Special Feature
Part of a ZDNet Special Feature: IT Security in the Snowden Era

Governments planning to control security tech exports

An international arms control regime is planning to create export controls for some software security tools on the grounds that they might be used for nefarious purposes.

An international arms control regime is planning to classify software and hardware products for hacking and network surveillance and intelligence as "dual use" products which "...may be detrimental to international and regional security and stability." The process will likely lead to export controls on such products.

The Wassenaar Arrangement is an organization consisting of 41 states, mostly developed, western states, which was created in 1996 "...in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilising accumulations." The organization includes the US, almost all European states, Argentina, Australia, Turkey and others.

The most recent public statements by the Wassenaar Arrangement include this statement:

In 2013, new export controls were agreed in a number of areas including surveillance and law enforcement/intelligence gathering tools and Internet Protocol (IP) network surveillance systems or equipment, which, under certain conditions, may be detrimental to international and regional security and stability.

A Financial Times article on the announcement [subscription required] says that diplomats are working out the details this week in Vienna. It also says that the UK government is leading the effort and that, if the agreement proceeds, it "...will almost certainly be followed quickly by an EU-wide clampdown on sensitive cyber technologies, said people familiar with the talks.."

The 41 countries of the Wassenaar Arrangement


The effort is a throwback to the US government's attempts in the 1990s to control the use of encryption and, specifically, the criminal investigation of PGP author Phillip Zimmerman. Convinced of the futility of it, the government dropped that approach before too long.