i2Coalition Work on Wassenaar Agreement Leads to Obama Proposal to Renegotiate
The i2Coalition has closely watched the impact of U.S. export control regimes for many years. The importance of these regimes’ decisions cannot be overstated as they affect a majority of the technology incorporated and deployed by i2Coalition member businesses and their products. These technologies are complex in nature. It is vital that we have a seat at the table and provides input, when the rules governing when, how and to whom, U.S. technology is exported are negotiated and designed.
The i2Coalition recently advocated on behalf of its members who make and use intrusion detection software. This software may be export restricted because of relatively recent changes in the Wassenaar Agreement. This Agreement involves close to 40 different countries and regulates the trade in goods that can be used for both military and civilian uses (“dual-use goods”). The critical nature of this issue was brought to the forefront of the i2Coalition’s attention by members who flagged these products as important to ensuring the security of their networks. The i2Coalition worked with the staffs of Representative Hurd and Ratcliffe to provide technical insight into the importance of this technology, and the difficulty our members would have if it was export restricted. Both Representative Hurd and Ratcliffe were critical of the fact that the input of technology companies was not fully considered during the negotiation of the revisions to the Wassenaar agreement by the Department of State, nor the design and implementation of subsequent rules by the Department of Commerce. The turning point in our efforts to draw attention to this issue came in mid-January.
In mid-January, the Subcommittee on Information Technology Oversight and Government Reform and House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies held a hearing on the implementation of the Wassenaar Arrangement 2013 Plenary Agreements. The agreement and the implementation dealt with certain export controls on cybersecurity software. The i2Coalition was particularly concerned about export restrictions on intrusion detection software. These restrictions have been nearly uniformly rejected by all players in the tech industry and were again at the hearing.
During the hearing, members were particularly concerned about industry input into the negotiations. Specifically of concern was whether input on technology issues, including intrusion detection, were included. Representatives of both the Department of State and Commerce Department acknowledged that they did not fully include industry in the negotiations and that for the best of all worlds, they would need to go back and try to find workable rules.
The information that the i2Coalition provided to members of the committee, and those members of Congress interested in this issue, was critical in establishing a deep technical understanding in how intrusion detection hardware and software functions. Our in depth briefings with these members prior to the hearing helped them make educated choices and understand the position of our members.
Representatives Hurd and Ratcliffe were two of the strongest advocates for a renegotiation, chairing a joint hearing on the topic and authoring a joint op-ed. Both members strongly advocated for the administration to return to the drawing board. i2Coalition worked directly with both members to facilitate this renegotiation. Importantly, our members in Texas who met with the staffs of both Representatives during our fall fly-in conveyed to them the importance of this issue to their businesses. It is this hands-on, business-focused input, that is key to effective advocacy.
On Monday, February 29th President Obama has called for removing certain cybersecurity provisions from the Wassenaar agreement, a huge victory for the Internet infrastructure industry.
We are proud to have played a role in convincing legislators to revisit provisions of this agreement, where the impact on our members and the security of the Internet as a whole may not have been previously taken into full consideration.