Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Proposed Export Controls Will Hamper Security Research, Google Argues

    By
    Jaikumar Vijayan
    -
    July 21, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Google security

      New export controls being considered by the U.S. government as part of a broader effort to prevent sophisticated surveillance software from being sold to rogue foreign governments could end up hurting legitimate vulnerability research efforts, Google warned Monday.

      In comments filed with the U.S. Department of Commerce, Google expressed concern over U.S. participation in a multilateral export control agreement called the Wassenaar Arrangement.

      “We believe that these proposed rules, as currently written, would have a significant negative impact on the open security research community,” Google’s Export Compliance Counsel Neil Martin and Tim Willis, a member of the company’s Chrome security team, wrote in a blog.

      The controls would hamper Google’s ability to defend itself against malicious attacks and also undermine Web security overall, the two wrote. “It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure,” they continued.

      The Wassenaar pact was originally designed to give Western nations a tool for exerting greater control over the sale and export of a wide range of dual technologies and arms. It was modified in 2013 to include controls for the export of “intrusion” software that can be used to spy on Internet users.

      The Wassenaar update was prompted by concerns over the sale of sophisticated spying software by several companies in Western countries to regimes with dubious human rights records. Many fear that intelligence agencies and law enforcement authorities in repressive governments are using such products to spy on their own people and to monitor the activities of journalists, dissidents and rights activists. The European Union has already moved to implement the Wassenaar Arrangement updates.

      But in the United States, there are growing concerns over the Commerce Department’s proposals for implementing the export controls. Much of the concerns have to do with the overly broad manner in which the department has chosen to define the software that will be subject to new restrictions.

      In the EU, intrusion software that is available in the public domain is not subject to any licensing requirements or control. But in the U.S., that exemption is not available. As a result, software used for legitimate security research purposes, such as penetration testing software, could end up becoming subject to new restrictions and licensing requirements.

      If the rules are passed as written, companies that conduct security research and the businesses that benefit from such research would face a completely unreasonable set of requirements, the Google executives wrote.

      Last year alone, for instance, Google paid more than $4 million to researchers from around the world who found security problems in its products using a wide range of penetration testing and hacking tools. If the new export controls go into effect, Google would be required to request potentially tens of thousands of export licenses for such research, Martin and Willis said.

      “Since Google operates in many different countries, the controls could cover our communications about software vulnerabilities, including: emails, code review systems, bug tracking systems, instant messages—even some in-person conversations,” the company said.

      If the proposed updates are implemented unchanged, they would also seriously impact the ability of global companies to share vital security information with staff situated in other countries, Google said.

      Organizations should never require a license to be able to report a bug that needs to get fixed. Instead, the Commerce Department should have a standing license exemption for anyone who wants to report security problems back to a vendor in order to get the problem fixed, Martin and Willis wrote.

      “This would provide protection for security researchers that report vulnerabilities, exploits, or other controlled information to any manufacturer or their agent,” they said.

      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×