{"id":16085,"date":"2015-07-21T10:14:13","date_gmt":"2015-07-21T10:14:13","guid":{"rendered":"http:\/\/www.businesscloudnews.com\/?p=230811"},"modified":"2015-07-21T10:14:13","modified_gmt":"2015-07-21T10:14:13","slug":"google-says-trade-agreement-amendment-hinders-security-vulnerability-research","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/google-says-trade-agreement-amendment-hinders-security-vulnerability-research\/","title":{"rendered":"Google says trade agreement amendment hinders security vulnerability research"},"content":{"rendered":"<div id=\"attachment_230821\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"http:\/\/www.businesscloudnews.com\/files\/2015\/07\/Digital-Security1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-230821\" src=\"http:\/\/www.businesscloudnews.com\/files\/2015\/07\/Digital-Security1-300x200.jpg\" alt=\"Google says the US DoC amendments would massively hinder its own security research\" width=\"300\" height=\"200\" \/><\/a><\/p>\n<p class=\"wp-caption-text\">Google says the US DoC amendments would massively hinder its own security research<\/p>\n<\/div>\n<p>Google hit out at the US Department of Commerce and the Bureau of Industry and Security this week over proposed amendments to trade legislation related to the Wassenaar Arrangement, a multilateral export control agreement, arguing they will negatively impact cybersecurity vulnerability research.<\/p>\n<p>The Wassenaar Arrangement is a voluntary multi-national agreement between 41 countries and intended to control the export of some \u201cdual use\u201d technologies \u2013 which includes security technologies \u2013 and its power depends on each country passing its own legislation to align its trade laws with the agreement. The US is among the agreement\u2019s members.<\/p>\n<p>As of 2013 software specifically designed or modified to avoid being found by monitoring tools has been included on that list of technologies. And, a <a href=\"https:\/\/www.federalregister.gov\/articles\/2015\/05\/20\/2015-11642\/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items#h-18\">recent proposal<\/a> put forward by the US DoC and BIS to align national legislation with the agreement suggests adding \u201csystems, equipment, components and software specially designed for the generation, operation or delivery of, or communication with, intrusion software include network penetration testing products that use intrusion software to identify vulnerabilities of computers and network-capable devices\u201d to the list of potentially regulated technologies, as well as \u201ctechnology for the development of intrusion software includes proprietary research on the vulnerabilities and exploitation of computers and network-capable devices.\u201d<\/p>\n<p>Google said the US DoC amendments would effectively force it to issue thousands of export licenses just to be able to research and develop potential security vulnerabilities, as companies like Google depend on a massive global pool of talent (hackers) that experiment with or use many of the same technologies the US proposes to regulate.<\/p>\n<p>\u201cWe believe that these proposed rules, as currently written, would have a significant negative impact on the open security research community. They would also hamper our ability to defend ourselves, our users, and make the web safer. It would be a disastrous outcome if an export regulation intended to make people more secure resulted in billions of users across the globe becoming persistently less secure,\u201d explained Neil Martin, export compliance counsel, Google Legal and Tim Willis, hacker philanthropist, Chrome security team in a recent <a href=\"http:\/\/googlepublicpolicy.blogspot.co.uk\/\">blog post<\/a>.<\/p>\n<p>\u201cSince Google operates in many different countries, the controls could cover our communications about software vulnerabilities, including: emails, code review systems, bug tracking systems, instant messages &#8211; even some in-person conversations! BIS\u2019 own FAQ states that information about a vulnerability, including its causes, wouldn\u2019t be controlled, but we believe that it sometimes actually could be controlled information,\u201d the company said.<\/p>\n<p>Google also said the way the proposed amendment is worded is far too vague and proposed clarifying the DoC-proposed amendments as well as the\u00a0Wassenaar Arrangement itself.<\/p>\n<p>\u201cThe time and effort it takes to uncover bugs is significant, and the marketplace for these vulnerabilities is competitive. That\u2019s why we provide cash rewards for quality security research that identifies problems in our own products or proactive improvements to open-source products. We\u2019ve paid more than $4 million to researchers from all around the world.\u201d<\/p>\n<p>\u201cIf we have information about intrusion software, we should be able to share that with our engineers, no matter where they physically sit,\u201d it said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google hit out at the US Department of Commerce and the Bureau of Industry and Security this week over proposed amendments to trade legislation related to the Wassenaar Arrangement, a multilateral export control agreement, arguing they will negatively impact cybersecurity vulnerability research.<\/p>\n","protected":false},"author":105,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2184,344,1976,2175,3032,3033],"tags":[118],"class_list":["post-16085","post","type-post","status-publish","format-standard","hentry","category-americas","category-google","category-news-analysis","category-policy-and-regulation","category-us-bureau-of-industry-and-security","category-us-department-of-commerce","tag-security"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16085","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/105"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=16085"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16085\/revisions"}],"predecessor-version":[{"id":16086,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16085\/revisions\/16086"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=16085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=16085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=16085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}