Jump to content

Arms control treaty could land security researchers like me in jail


securitybreach

Recommended Posts

securitybreach

So #wassenaar has infected your Twitter timeline for the past several days. I thought I'd explain what the big deal is.

 

What’s a Wassenaar?

 

Wassenaar is a town in Europe, where in 1996 a total of 41 nations agreed to an arms control treaty. The name of the agreement, the Wassenaar Arrangement, comes from the name of the town. The US, Europe, and Russia are part of the agreement. Africa, the Middle East, and China are not.

 

The primary goal of the arrangement is anti-proliferation, stopping uranium enrichment and chemical weapons precursors. Another goal is to control conventional weapons, keeping them out of the hands of regimes that would use them against their own people or to invade their neighbors.

 

Historically in cybersec, we've complained that Wassenaar classifies crypto as a munition. This allows the NSA to eavesdrop and decrypt messages in those countries. This does little to stop dictators from getting their hands on strong crypto but does a lot to prevent dissidents in those countries from encrypting their messages. Perhaps more importantly, it requires us to jump through a lot of bureaucratic hoops to export computer products, because encryption is built in to virtually everything.

 

Why has this become important recently?

 

Last year, Wassenaar added cyberweapons to the list. On May 20, the United States Bureau of Industry and Security (BIS) proposed US rules to comply with the Wassenaar additions. It is currently accepting comments about these rules.

 

The proposed BIS rules go beyond the simpler Wassenaar rules, affecting a large number of cybersecurity products and cybersecurity research. These rules further restrict anything that may be used to develop a cyberweapon, which therefore makes a wide number of innocuous products export-restricted, such as editors and compilers.

 

It's not that these rules will necessarily block the export of legitimate products, but that it creates a huge bureaucracy that will apply the rules prejudicially and arbitrarily. It's easy to make mistakes—and a mistake can cost a person 20 years in jail and $1 million. This will create a huge chilling effect even among those who don't intend to export anything.........

http://arstechnica.c...ike-me-in-jail/

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...