State Department reverses course on cybersecurity exports
After听nearly 10听months of intense pressure听from cybersecurity experts,听the Obama administration will send the State Department to听renegotiate a controversial听arms control听agreement meant to limit surveillance听software exports.
The decision represents a turnabout for the State Department, which had resisted reopening talks with the 41 nations that are signatories of the Wassenaar Arrangement. But after widespread criticism that the trade pact would hamper the trade of legitimate security software, the US is aiming to return to the negotiating table.
"There is simply no way to interpret the plain language of the text in a way that does not sweep up a multitude of important security products,"听said Rep. Jim Langevin (D) of Rhode Island听. "The Administration is staking out a clear position that the underlying text must be changed."
Representative Langevin says National Security Advisor Rice also became a strong factor in swaying Foggy Bottom to renegotiate the deal.听Obama听administration听officials听unanimously听called听for听a new agreement at a meeting last week.
The controversy around听Wassenaar began heating up last May听when the Department of Commerce released proposed export regulations based on the pact's terms. Experts feared the broad language in the proposed rules would even ban听some cybersecurity researchers in the US from jointly conducting security work abroad.
In addition to cybersecurity experts, US lawmakers and听Department of听Homeland Security officials also worried that听Wassenaar's language听could听limit听threat information-sharing initiatives and damage domestic security.
At a congressional hearing in January, the State Department publicly opposed renegotiating Wassenaar 鈥 citing the difficulty of signing another deal with the 31听countries听that听had already adopted the听terms. Instead, the agency had hoped听to satisfy critics by creating听exemptions听in the trade restrictions.
But听those听claims were met with Congressional skepticism. Soon after the hearing, however, State Department officials听reached out to industry experts to work on a new proposal.听
"The [House Oversight] hearing hammered home the national security implications of the Wassenaar language," said Katie Moussouris, the chief policy officer of the bug bounty firm HackerOne.
A vocal critic of the regulations, Ms. Moussouris听was one of the industry experts called in to work on听the听new proposal. She says the听new听draft language shifts the focus of the Wassenaar听guidelines with a narrower focus on听surveillance software itself.
Moussouris cautions that the State Department鈥檚 evolving position on cybersecurity exports does not mean the issue is closed. Other nations will still have to agree to change.
"We鈥檒l consider the issue settled when we see it settled," she said.
听
