March 3, 2016
After nearly a year of protests from the information security industry, security researchers, and others, US officials have announced that they plan to re-negotiate regulations on the trade of tools related to “intrusion software.” While it’s potentially good news for information security, just how good the news is will depend largely on how much the Obama administration is willing to push back on the other 41 countries that are part of the agreement—especially after the US was key in getting regulations on intrusion software onto the table in the first place.
The rules were negotiated through the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, an agreement governing the trade of weapons and technology that could be used for military purposes. Originally intended to prevent proliferation and build-up of weapons, the US and other Western nations pushed for operating system, software, and network exploits to be included in the Wassenaar protocol to prevent the use of commercial malware and hacking tools by repressive regimes against their own people for surveillance.