APR 06, 2017 | US
Coalition for Responsible Cybersecurity, BSA | The Software Alliance Support Progress at Wassenaar Experts Group Meeting, but More Effort is Needed
WASHINGTON, DC—April 7, 2017—The Coalition for Responsible Cybersecurity, together with BSA | The Software Alliance, applauds the efforts of the U.S. government to return the issue of dual-use export controls on “intrusion software” to the 2017 Wassenaar Arrangement round of negotiations, for clarification and revision.
“The 2017 round of Wassenaar negotiations provides Wassenaar Arrangement member countries the opportunity to rescope and clarify these controls so that they reach only their intended targets, without having the kinds of unintended negative impact on cybersecurity tools and cyber incident response, data protection, data integrity, academic research and other concerns raised almost unanimously by industry, academia, and government,” said Alan Cohn, Of Counsel, Steptoe & Johnson LLP. “Requiring cybersecurity practitioners to obtain export control licenses prior to performing even basic remediation efforts is a recipe for disaster. Unless the Wassenaar Arrangement controls are meaningfully narrowed, network defenders will face significant time delays in their ability to respond to constantly evolving threats,” said Christian Troncoso, Director, Policy for BSA.
The Coalition and BSA urge the Wassenaar member nations to narrow and focus the controls on “intrusion software,” including revising the overbroad definition of “intrusion software” and limiting the controls on related critical cybersecurity software, hardware, technology, and information sharing. The Coalition and BSA also urge the Trump Administration to refrain from implementing the controls on intrusion software in the United States as currently written until these core defects in the Wassenaar Arrangement’s wording are resolved.
The Coalition and BSA encourage all Wassenaar member nations to engage broadly with industry, academia, and researchers to craft meaningful changes to the controls on “intrusion software,” take seriously the concerns raised in these letters, and commit to renegotiating the flawed provisions to ensure that global cybersecurity is not put at risk.
Background: The Wassenaar Arrangement is a 41-country international export control agreement. In 2013, “intrusion software” controls were added to the Wassenaar Arrangement’s list of dual-use technologies that members must subject to export controls. While well intentioned, the provisions were imprecisely drafted and as written would subject core defensive technologies and products to onerous licensing requirements that would advantage our adversaries by grinding much-needed cybersecurity activity and research to a halt. In some countries that have adopted the current Wassenaar language, the controls have also been ineffective in actually reaching their intended targets—barring specific companies from exporting specific tools to specific end-users for specific purposes—and international implementation and enforcement of the controls has been widely divergent and inconsistent. Governments, industry, academia, and the cybersecurity research community worldwide have all raised similar concerns about the controls.
The Coalition for Responsible Cybersecurity represents a broad cross-section of cybersecurity companies, including Symantec, Ionic Security, Intel, Microsoft, FireEye, Raytheon, Philips, and others.
BSA | The Software Alliance is an association of the world’s leading software companies that promotes policies that foster innovation, growth, security, and a competitive marketplace.
Steptoe & Johnson LLP Alan Cohn, 202-429-6283 and Meredith Rathbone, 202-429-6237 firstname.lastname@example.org, email@example.com
BSA | The Software Alliance Christian Troncoso firstname.lastname@example.org
소프트웨어 연합(BSA | The Software Alliance, 이하 BSA)(www.bsa.org)은 각국 정부를 대상으로 세계 시장에서 전 세계 소프트웨어 업계를 대변하고 옹호하는 선도적 연합체입니다. 세계의 가장 혁신적 기업들이 회원사로 참여하며 경제에 활기를 불어 넣고 현대의 생활을 향상시키는 소프트웨어 솔루션을 만들어 내고 있습니다.
워싱턴 DC에 본부를 두고, 30개국이 넘는 국가들에서 운영되는 BSA는, 합법적 소프트웨어 사용을 증진시키고 기술 혁신을 촉진하며 디지털 경제의 성장을 추진하는 공공 정책을 지지하는 준법 프로그램들을 선도합니다.