APR 06, 2017 | US
Coalition for Responsible Cybersecurity, BSA | The Software Alliance Support Progress at Wassenaar Experts Group Meeting, but More Effort is Needed
WASHINGTON, DC—April 7, 2017—The Coalition for Responsible Cybersecurity, together with BSA | The Software Alliance, applauds the efforts of the U.S. government to return the issue of dual-use export controls on “intrusion software” to the 2017 Wassenaar Arrangement round of negotiations, for clarification and revision.
“The 2017 round of Wassenaar negotiations provides Wassenaar Arrangement member countries the opportunity to rescope and clarify these controls so that they reach only their intended targets, without having the kinds of unintended negative impact on cybersecurity tools and cyber incident response, data protection, data integrity, academic research and other concerns raised almost unanimously by industry, academia, and government,” said Alan Cohn, Of Counsel, Steptoe & Johnson LLP. “Requiring cybersecurity practitioners to obtain export control licenses prior to performing even basic remediation efforts is a recipe for disaster. Unless the Wassenaar Arrangement controls are meaningfully narrowed, network defenders will face significant time delays in their ability to respond to constantly evolving threats,” said Christian Troncoso, Director, Policy for BSA.
The Coalition and BSA urge the Wassenaar member nations to narrow and focus the controls on “intrusion software,” including revising the overbroad definition of “intrusion software” and limiting the controls on related critical cybersecurity software, hardware, technology, and information sharing. The Coalition and BSA also urge the Trump Administration to refrain from implementing the controls on intrusion software in the United States as currently written until these core defects in the Wassenaar Arrangement’s wording are resolved.
The Coalition and BSA encourage all Wassenaar member nations to engage broadly with industry, academia, and researchers to craft meaningful changes to the controls on “intrusion software,” take seriously the concerns raised in these letters, and commit to renegotiating the flawed provisions to ensure that global cybersecurity is not put at risk.
Background: The Wassenaar Arrangement is a 41-country international export control agreement. In 2013, “intrusion software” controls were added to the Wassenaar Arrangement’s list of dual-use technologies that members must subject to export controls. While well intentioned, the provisions were imprecisely drafted and as written would subject core defensive technologies and products to onerous licensing requirements that would advantage our adversaries by grinding much-needed cybersecurity activity and research to a halt. In some countries that have adopted the current Wassenaar language, the controls have also been ineffective in actually reaching their intended targets—barring specific companies from exporting specific tools to specific end-users for specific purposes—and international implementation and enforcement of the controls has been widely divergent and inconsistent. Governments, industry, academia, and the cybersecurity research community worldwide have all raised similar concerns about the controls.
The Coalition for Responsible Cybersecurity represents a broad cross-section of cybersecurity companies, including Symantec, Ionic Security, Intel, Microsoft, FireEye, Raytheon, Philips, and others.
BSA | The Software Alliance is an association of the world’s leading software companies that promotes policies that foster innovation, growth, security, and a competitive marketplace.
Steptoe & Johnson LLP Alan Cohn, 202-429-6283 and Meredith Rathbone, 202-429-6237 firstname.lastname@example.org, email@example.com
BSA | The Software Alliance Christian Troncoso firstname.lastname@example.org
BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者，旨在代表该行业，向政府和国际市场发声。其成员包括全球最具创新力的公司，这些公司制定的软件解决方案，不但能够刺激经济，还能提升现代生活的品质。
BSA 的总部位于华盛顿特区，其营运机构遍布 30 多个国家。BSA 凭借这些机构，率先涉足合规项目，以期促进使用合法软件、倡导制定公共政策，并以此培养技术创新能力，以及推动发展数字经济。