The Stuxnet computer worm, discovered in June 2010, was the first, menacing weaponized software in history. Its discovery brought back to surface the fiery debate on cyber warfare and the perils of cyber weapons. Today, we see the cyberspace at an increasing canine risk and danger.
The United States is on the verge of making sure that surveillance software doesn’t fall in the wrong hands. According to security experts, the proposed rules are quite extensive and most likely to interfere with research, thus making computer systems less secure in the long run.
A proposed rule by The Bureau of Industry and Security (BIS) on May 20, 2015 would de rigueur anyone based in the U.S. to get a license before exporting or transferring data that is used to create “intrusion software,” or network surveillance systems, outside of North America.
The Wassenaar Arrangement (WA) would be similar to the International Traffic in Arms Regulations (ITAR), which the U.S. government used to control the export of weapons and materials used in weapons. Up until 1997, strong cryptography was also categorized as arms, and verboten from export.
Surveillance Software Weapons
In 2014, EU introduced its own set of measures to regulate surveillance software and technology. It is much ahead of the U.S. in this nascent area. This came not long after human rights group demanded that governments should start taking proliferation of surveillance software seriously. Some of these softwares often lead to “ further human rights violations including invasions of privacy, arbitrary arrest and detention, torture and other cruel, inhuman or degrading treatment or punishment, the silencing of free expression, preventing political participation, and crushing offline and online dissent,” according to Humans Rights Watch.
For sure, that is the positive side of the Wassenaar Arrangement. It aims to corroborate that exploits and computer vulnerabilities, which can often be used to keep an eye on political renegades, won’t be handed over to tyrant administrations.
Albeit, the Wassenaar Arrangement has its own predicaments. Especially those that could disrupt the security industry, en masse. According to a paper written by security researchers Sergey Bratus, D J Capelis, Anna Shubina and Michael Locasto way back in October 2014, the definitions of intrusion software in the Wassenaar Arrangement are rambling, relating generally to rudimentary monads of security research.
It should be noted that there is a slight contrast between the renditions of the Arrangement that the security researchers wrote about before and the most recent one. The Wassenaar Arrangement issues control on software that is for the creation, functioning or distribution of, or communication with intrusion software, or the base of such software.This approach is apparently more perilous, according to the paper by the security researchers. Generally, the tools used to form, produce, automate and install important computer products such as antivirus, remote management software, OS are cleared up in the language utilized as a part of the Wassenaar Arrangement. That being so, this could have a domino effect on the software reliability and security, as well as the research of anti-surveillance measures, discovery of existing vulnerabilities and on fixing vulnerable systems.
A security researcher from Errata Security, Rob Graham, expressed his concern in a tweet writing that if it became a law in the U.S., then it would be unlawful for him to export his code. He has produced several distinguished softwares, such as Black ICE, a firewall item that is used to guard PC networks from cyber-attack. Black ICE could easily fall under the regulated classification of the Wassennar Arrangement, since it is an altered part of the Windows OS.
American citizens can comment until July 20 to raise any concerns that have regarding the arrangement.
