Wassenaar Arrangement Update
As you remember from last time, the security community was a buzz about the proposed digital intrusion software export controls excerpt in the Wassenaar Arrangement. Since then, there have been several meetings of the NTIA Collab, a group of industry peers assembling to discuss the issues with The National Telecommunications and Information Administration and the Department of Commerce’s Internet Policy Task Force (IPTF). Since last time, they've had several meetings, and according to reports from the first few there were so many issues on the table that a unified path forward didn't seem clear. They also published a live stream, that anyone could join, of the discussion at the September 29, 2015 meeting. In those meeting notes, you can see the thoughts are all over the board. Thankfully, based on recent announcements from The Assistant Secretary of Commerce Dept. at the most recent meeting (on Dec 8th, 2015), it sounds like they are delaying signing anything into a finalized law before more conversation and understanding can be reached over these issues. The Assistant Secretary, Kevin Wolf said, "I'm not sure what the next step is, because we're still talking with the US Gov Agencies, going through comments, getting industry input. When there is some sort of consensus, then we'll know what the next step is, but as the person who signs the rule, I can assure you that there are no positions other than the next step won't be a final rule.". There are simply too many big players complaining, too much at stake, and way too much confusion over the topics to move forward right now, which is a great thing! Players such as Microsoft, National Association of Manufacturers, Toyota, FireEye, Juniper, Hacker0x1, The EFF, Tennable, Immunity, and many others showed up and spoke at the various meetings, publishing some amazing works on the topic, such as Sergey Bratus' "The Wassenaar Arrangement's Intent Fallacy". All of the conversations echo the same thought, this policy needs far more consideration, crafting, and clarity or else it could hurt the industry. The following is a respected panel of commentators on the Wassenaar Arrangement issues:
