The great unpacking suffered by Hacking Team has recently come to bring a new illustration of which are sometimes charged through to some companies, but texts and treaties are constrained in this trade of sensitive information.
Among these texts, the Wassenaar Arrangement is surely the best known. The document, signed by over 41 States in 1996 in Wassenaar the Netherlands, established an export control regime to impose control of States on the sale of conventional weapons but also on technology called “dual use “. This category gathers all the technologies that have applications both military and civilian: random encryption technologies, software monitoring or exploits and 0day vulnerabilities, which trade can be a very lucrative business.
In May, the United States proposed a first implementation of this international agreement in their legal texts, European countries have done the same in early 2015. This has was presented by the Industry and Security Office and is currently a proposal, but the subject of much debate within the American research community. For many, the new regulations proposals are too restrictive and could hinder research in cybersecurity: the problem often raised by researchers is the vagueness of the terms of the proposal.
Excessive regulation and against productive?
The same goes for Google: the giant search engine, in a blog post, summarizes its position on the US proposal and castigates first imprecise terms. “We believe that these proposals, in the present state of things, may have an adverse influence on the security research community”, so says Google. Apart from the vagueness of the terms, the company is concerned about the effect that this proposal could have on fixing bugs, researchers wishing to report security breaches to foreign companies should indeed declare whether at state and get a authorization before disclosing their information.
The position of Google, which has been transmitted in the form of a formal report to the BiS is shared by many American researchers, who worry about too much regulation in this sector. The EFF notably mentioned in a statement the extremely broad nature of the controls proposed by the BIS, “even wider as the European proposal published in January. ”
For some researchers, these vast restrictions are an attempt to stem the sale of surveillance technology to dictatorial states,” noble goal “says Robert Graham, a researcher on his blog” but Wassenaar n ‘ is clearly not the best way to do this. “Yesterday, calls to comment on this proposal was completed, calls answered by several US companies and associations such as Cisco or EFF. The debate is open and contrasts sharply with the discretion shown by European players early in the year against the European proposal.