July 20, 2015 | News, Press Releases

Comment on BIS Proposed Rule on Wassenaar Arrangement

Washington, D.C. – Today, the Internet Association called for revisions to proposed Bureau of Industry and Security (BIS) rules that would make it more difficult for Internet companies to improve network security. In public comments submitted to the BIS, the Internet Association explains that the proposed rules, while well intentioned, should be rewritten as narrowly as possible to avoid unintended consequences on global Internet security research.

“Internet companies work tirelessly to protect their networks and end user data from outside attacks,” said Michael Beckerman, President and CEO of the Internet Association. “To that end, it is important that legal frameworks promote legitimate security research. The proposed rules will have the opposite effect, making it more difficult, not less, to fortify networks and protect end user data,” Beckerman concluded.

The comments outline how Internet Association member companies conduct security research, and raise a number of concerns with the proposed rules, including:

  • There is no intra-company exemption built into the proposed rules. As a result, companies may run afoul of the rules simply by sharing software or tools that leverage exploits for testing and validation purposes within their own teams.
  • The proposed rules are broad, ambiguous, and open to interpretation. Rules should be written as narrowly as possible, with the goal of minimizing their adverse impact on legitimate security research and testing.
  • In areas where the proposed rules are clearer, they create a significant regulatory burden. Any organization that wants to develop tools that would be controlled under the proposed rules will need to implement new or updated export control processes, which will incur additional costs and increase time to market. In addition, the proposed rules create complex hurdles for individual researchers who might otherwise be able to make meaningful impact on overall security.

The comments also recommend steps to bring the proposed rules in line with the harm Internet companies believe they are meant to target, including:

  • Introduce an intra-company exception.
  • Focus on exfiltration and the use of cybersecurity items for unauthorized activities, not the items’ technical capabilities.
  • Maximize clarity around acceptable uses that do not require a license.


Statement On Continued NAFTA Negotiations

IA Director of Trade Policy Jordan Haas issued the following statement on news from USTR that negotiators are not close to a deal on NAFTA.

Statement On Net Neutrality Senate CRA Passage

Washington, DC — Internet Association President and CEO Michael Beckerman issued the following statement on the passage of the CRA to restore net neutrality rules for consumers: “The internet industry commends the Senate for its work to reinstate net neutrality rules through the CRA and urges the House of Representatives to work to protect people’s Read more »

Statement On President Trump’s Executive Order To Enhance The Effectiveness Of Agency Chief Information Officers

Washington, DC – Internet Association Director of Cloud Policy Brian Larkin released the following statement on President Trump’s Executive Order to Enhance the Effectiveness of Agency Chief Information Officers: “The internet industry applauds President Trump for issuing the Executive Order to Enhance the Effectiveness of Agency Chief Information, which addresses challenges that have long stymied Read more »

Latest News

IA Director of Trade Policy Jordan Haas issued the following statement on news from USTR that negotiators are not close to a deal on NAFTA.

Read more news »

Stay Updated

Send me IA updates
I'm a member of the press