The wassenaar arrangement was established to contribute to regional and international security and stability by. Unfortunately, the approach proposed by the wassenaar regulation misses the mark, and would ultimately undermine that goal by making it harder for cyber responders to defend. The wassenaar meeting was intended to create a postcold war. Best practices to prevent destabilising transfers of small arms and light weapons salw through air transport. Many of you may have heard about the recent debate regarding the u. The inclusion of intrusion software on the wassenaar control list was done with good intentions. The surveillance industry and human rights epic electronic. The policy implications of hacking the hacking team council. For the complete and authoritative texts of the wa lists, please see the current control lists above. Coalition seeks revisions to potentially restrictive. Elements for export controls of manportable air defence systems manpads best practice guidelines on subsequent transfer reexport controls for conventional weapons systems contained in appendix 3 to the wa initial elements.
Best practices and guidelines the wassenaar arrangement. Dec 01, 2014 in the current system, human rights and digital rights groups, as well as external independent experts, are excluded from contributing their expertise and knowledge to the wassenaar arrangement forum. Guest blog by james gannon, director and principal of cyber invasion, ltd. The inclusion of the category relating to intrusion software was. Hacking team breach shows a global spying firm run amok. Intrusion software and human rights european parliament. Intrusion software and human rights regulation ec 822014 amending the community regime for the control of exports, transfer, brokering and transit of dualuse items follows the intrusion software clauses in the wassenaar arrangement. However, revelations that hacking teams customers included countries with poor human rights records reinforce why the wassenaar regime included intrusion software. However, even before 2011 wassenaar controls also covered items used by. In december 20, the 41 member states of the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies agreed to create two new export controls focusing on cybersecurity items. Internet freedom and export controls carnegie endowment for. Opensource software is already exempt from the new controls. Congress should change these three laws to protect cybersecurity.
To resolve these, microsoft proposes to evolve the intrusion software control over time to a narrowly tailored and well understood control that can help protect those involved in human. Jul 08, 2015 however, revelations that hacking teams customers included countries with poor human rights records reinforce why the wassenaar regime included intrusion software. May 28, 2015 the wassenaar arrangement includes controls for technology connected to intrusion software. Wassenaar defined intrusion software as software specially.
Hacking teams newly exposed business practices call into question whether current regulations effectively prevent a private firm from selling hacking software to any government in the world. Encryption gip digital watch observatory for internet. Jul 24, 2015 by cristin goodwin, senior attorney, microsoft today i participated in the center for strategic and international studies csis discussion on decoding the bis proposed rule for intrusion software platforms and the important topic of the department of commerces proposed rule on intrusion software under the wassenaar arrangement. The wassenaar arrangement is an intergovernmental export control regime used.
The proposed change is designed to stop human rights abuses and ensure dissident groups, or internationally blacklisted states, cannot be sold surveillance software, or cyber attack tools, by. Second, for the small set of items remaining under control, bis should tailor licensing decisions around the potential of such tools for the abuse of human rights, as well as the human rights record of the intended enduser to whom the items are being sold. New changes to wassenaar arrangement export controls will benefit cybersecurity. While human rights are not considered a motivational factor for the decision. Government takes second look at us wassenaar rules. Human rights advocates have recognized that surveillance software designed and sold by companies in western countries has been responsible for serious abuses around the world. Software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device, and performing any of the. Human rights organizations sued a french company for giving to the libyan. Hacking team breach shows a global spying firm run amok wired. Rethinking intrusion software microsoft cybersecurity.
Wassenaar arrangement list in 2017 for intrusion software and why were they made. Cybersecurity and the wassenaar arrangement what needs to. Oct 28, 2016 modernization of the eu export control system. It is still possible to obtain powerful software on the internet. These clauses are intended to protect activists, dissidents and journalists whose. New changes to wassenaar arrangement export controls will. The wassenaar arrangements munitions list is published here separately for the specific purpose of informing and assisting nonwa countries which are developing or strengthening their national export control list for conventional arms. The wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is a multilateral export control regime mecr with 42 participating states including many former comecon warsaw pact countries. State department will try to fix wassenaar arrangement. Department of commerces proposed rule to implement the wassenaar arrangement 20 plenary agreement on intrusion and surveillance software rin 0694ag49, as published in 80 fed. In may 1996 41 countries came to wassenaar, a small town in the netherlands, to sign what was to be called the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies. Unfortunately, the approach proposed by the wassenaar regulation misses the mark, and indeed, the controls would ultimately undermine that goal by making it harder for cyber responders to defend.
The coalition for responsible cybersecurity and bsa the software alliance agree, and recognize that more can be done to protect those who advocate for human rights. A coalition of human rights and technology groups, including new americas open technology institute, where i work, submitted recommendations this month with proposals on how to make this happen. Crypto controls threaten human rights human rights watch. Jul 31, 2015 unusual redo of us wassenaar rules applauded. An open letter to the members of the wassenaar arrangement. After all, as galperin and moussouris both point out, the original purpose of the 20 amendment to the wassenaar arrangement came in response to a. The wassenaar arrangements first foray into cybersecurity export controls has created a multitude of unintended consequences and implementation challenges. The impact of technologies on hu man rights 8 however, the process of transitioning human rights online cannot just consider freedom of expression and the right to privacy. The united states successfully negotiated researchuse exceptions to export controls on surveillance tools at the december 2017 meeting of the wassenaar arrangement, a club of advanced economies that coordinates export controls.
Jan 16, 2018 new changes to wassenaar arrangement export controls will benefit cybersecurity. Just like businesses and governments, human rights groups and other. The wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is an agreement between 41 countries which generally hold. May 25, 2015 guest blog by james gannon, director and principal of cyber invasion, ltd.
Between 2012 and 2014, multiple episodes of surveillance abuse were exposed by citizenlab, a group based at the university of toronto that performs research on communication technologies and human rights 3. Mar 02, 2016 us to renegotiate rules on exporting intrusion software. Private companies, government surveillance software and human. How the wassenaar arrangement threatens responsible. In the current system, human rights and digital rights groups, as well as external independent experts, are excluded from contributing their expertise and knowledge to the wassenaar arrangement forum. Mar 29, 2016 in 20, the wassenaar arrangement added a new category pertaining to intrusion software that could potentially be used as monitoring tools, or to thwart protective countermeasures. By cristin goodwin, senior attorney, microsoft today i participated in the center for strategic and international studies csis discussion on decoding the bis proposed rule for intrusion software platforms and the important topic of the department of commerces proposed rule on intrusion software under the wassenaar arrangement. Microsofts comments on the proposed rule under the wassenaar.
In 20, the wassenaar arrangement added a new category pertaining to intrusion software that could potentially be used as monitoring tools, or to thwart protective countermeasures. Implementation and ensuring that human rights concerns are given sufficient. A few attempts to develop an international regime, mainly within the context of the wassenaar arrangement, did not result in the development of an effective international regime. These freedoms are explicitly protected by national and international law, including the charter of rights and freedoms, the universal declaration of human rights, and the international covenant on civil and political rights, and must be used as a baseline for any decision on the wassenaar arrangement. However, a proposed rule change to the wassenaar arrangement an international agreement started in 1996 concerning the sale and export of militarygrade weapons. In particular, human rights groups had a strong influence over the 20 inclusion of intrusion software to the wassenaar arrangement bauer and bromley, 2016. Wassenaar the cryptic enigma greg taylor electronic frontiers australia published in the internet law bulletin, 2 1999. Us to renegotiate rules on exporting intrusion software. The wassenaar arrangement on export controls for conventional arms and. These export controlsrequirements that organizations selling or sending technologies with potential military applications abroad obtain a license from the commerce.
I in this first post on a new series, we will discuss the most debated topic of the proposal thus far, which is the establishment of specific human rights based controls on cybersurveillance technologies. For human rights advocates, software like davinci from hacking team that bypasses security protections, hides from antivirus and other malware detection tools, and spies on the victim, represent. A tiny change to this obscure arms dealing agreement could. Aug 24, 2016 ahmed mansoor is an internationally recognized human rights defender, blogger, and member of human rights watchs advisory committee. Especially if all human rights are as valid online as they are offline, they need to be analysed and transitional effects highlighted. With more and more incidents coming to light of authoritarian regimes utilizing advanced western technology to violate human rights, the wa was amended to bring within its ambit intrusion software and ip network surveillance systems as well. Jul 07, 2015 however, a proposed rule change to the wassenaar arrangement an international agreement started in 1996 concerning the sale and export of militarygrade weapons threatens the ability of. New paper recommends how to keep surveillance tech from human.
The addition of intrusion software to wassenaars dualuse list in 20 is particularly critical in light of a new citizen lab report which shows the direct human rights impact as civil society organizations are increasingly being targeted by governmentsponsored malware. On the 50th anniversary of the signing of the universal declaration of human rights in december 1998, 33 nations, including australia, bowed to us demands to further restrict the export of cryptography software, tools which are often used by human rights organisations to. Apr 04, 2017 the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is an agreement between 41 countries which generally hold similar views on human rights. Statement to wassenaar secretariat, 14 september 1998. Wassenaar arrangement changes in multifaceted digital. Ahmed mansoor is an internationally recognized human rights defender, blogger, and member of human rights watchs advisory committee. At the end of 20, changes were made to the wassenaar arrangement wa on the export control for conventional arms and dualuse of goods and technologies including references to zero days, computer exploits and other software categories e. May 02, 2016 after all, as galperin and moussouris both point out, the original purpose of the 20 amendment to the wassenaar arrangement came in response to a number of human rights and privacy abuses that. Mansoor, who is based in the uae, was jailed for eight months in 2011 along with four other activists for supporting a prodemocracy petition. Human rights watch warned the other participants in the vienna conference not to incorporate such restrictive policies into the wassenaar arrangement, or to further limit the global distribution. Jun 29, 2016 the coalition for responsible cybersecurity and bsa the software alliance agree, and recognize that more can be done to protect those who advocate for human rights. An affluent suburb of the hague, wassenaar lies 10 km 6. Government takes second look at us wassenaar rules threatpost.