Slashdot Mirror
US Proposes Tighter Export Rules For Computer Security Tools
itwbennett writes: The U.S. Commerce Department has proposed tighter export rules for computer security tools and could prohibit the export of penetration testing tools without a license. The proposal would modify rules added to the Wassenaar Arrangement in 2013 that limit the export of technologies related to intrusion and traffic inspection. The definition of intrusion software would also encompass 'proprietary research on the vulnerabilities and exploitation of computers and network-capable devices,' the proposal said.
I'm interested in whether this is limited to ONLY proprietary research.
I could actually see an argument for banning export of such research. Do we really want companies finding flaws in widely-used software, keeping those flaws secret from the software vendors and the general public, but then selling details on those flaws to others who could potentially turn around and exploit them? In a sense, this does sound like a munition.
I don't see the same concern with public research. If you disclose a vulnerability publicly, then everybody can fix it, and that strengthens the ecosystem instead of weakening it.
If the ban were limited to proprietary research, I don't see it as a bad thing. Of course, it does nothing to keep companies from selling their findings to NSA contractors and such, but I don't expect the US to lift a finger to ban practices like these.
David Sternlight is that you? You know you can legally buy both ski masks and crow bars, right? In fact, I think REI sells ski masks, crow bars (cleverly disguised as climbing hardware), and backpacks all in the same store, and they haven't been shut down yet.
First Amendment says "Kiss my ass" to export restrictions.
Welcome to the Panopticon. Used to be a prison, now it's your home.
The opened a public comment period. Please send them your comments and let them know what you think. https://www.federalregister.go...