Jul 08, 2015 however, revelations that hacking teams customers included countries with poor human rights records reinforce why the wassenaar regime included intrusion software. Statement to wassenaar secretariat, 14 september 1998. Jan 16, 2018 new changes to wassenaar arrangement export controls will benefit cybersecurity. The proposed change is designed to stop human rights abuses and ensure dissident groups, or internationally blacklisted states, cannot be sold surveillance software, or cyber attack tools, by. Second, for the small set of items remaining under control, bis should tailor licensing decisions around the potential of such tools for the abuse of human rights, as well as the human rights record of the intended enduser to whom the items are being sold. Cybersecurity and the wassenaar arrangement what needs to. May 28, 2015 the wassenaar arrangement includes controls for technology connected to intrusion software. A tiny change to this obscure arms dealing agreement could. Encryption gip digital watch observatory for internet. Wassenaar arrangement list in 2017 for intrusion software and why were they made. Jul 31, 2015 unusual redo of us wassenaar rules applauded.
Unfortunately, the approach proposed by the wassenaar regulation misses the mark, and would ultimately undermine that goal by making it harder for cyber responders to defend. Microsofts comments on the proposed rule under the wassenaar. Unfortunately, the approach proposed by the wassenaar regulation misses the mark, and indeed, the controls would ultimately undermine that goal by making it harder for cyber responders to defend. The addition of intrusion software to wassenaars dualuse list in 20 is particularly critical in light of a new citizen lab report which shows the direct human rights impact as civil society organizations are increasingly being targeted by governmentsponsored malware. The wassenaar arrangements munitions list is published here separately for the specific purpose of informing and assisting nonwa countries which are developing or strengthening their national export control list for conventional arms. Just like businesses and governments, human rights groups and other. Jul 24, 2015 by cristin goodwin, senior attorney, microsoft today i participated in the center for strategic and international studies csis discussion on decoding the bis proposed rule for intrusion software platforms and the important topic of the department of commerces proposed rule on intrusion software under the wassenaar arrangement.
The inclusion of the category relating to intrusion software was. Department of commerces proposed rule to implement the wassenaar arrangement 20 plenary agreement on intrusion and surveillance software rin 0694ag49, as published in 80 fed. The coalition for responsible cybersecurity and bsa the software alliance agree, and recognize that more can be done to protect those who advocate for human rights. The policy implications of hacking the hacking team council. Dec 01, 2014 in the current system, human rights and digital rights groups, as well as external independent experts, are excluded from contributing their expertise and knowledge to the wassenaar arrangement forum. After all, as galperin and moussouris both point out, the original purpose of the 20 amendment to the wassenaar arrangement came in response to a. The wassenaar meeting was intended to create a postcold war. State department will try to fix wassenaar arrangement. Best practices to prevent destabilising transfers of small arms and light weapons salw through air transport.
The wassenaar arrangement is an intergovernmental export control regime used. Many of you may have heard about the recent debate regarding the u. A coalition of human rights and technology groups, including new americas open technology institute, where i work, submitted recommendations this month with proposals on how to make this happen. On the 50th anniversary of the signing of the universal declaration of human rights in december 1998, 33 nations, including australia, bowed to us demands to further restrict the export of cryptography software, tools which are often used by human rights organisations to. These export controlsrequirements that organizations selling or sending technologies with potential military applications abroad obtain a license from the commerce. Mar 29, 2016 in 20, the wassenaar arrangement added a new category pertaining to intrusion software that could potentially be used as monitoring tools, or to thwart protective countermeasures.
While human rights are not considered a motivational factor for the decision. The impact of technologies on hu man rights 8 however, the process of transitioning human rights online cannot just consider freedom of expression and the right to privacy. Mar 02, 2016 us to renegotiate rules on exporting intrusion software. Elements for export controls of manportable air defence systems manpads best practice guidelines on subsequent transfer reexport controls for conventional weapons systems contained in appendix 3 to the wa initial elements. Us to renegotiate rules on exporting intrusion software. I in this first post on a new series, we will discuss the most debated topic of the proposal thus far, which is the establishment of specific human rights based controls on cybersurveillance technologies.
At the end of 20, changes were made to the wassenaar arrangement wa on the export control for conventional arms and dualuse of goods and technologies including references to zero days, computer exploits and other software categories e. Government takes second look at us wassenaar rules. New changes to wassenaar arrangement export controls will. Human rights organizations sued a french company for giving to the libyan.
The wassenaar arrangements first foray into cybersecurity export controls has created a multitude of unintended consequences and implementation challenges. The wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is a multilateral export control regime mecr with 42 participating states including many former comecon warsaw pact countries. In 20, the wassenaar arrangement added a new category pertaining to intrusion software that could potentially be used as monitoring tools, or to thwart protective countermeasures. Internet freedom and export controls carnegie endowment for.
By cristin goodwin, senior attorney, microsoft today i participated in the center for strategic and international studies csis discussion on decoding the bis proposed rule for intrusion software platforms and the important topic of the department of commerces proposed rule on intrusion software under the wassenaar arrangement. These freedoms are explicitly protected by national and international law, including the charter of rights and freedoms, the universal declaration of human rights, and the international covenant on civil and political rights, and must be used as a baseline for any decision on the wassenaar arrangement. Human rights advocates have recognized that surveillance software designed and sold by companies in western countries has been responsible for serious abuses around the world. An affluent suburb of the hague, wassenaar lies 10 km 6. Wassenaar defined intrusion software as software specially. To resolve these, microsoft proposes to evolve the intrusion software control over time to a narrowly tailored and well understood control that can help protect those involved in human. Guest blog by james gannon, director and principal of cyber invasion, ltd. Private companies, government surveillance software and human. Wassenaar the cryptic enigma greg taylor electronic frontiers australia published in the internet law bulletin, 2 1999. In particular, human rights groups had a strong influence over the 20 inclusion of intrusion software to the wassenaar arrangement bauer and bromley, 2016. Human rights watch warned the other participants in the vienna conference not to incorporate such restrictive policies into the wassenaar arrangement, or to further limit the global distribution. The inclusion of intrusion software on the wassenaar control list was done with good intentions. Aug 24, 2016 ahmed mansoor is an internationally recognized human rights defender, blogger, and member of human rights watchs advisory committee.
Government takes second look at us wassenaar rules threatpost. How the wassenaar arrangement threatens responsible. Hacking teams newly exposed business practices call into question whether current regulations effectively prevent a private firm from selling hacking software to any government in the world. Mansoor, who is based in the uae, was jailed for eight months in 2011 along with four other activists for supporting a prodemocracy petition. Jul 07, 2015 however, a proposed rule change to the wassenaar arrangement an international agreement started in 1996 concerning the sale and export of militarygrade weapons threatens the ability of. Coalition seeks revisions to potentially restrictive. New changes to wassenaar arrangement export controls will benefit cybersecurity. The wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is an agreement between 41 countries which generally hold. Especially if all human rights are as valid online as they are offline, they need to be analysed and transitional effects highlighted. Best practices and guidelines the wassenaar arrangement. Ahmed mansoor is an internationally recognized human rights defender, blogger, and member of human rights watchs advisory committee.
An open letter to the members of the wassenaar arrangement. May 25, 2015 guest blog by james gannon, director and principal of cyber invasion, ltd. The wassenaar arrangement was established to contribute to regional and international security and stability by. Opensource software is already exempt from the new controls. Hacking team breach shows a global spying firm run amok. In december 20, the 41 member states of the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies agreed to create two new export controls focusing on cybersecurity items. The surveillance industry and human rights epic electronic. A few attempts to develop an international regime, mainly within the context of the wassenaar arrangement, did not result in the development of an effective international regime. For the complete and authoritative texts of the wa lists, please see the current control lists above. Rethinking intrusion software microsoft cybersecurity. Software specially designed or modified to avoid detection by monitoring tools, or to defeat protective countermeasures, of a computer or network capable device, and performing any of the.
However, even before 2011 wassenaar controls also covered items used by. It is still possible to obtain powerful software on the internet. With more and more incidents coming to light of authoritarian regimes utilizing advanced western technology to violate human rights, the wa was amended to bring within its ambit intrusion software and ip network surveillance systems as well. The wassenaar arrangement on export controls for conventional arms and. Hacking team breach shows a global spying firm run amok wired. However, revelations that hacking teams customers included countries with poor human rights records reinforce why the wassenaar regime included intrusion software. Implementation and ensuring that human rights concerns are given sufficient.
These clauses are intended to protect activists, dissidents and journalists whose. May 02, 2016 after all, as galperin and moussouris both point out, the original purpose of the 20 amendment to the wassenaar arrangement came in response to a number of human rights and privacy abuses that. Jun 29, 2016 the coalition for responsible cybersecurity and bsa the software alliance agree, and recognize that more can be done to protect those who advocate for human rights. Congress should change these three laws to protect cybersecurity. New paper recommends how to keep surveillance tech from human.
In the current system, human rights and digital rights groups, as well as external independent experts, are excluded from contributing their expertise and knowledge to the wassenaar arrangement forum. For human rights advocates, software like davinci from hacking team that bypasses security protections, hides from antivirus and other malware detection tools, and spies on the victim, represent. Apr 04, 2017 the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies is an agreement between 41 countries which generally hold similar views on human rights. The united states successfully negotiated researchuse exceptions to export controls on surveillance tools at the december 2017 meeting of the wassenaar arrangement, a club of advanced economies that coordinates export controls. However, a proposed rule change to the wassenaar arrangement an international agreement started in 1996 concerning the sale and export of militarygrade weapons. In may 1996 41 countries came to wassenaar, a small town in the netherlands, to sign what was to be called the wassenaar arrangement on export controls for conventional arms and dualuse goods and technologies. Intrusion software and human rights european parliament. Crypto controls threaten human rights human rights watch. Wassenaar arrangement changes in multifaceted digital. Between 2012 and 2014, multiple episodes of surveillance abuse were exposed by citizenlab, a group based at the university of toronto that performs research on communication technologies and human rights 3. Intrusion software and human rights regulation ec 822014 amending the community regime for the control of exports, transfer, brokering and transit of dualuse items follows the intrusion software clauses in the wassenaar arrangement. Oct 28, 2016 modernization of the eu export control system.
962 843 1318 1081 758 1165 1006 1097 1355 79 208 955 580 1226 591 1293 489 1007 187 885 1143 1193 419 1493 65 501 1454 56 1398