State Department reverses course on cybersecurity exports
The State Department aims to renegotiate an international pact designed to limit exports of surveillance software – bowing to pressure from Obama administration officials and cybersecurity experts.
The State Department aims to renegotiate an international pact designed to limit exports of surveillance software – bowing to pressure from Obama administration officials and cybersecurity experts.
AfterÌýnearly 10Ìýmonths of intense pressureÌýfrom cybersecurity experts,Ìýthe Obama administration will send the State Department toÌýrenegotiate a controversialÌýarms controlÌýagreement meant to limit surveillanceÌýsoftware exports.
The decision represents a turnabout for the State Department, which had resisted reopening talks with the 41 nations that are signatories of the Wassenaar Arrangement. But after widespread criticism that the trade pact would hamper the trade of legitimate security software, the US is aiming to return to the negotiating table.
"There is simply no way to interpret the plain language of the text in a way that does not sweep up a multitude of important security products,"Ìýsaid Rep. Jim Langevin (D) of Rhode IslandÌýin a statement. "The Administration is staking out a clear position that the underlying text must be changed."
Representative Langevin says National Security Advisor Rice also became a strong factor in swaying Foggy Bottom to renegotiate the deal.ÌýObamaÌýadministrationÌýofficialsÌýunanimouslyÌýcalledÌýforÌýa new agreement at a meeting last week.
The controversy aroundÌýWassenaar began heating up last MayÌýwhen the Department of Commerce released proposed export regulations based on the pact's terms. Experts feared the broad language in the proposed rules would even banÌýsome cybersecurity researchers in the US from jointly conducting security work abroad.
In addition to cybersecurity experts, US lawmakers andÌýDepartment ofÌýHomeland Security officials also worried thatÌýWassenaar's languageÌýcouldÌýlimitÌýthreat information-sharing initiatives and damage domestic security.
At a congressional hearing in January, the State Department publicly opposed renegotiating Wassenaar – citing the difficulty of signing another deal with the 31ÌýcountriesÌýthatÌýhad already adopted theÌýterms. Instead, the agency had hopedÌýto satisfy critics by creatingÌýexemptionsÌýin the trade restrictions.
ButÌýthoseÌýclaims were met with Congressional skepticism. Soon after the hearing, however, State Department officialsÌýreached out to industry experts to work on a new proposal.Ìý
"The [House Oversight] hearing hammered home the national security implications of the Wassenaar language," said Katie Moussouris, the chief policy officer of the bug bounty firm HackerOne.
A vocal critic of the regulations, Ms. MoussourisÌýwas one of the industry experts called in to work onÌýtheÌýnew proposal. She says theÌýnewÌýdraft language shifts the focus of the WassenaarÌýguidelines with a narrower focus onÌýsurveillance software itself.
Moussouris cautions that the State Department’s evolving position on cybersecurity exports does not mean the issue is closed. Other nations will still have to agree to change.
"We’ll consider the issue settled when we see it settled," she said.