US Fails To Renegotiate Arms Control Rule For Hacking Tools

An anonymous reader quotes a report from ABC News: The Obama administration has failed to renegotiate portions of an international arms control arrangement to make it easier to export tools related to hacking and surveillance software -- technologies that can be exploited by bad actors, but are also used to secure computer networks. The rare U.S. move to push for revisions to a 2013 rule was derailed earlier this month at an annual meeting in Vienna, where officials from 41 countries that signed onto it were meeting. That leaves it up to President-elect Donald Trump's administration whether the U.S. will seek revisions again next year. U.S. officials had wanted more precise language to control the spread of such hacking tools without the unintended negative consequences for national cybersecurity and research that industry groups and lawmakers have complained about for months. Critics have argued that the current language, while well meaning, broadly sweeps up research tools and technologies used to create or otherwise support hacking and surveillance software. As one of those 41 member countries of the 1996 Wassenaar Arrangement, which governs the highly technical world of export controls for arms and certain technologies, the United States agreed to restrict tools related to cyber "intrusion software" that could fall into the hands of repressive regimes. The voluntary arrangement relies on unanimous agreement to abide by its rules on export controls for hundreds of items, including arms such as tanks or military aircraft and "dual-use" technologies such as advanced radar that can be used for both peaceful and military means.

Oh please

[fibonacci8]

Please, please let this mean that the 2nd amendment applies to software again.

Re:

[guises]

The second amendment has never applied to exports.

Re:

[Noishkel]

The second amendment has never applied to exports.

True enough. But let's also not forget that the US State Department has tried to regulate CAD and other 3D printer files posted online just like firearms in order to have them taken down. Even though just raw information on how to build a gun conventionally is still legal. Hell, you can still get all of PL Luty's how-to guides over at http://thehomegunsmith.com/ [thehomegunsmith.com]

It's a strange world

[sunderland56]

You can buy an AK-47 at the local store, but tcpdump is a prohibited weapon.

Re:

[Noishkel]

Well we're a bit beyond that. We're at the point where sophisticated and relatively cheap machine tools make it easy for anyone to build an entire arms factory out of their garage. And much the same way with these hacking 'tools' any real hope of trying to regulate just simple code is long since past.

Re:

[ShanghaiBill]

Please tell me this is sarcasm.

It is either sarcasm or ignorance. In America, a private citizen cannot buy or possess an AK-47.

Re:

[K. S. Kyosuke]

Probably because not having to do that in the first place would be preferable?

Re:

[jonwil]

Its a lot harder to stop someone exporting or sharing or transferring digital data (whether that be a 3D model file for a 3D-printable/CnC machinable firearm or firearm part, source code for a strong encryption algorithm or binaries for a set of hacking tools) than it is to stop someone exporting a physical object like an AK-47.

This is why we need technocracy.

[eyenot]

If the government were staffed by people with at least 20 years (30 right here) of experience building and programming computers, they would stop acting like they wholeheartedly believe that shouting at computers (which legislating and regulating computer programming and data-sharing is equivalent to) gets anything done.

Re:

[DonaId Trump]

You're gonna LOVE what we do with the cyber, folks. I'm putting together a team of cyber EXPERTS, headed by digital guru Ted Kaczynski and my son Barron, some very smart people are saying he's the BEST at cyber.

Re:

[account_deleted]

Comment removed based on user account deletion

Maybe it was the delegation we sent?

[xxxJonBoyxxx]

>> The failed effort was a "bummer" said (random)...part of this year's Wassenaar delegation as a U.S. industry expert.

Like, just a "bummer" or a "total bummer"? Inquiring minds want to know.

And Barry, did you just send your "JV team" or is really the best you think the security community has to offer?

Intrusion software?

[AHuxley]

Considering the crypto the US tried to hold back as "munitions" decades ago?
The demand for back doors and trap doors in US crypto?
Now other gov are not to get 'intrusion software" for their own police, mil and security services?
The good news is many other smarter nations will just go on exporting their own really great software.
The really interesting market will be in the safe export of counter surveillance software.
What did the NSA fear? That nations domestically will buy in from their own experts r

technologies

[Kasem]

https://goo.gl/Ba6q7 [goo.gl] oIn minutes, you’ll get a personalized report detailing any problems found, plus a list of recommended fixes.