Get ready to tear into next round of hacker tool rules in Wassenaar Arrangement refresh

Public consultation to be held on rewritten draft update


The US government has said it will give everyone the chance to pull apart its latest attempt at redrafting its implementation of the Wassenaar Arrangement.

That arrangement is a pact governing the export of weaponry between participating nations, including America. An earlier proposed update to the text included a blanket ban on tools used by security researchers to test software and networks – a move that sparked outcry.

There are a variety of utilities, such as network mappers and fuzzers, that are used by hackers, but are also essential tools for the cybersecurity industry, and these would have been banned from export under the proposed tweaks.

Then, mid-2015, the US government said it had heard all the complaints against the changes, and agreed to go back to the drawing board. Now it's confirmed there will be a public consultation on the next draft update.

"Stakeholders raised serious concerns regarding the scope of the draft rule to implement the 2013 Arrangement among the 41 Wassenaar party states on intrusion software during the proposed rule comment period," said Caroline Tess, the senior director of legislative affairs for the US National Security Council in a newly released letter [PDF].

"As a result, the Department of Commerce has advised that it will not issue a final rule until at least one more round of public comment on a revised draft rule."

The letter was a response to the request for a complete rethink by Representative Jim Langevin (D-RI) and Michael McCaul (R-TX), co-chairman of the Congressional Cybersecurity Caucus. In addition, over 100 members of Congress also signed the letter protesting the rule changes.

"I thank Ambassador Rice for re-engaging the National Security Council on this important issue," said Langevin.

"It is clear that the original proposed rule would have 'come at the expense of legitimate cybersecurity activities'; closer NSC involvement will help a revised rule steer clear of these pitfalls. However, as we learned at the Homeland Security Committee hearing last month, the underlying problem may lie in the Arrangement language itself, meaning the only solution may be to go back to Wassenaar and renegotiate."

That's going to be a tricky proposition – negotiations between the 41 member states would be trickier than herding cats. The US government would, no doubt, prefer to simply rewrite the initial poorly worded draft. ®

Similar topics


Other stories you might like

  • UK Home Secretary delays Autonomy founder extradition decision to mid-December

    Could be a Christmas surprise in store from Priti Patel

    Autonomy Trial Autonomy founder Mike Lynch's pending extradition to the US has been kicked into the long grass again by the UK Home Office.

    Lynch is wanted in the US to stand trial on 17 charges of fraud and false accounting. He is alleged to have defrauded Hewlett Packard investors over the sale of British software firm Autonomy in 2011.

    Continue reading
  • Want to buy your own piece of the Pi? No 'urgency' says Upton of the listing rumours

    A British success story... what happens next?

    Industry talk is continuing to circulate regarding a possible public listing of the UK makers of the diminutive Raspberry Pi computer.

    Over the weekend, The Telegraph reported that a spring listing could be in the offing, with a valuation of more than £370m.

    Pi boss, Eben Upton, described the newspaper's article as "interesting" in an email to The Register today, before repeating that "we're always looking at ways to fund the future growth of the business, but the $45m we raised in September has taken some of the urgency out of that."

    Continue reading
  • All change at JetBrains: Remote development now, new IDE previewed

    Security, collaboration, flexible working: Fleet does it all apparently

    JetBrains has introduced remote development for its range of IDEs as well as previewing a new IDE called Fleet, which will form the basis for fresh tools covering all major programming languages.

    JetBrains has a core IDE used for the IntelliJ IDEA Java tool as well other IDEs such as Android Studio, the official programming environment for Google Android, PyCharm for Python, Rider for C#, and so on. The IDEs run on the Java virtual machine (JVM) and are coded using Java and Kotlin, the latter being primarily a JVM language but with options for compiling to JavaScript or native code.

    Fleet is "both an IDE and a lightweight code editor," said the company in its product announcement, suggesting perhaps that it is feeling some pressure from the success of Microsoft's Visual Studio Code, which is an extensible code editor. Initial language support is for Java, Kotlin, Go, Python, Rust, and JavaScript, though other languages such as C# will follow. Again like VS Code, Fleet can run on a local machine or on a remote server. The new IDE uses technology developed for IntelliJ such as its code-processing engine for features such as code completion and refactoring.

    Continue reading

Biting the hand that feeds IT © 1998–2021