intrusion software,” or applications that can be used to crack into networks and systems, as a means of restricting the flow of spyware to repressive regimes.

Opponents of the effort close to the tech sector were quick to condemn the language of the proposal, though, arguing that the adoption would erode access to the legitimate security tools used by professionals who audit systems in order to keep hackers out.

Symantec, the billion-dollar security firm headquartered in California, said that “the proposed rule would severely damage legitimate vulnerability research and security testing worldwide, and thus undermine our ability to protect our own networks and to innovate cybersecurity products and service.”

Google, Facebook and dozens others had come out against the proposal before the Commerce Dept. walked back this week, including Sen. Charles Schumer, New York Republican.

“From North Korea to Russia to [the Islamic State] to domestic hackers, cybersecurity threats to our power grids, banks, and private consumer information is under assault like never before, so our companies must have the ability to install and test the best defenses,” he said this week. “Unfortunately, when it comes to self-testing, a new federal rule is forcing companies and power utilities to fight the scourge of cyberattacks with one hand tied behind their backs.”

A spokesperson for the Commerce Department told The Hill there is no timetable yet for when the new rule will be proposed.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.


Click to Read More and View Comments

Click to Hide