Wassenaar Arrangement could get a redo over cyber
Lawmakers heard from skeptical industry experts on the export control policy and process of implementing the 2013 amendments to the Wassenaar Arrangement.
Lawmakers quizzed government and industry about the 2013 Wassenar Arrangement.
Federal officials and industry experts who testified before a joint hearing of two House subcommittees on Jan. 12 agreed with lawmakers that the government should re-evaluate its support for an international arrangement that imposes export controls on intrusion and surveillance technologies among participating countries.
"If I had the information I had today, clearly we would have negotiated differently," Ann Ganzer, director of the Office of Conventional Arms Threat Reduction at the State Department, told members of the House Oversight and Government Reform Committee's IT Subcommittee and the Homeland Security Committee's Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee.
Forty-one countries participate in the Wassenaar Arrangement, which seeks to promote transparency and greater responsibility in the export of conventional weapons. In 2013, it was amended to cover Internet-based surveillance technologies in an effort to prevent companies from selling their products to countries with a history of human rights abuses. In May 2015, the Commerce Department's Bureau of Industry and Security published a proposed rule to implement the amendments and received heavy opposition in the form of 264 public comments.
Rep. John Ratcliffe (R-Texas), chairman of the Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee, said the technology provision is unlikely to achieve the "open and interoperable cyberspace that is in the public's interest."
"If we are to expect the cybersecurity provisions of this arrangement to be workable, we need to make sure our stated intentions and actions are not contradictory,” he added. "If we can't do that, I question why we as a country are agreeing to this updated arrangement."
Phyllis Schneck, deputy undersecretary for cybersecurity and communications at the Department of Homeland Security, agreed with Ratcliffe's assessment. She told lawmakers that the proposal conflicts with the U.S. government’s cybersecurity efforts.
"We've had a challenge in finding a way to adopt export controls," Schneck added.
Cheri Flynn McGuire, vice president of global government affairs and cybersecurity policy at Symantec, said the proposed amendments "would severely damage our ability to innovate and develop new cybersecurity products."
Schneck said an agreement that combines the benefits of export control with cybersecurity should be considered.
Proposals for implementing the Wassenaar Arrangement are due in March and will be debated throughout the year.