Several leading cybersecurity firms have formed a coalition whose goal is to prevent the U.S. Department of Commerce from adopting Wassenaar Arrangement regulations that could have a negative impact on the industry. Google has also submitted comments on the proposed export control rules.
The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is a multilateral export control association with 41 participating states. Members have agreed to control the transfer of arms and dual-use goods and technologies in an effort to improve national and international security and stability.
The implementation proposed by the Department of Commerce’s Bureau of Industry and Security (BIS) on May 20 regarding intrusion and surveillance items has been criticized by many experts, particularly because of overbroad definitions.
Google formally submitted comments on Monday, the last day on which the BIS accepted comments on the proposed Wassenaar Arrangement rules.The search giant believes the proposed changes would have a significant negative impact on the open security research community. The company is also concerned that the rules would affect its ability to defend itself and its customers.
The broad and vague language is one of Google’s main concerns. The company fears that if the changes are adopted, it would have to request thousands or tens of thousands of export licenses.
“Since Google operates in many different countries, the controls could cover our communications about software vulnerabilities, including: emails, code review systems, bug tracking systems, instant messages – even some in-person conversations!” Google said.
Cyber security firms are also displeased with the proposed changes. That is why Symantec, Ionic Security, FireEye, Synack, Global Velocity, WhiteHat, and others have joined forces in the coalition for responsible cybersecurity.