House lawmakers say an export controls pact that restricts hacking tools could actually compromise U.S. weapons systems.
The Pentagon would have to report to Congress on how the agreement will impact the Defense Department and its allies, under legislation passed by the Armed Services Emerging Threats and Capabilities subcommittee.
The State Department currently is renegotiating the so-called Wassenaar Arrangement, a 41-country forum founded in 1995 to regulate the transfer of conventional weapons and dual-use goods like lasers and supercomputers. In 2013, participating nations agreed on controls for "intrusion software" to prevent surveillance gear from reaching the fingers of terrorists and authoritarian regimes.
The problem, for security experts, is that the way the pact currently is written sweeps up many items that help legitimate, friendly coders poke around for system weaknesses.
So, the House version of an annual defense spending bill that sets policy would require the Defense secretary to brief lawmakers by March 2017 on the consequences of the anti-malware proliferation pact.
Specifically, lawmakers want to know the effect of hacking-software restrictions on "Defense applications, including efforts to support alliance partners or otherwise build partner capacity with friendly nations."
The regulated goods now include a number of products routinely used for cybersecurity research and defense, according to the House's draft version of the 2017 National Defense Authorization Act. "Restricting export of these technologies may negatively impact use of such products for national security purposes," the lawmakers said.
Last year, security researchers, Congress members and the Homeland Security Department raised alarms about enforcement of the controls. State later recanted and, according to Politico, agreed that it would begin rebargaining this month with the aim of getting changes onto the agenda for the December plenary session.
Rep. Jim Langevin, D-R.I., a committee member and co-founder of the Congressional Cybersecurity Caucus, along with 124 other lawmakers, sent the National Security Council a letter in December 2015 asking for an interagency review of the issue.
On Feb. 29, he hailed State’s decision to go back to the drawing board for Wassenaar.
“Of course, the addition of items to the agenda does not, in itself, ensure a successful resolution," Langevin cautioned at the time.