US fails to renegotiate arms control rule for hacking tools

TAMI ABDOLLAH

December 19, 2016 at 8:47 PM

FILE - This file photo taken Dec. 22, 2015, shows a portion of a page from the Federal Register in Washington. The Obama administration has failed to renegotiate portions of an international arms control arrangement so that it's simpler to export tools related to hacking and surveillance software. (AP Photo/Jon Elswick)

WASHINGTON (AP) — The Obama administration has failed to renegotiate portions of an international arms control arrangement to make it easier to export tools related to hacking and surveillance software — technologies that can be exploited by bad actors, but are also used to secure computer networks.

The rare U.S. move to push for revisions to a 2013 rule was derailed earlier this month at an annual meeting in Vienna, where officials from 41 countries that signed onto it were meeting. That leaves it up to President-elect Donald Trump's administration whether the U.S. will seek revisions again next year.

U.S. officials had wanted more precise language to control the spread of such hacking tools without the unintended negative consequences for national cybersecurity and research that industry groups and lawmakers have complained about for months. Critics have argued that the current language, while well meaning, broadly sweeps up research tools and technologies used to create or otherwise support hacking and surveillance software.

Rep. Jim Langevin, D-R.I., said in a statement Monday that he is "deeply disappointment" by the plenary's decision and hoped the incoming administration will continue the effort. Langevin co-chairs the Congressional Cybersecurity Caucus.

"U.S. cybersecurity and that of our allies will be imperiled if companies and researchers are not able to quickly share defensive tools," said Langevin, who co-chairs of the Congressional Cybersecurity Caucus.

The White House referred questions Monday to the State and Commerce departments, neither of which responded to requests for comment.

As one of those 41 member countries of the 1996 Wassenaar Arrangement, which governs the highly technical world of export controls for arms and certain technologies, the United States agreed to restrict tools related to cyber "intrusion software" that could fall into the hands of repressive regimes.

The voluntary arrangement relies on unanimous agreement to abide by its rules on export controls for hundreds of items, including arms such as tanks or military aircraft and "dual-use" technologies such as advanced radar that can be used for both peaceful and military means.

The failed effort was a "bummer" said Katie Moussouris, CEO and founder of Luta Security who was part of this year's Wassenaar delegation as a U.S. industry expert.

"If anybody understands how quickly you need to respond to a fire, this would essentially impede the internet's firefighters if it was left in place," Moussouris said. But she also noted that such work involving an international body also can take time and finding precise language is critical.

The plenary did agree to tighten up language essentially specifying that the rule should apply to attacker code used to command and control malware, not regular computer defense tools that might have been caught in the rule, Moussouris said.

Efforts to come up with a workable U.S. rule have highlighted the difficulty of applying the export controls restricting physical items to a virtual world that relies on the free flow of information for network security. Many companies operate in multiple countries and routinely employ foreign nationals who test their own corporate networks across borders.

The difficulties with the rule came to light in May 2015 after the Commerce Department's Bureau of Industry and Security began working on its rule to abide by the arrangement and proposed denying the transfer of offensive tools — defined as software that uses "zero-day" exploits, or unpatched new vulnerabilities, and "rootkit" abilities that allow a person administrator-level access to a system.

Because in the cyber world testing a network often requires determining first how to exploit it and attempting to do so.

"Exploit code today is relatively routinely shared for purposes of security research and identifying and mitigating security vulnerabilities," said Harley Geiger, director of public policy for Boston-based Rapid7, Inc., a cybersecurity company which makes software that can test for network vulnerability.

Geiger said the rule could require security researchers to obtain an export license when sharing across borders — a process that can take months.

Follow Tami Abdollah on Twitter at http://www.twitter.com/latams

Yahoo Sports
WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not
Here are five franchises who stood out, for better or for worse.
2d ago
Yahoo Sports
Indianapolis Star columnist Gregg Doyel apologizes after awkward, uncomfortable interaction with Caitlin Clark
Gregg Doyel flashed a heart sign at Caitlin Clark at her introductory press conference on Wednesday afternoon to kick off an incredibly strange back-and-forth.
10h ago
Yahoo Sports
Nike responds to backlash over Team USA track kits, notes athletes can wear shorts
The new female track uniform looked noticeably skimpy at the bottom in one picture, which social media seized upon.
4d ago
Yahoo Sports
Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken
Boban Marjanović is a man of the people.
3d ago
Yahoo Sports
2024 Masters payouts: How much did Scottie Scheffler earn for his win at Augusta National?
The Masters has a record $20 million purse this year.
3d ago
Yahoo Sports
UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout
'We'll deal with that Monday,' Dana White said about Arman Tsarukyan appearing to punch a fan during his UFC 300 walkout.
4d ago
Yahoo Sports
Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk
Never change, Gronk.
3d ago
Yahoo Sports
76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'
Iverson didn't get a life-size statue. Charles Barkley and Wilt Chamberlain didn't either.
5d ago
Yahoo Movies
'Sasquatch Sunset' is so relentlessly gross that people are walking out of screenings. Star Jesse Eisenberg says the film was a ‘labor of love.’
“There are so many movies made for people who like typical things. This is not that," the film's star told Yahoo Entertainment.
6d ago
Yahoo Sports
MLB Power Rankings: Braves, Yankees surge to the top, followed by Dodgers, Orioles, Brewers
Let's identify one player exceeding expectations for each team through the first few weeks of 2024.
2d ago
Yahoo Sports
Mock Draft Monday with Daniel Jeremiah: Bears snag Odunze, Raiders grab a QB
It's another edition of 'Mock Draft Monday' on the pod and who better to have on then the face of NFL Network's draft coverage and a giant in the industry. Daniel Jeremiah joins Matt Harmon to discuss his mock draft methodology, what he's hearing about this year's draft class and shares his favorite five picks in his latest mock draft.
3d ago
TechCrunch
Tesla layoffs hit high performers, some departments slashed, sources say
Tesla management told employees Monday that the recent layoffs -- which gutted some departments by 20% and even hit high performers -- were largely due to poor financial performance, a source familiar with the matter told TechCrunch. The layoffs were announced to staff just a week before Tesla is scheduled to report its first-quarter earnings. The move comes as Tesla has seen its profit margin narrow over the past several quarters, the result of an EV price war that has persisted for at least a year.
2d ago
Yahoo Sports
The Scorecard: 10 fantasy baseball hot takes to know through two weeks
Fantasy baseball analyst Dalton Del Don debuts The Scorecard, a weekly series featuring his takes on key MLB player notes.
2d ago
Yahoo Sports
How Victor Wembanyama's rookie season ranks in NBA history
Victor Wembanyama's rookie NBA season is finished. The San Antonio Spurs will sit him in Sunday's regular-season finale. Where does his first season rank among the league's greats?
4d ago
Yahoo Sports
Longtime voice of Yankees John Sterling is retiring, effective immediately
Sterling has called Yankees games since 1989, a span including the Derek Jeter era that saw the franchise win five World Series championships.
3d ago
Yahoo Sports
Former Colts QB Andrew Luck never considered returning to the NFL
Andrew Luck returned to Indianapolis for a charity event, six years after he retired as the Colts quarterback. He says he's never considered making a comeback to pro football.
5d ago
Yahoo Sports
Fan apologizes for provoking Arman Tsarukyan at UFC 300, won’t file lawsuit after punch
Arman Tsarukyan appeared to punch a fan twice on his way into the Octagon during UFC 300 on Saturday night.
3d ago
Autoblog
2024 Toyota Land Cruiser First Drive Review: Brief taste shows promise, but 1958 questionable
Our mostly off-road first drive reveals a well-executed off-roader with cool style and a high-quality interior. Well, not so much the interior in the 1958.
2d ago
Autoblog
GM is moving out of its Detroit headquarters towers
Something's happening with General Motors' headquarters buildings, and it may mean they'll no longer be GM's headquarters buildings.
3d ago
Yahoo Life Shopping
Jennifer Garner wore this sweatshirt to bake morning muffins, and it's so comfy you'll want to wear it everywhere
Equal parts cozy and stylish, the star's Favorite Daughter sweatshirt is a wardrobe essential.
2d ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

US fails to renegotiate arms control rule for hacking tools

Recommended Stories

WNBA Draft winners and losers: As you may have guessed, the Fever did pretty well. The Liberty? Perhaps not

Indianapolis Star columnist Gregg Doyel apologizes after awkward, uncomfortable interaction with Caitlin Clark

Nike responds to backlash over Team USA track kits, notes athletes can wear shorts

Boban Marjanović hilariously misses free throws on purpose to give Clippers fans free chicken

2024 Masters payouts: How much did Scottie Scheffler earn for his win at Augusta National?

UFC 300: 'We're probably gonna get sued' after Arman Tsarukyan appeared to punch fan during walkout

Rob Gronkowski's first pitch before the Red Sox's Patriots' Day game was typical Gronk

76ers' statue for Allen Iverson draws jokes, outrage due to misunderstanding: 'That was disrespectful'

'Sasquatch Sunset' is so relentlessly gross that people are walking out of screenings. Star Jesse Eisenberg says the film was a ‘labor of love.’

MLB Power Rankings: Braves, Yankees surge to the top, followed by Dodgers, Orioles, Brewers

Mock Draft Monday with Daniel Jeremiah: Bears snag Odunze, Raiders grab a QB

Tesla layoffs hit high performers, some departments slashed, sources say

The Scorecard: 10 fantasy baseball hot takes to know through two weeks

How Victor Wembanyama's rookie season ranks in NBA history

Longtime voice of Yankees John Sterling is retiring, effective immediately

Former Colts QB Andrew Luck never considered returning to the NFL

Fan apologizes for provoking Arman Tsarukyan at UFC 300, won’t file lawsuit after punch

2024 Toyota Land Cruiser First Drive Review: Brief taste shows promise, but 1958 questionable

GM is moving out of its Detroit headquarters towers

Jennifer Garner wore this sweatshirt to bake morning muffins, and it's so comfy you'll want to wear it everywhere