A bipartisan group of lawmakers is rightly concerned about the potential unintended consequences of adding “intrusion software” to the Wassenaar Arragenement for Export Controls because of its ambiguity and the possibility it may outlaw defensive and forensics related applications:
In response to a rulemaking notice posted by the Commerce Department’s Bureau of Industry and Security, Rep. Jim Langevin (D-R.I.) submitted public comments via a letter warning that the new controls could unintentionally stifle cybersecurity research.
“The change would draw a misguided line between offensive and defensive cyber tools, and I fear it would weaken our nation’s cybersecurity and overall national security posture,” Langevin wrote.
The letter was co-signed by Reps. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee; David Schweikert (R-Ariz.); and Ted Lieu (D-Calif.).
“In particular, by presumptively preventing export of tools with zero-day and rootkit capabilities, the proposed rule would impair the comprehensive testing of risk management frameworks and the overall evaluation of cybersecurity,” the letter states.