Lawmakers worried anti-hacking regs could hurt national security
April 26, 2016
Shah Sheikh (1294 articles)

Lawmakers worried anti-hacking regs could hurt national security

House lawmakers are worried an international deal that limits the export of anti-hacking technologies could hurt national security.

The State Department is in the process of renegotiating the so-called Wassenaar Arrangement, a 41-nation pact that governs those exports. At issue is language designed to keep hacking tools out of the hands of repressive regimes. Critics have long warned that vague definitions within the agreement could restrict companies’ ability to use legitimate tools to test and fortify their own defenses.

Now, legislation approved by the House Armed Services Emerging Threats and Capabilities Subcommittee expresses fears that the restrictions will also hamstring the Pentagon.

“The committee believes restricting export of these technologies may negatively impact use of such products for national security purposes,” the House version of the 2017 defense spending bill read, which was forwarded to the full committee by voice vote last week.

The current language of the bill directs the Defense secretary to brief the Armed Services committee on the impact of the agreement on the department’s operations, “including efforts to support alliance partners or otherwise build partner capacity with friendly nations,” by March 1, 2017.

In 2013, the State Department agreed to a series of amendments to the Wassenaar Arrangement. Those amendments expanded the list of restricted technologies to include so-called intrusion software — digital hacking and surveillance tools that the agreement’s crafters were concerned could be used to crack down on journalists and dissidents.

Following an interagency rulemaking process that included State, the Commerce Department and the Department of Homeland Security, the administration attempted to implement the agreement but was met with fierce pushback from both the security community and lawmakers.

Critics argue the arrangement defines “intrusion software” too broadly, effectively outlawing legitimate cybersecurity tools needed to defend networks against hackers.

Lawmakers from both sides of the aisle cited the security community’s long-held stance that a regulatory solution is impossible and that State must return to the table to renegotiate the terms of the arrangement. The agency acquiesced in February.

“While well-intentioned, the Wassenaar Arrangement’s ‘intrusion software’ control was imprecisely drafted, and it has become evident that there is simply no way to interpret the plain language of the text in a way that does not sweep up a multitude of important security products,” Rep. Jim Langevin (D-R.I.), who helped spearhead efforts to press the administration to renegotiate, said at the time.

Source | TheHill