July 20, 2015 | News, Press Releases

Comment on BIS Proposed Rule on Wassenaar Arrangement

Washington, D.C. – Today, the Internet Association called for revisions to proposed Bureau of Industry and Security (BIS) rules that would make it more difficult for Internet companies to improve network security. In public comments submitted to the BIS, the Internet Association explains that the proposed rules, while well intentioned, should be rewritten as narrowly as possible to avoid unintended consequences on global Internet security research.

“Internet companies work tirelessly to protect their networks and end user data from outside attacks,” said Michael Beckerman, President and CEO of the Internet Association. “To that end, it is important that legal frameworks promote legitimate security research. The proposed rules will have the opposite effect, making it more difficult, not less, to fortify networks and protect end user data,” Beckerman concluded.

The comments outline how Internet Association member companies conduct security research, and raise a number of concerns with the proposed rules, including:

  • There is no intra-company exemption built into the proposed rules. As a result, companies may run afoul of the rules simply by sharing software or tools that leverage exploits for testing and validation purposes within their own teams.
  • The proposed rules are broad, ambiguous, and open to interpretation. Rules should be written as narrowly as possible, with the goal of minimizing their adverse impact on legitimate security research and testing.
  • In areas where the proposed rules are clearer, they create a significant regulatory burden. Any organization that wants to develop tools that would be controlled under the proposed rules will need to implement new or updated export control processes, which will incur additional costs and increase time to market. In addition, the proposed rules create complex hurdles for individual researchers who might otherwise be able to make meaningful impact on overall security.

The comments also recommend steps to bring the proposed rules in line with the harm Internet companies believe they are meant to target, including:

  • Introduce an intra-company exception.
  • Focus on exfiltration and the use of cybersecurity items for unauthorized activities, not the items’ technical capabilities.
  • Maximize clarity around acceptable uses that do not require a license.

###

Statement On The Children And Media Research Advancement Act

Washington, DC – Internet Association Senior Vice President of Global Government Affairs Melika Carroll issued the the following statement in support of the Children and Media Research Advancement (CAMRA) Act: “Internet companies care deeply about the safety and well-being of their users and welcome scientific research on this important issue funded through the CAMRA Act. Read more »

Statement Supporting The Bipartisan CyberTipline Modernization Act

IA Senior Vice President, Global Government Affairs Melika Carroll released the following statement in support of the CyberTipline Modernization Act.

Internet Association Signs Pledge To America’s Workers

Washington, DC – Internet Association today will sign the Pledge to America’s Workers at a White House event, and commit to providing over 100,000 opportunities for on-the-job training, continuing education, and work-based learning programs over a 5-year period. This is part of a continued industry-wide effort to develop an American workforce that is prepared for Read more »

Latest News

Washington, DC – Internet Association Senior Vice President of Global Government Affairs Melika Carroll issued the the following statement in support of the Children and Media Research Advancement (CAMRA) Act: “Internet companies care deeply about the safety and well-being of their users and welcome scientific research on this important issue funded through the CAMRA Act. Read more »

Read more news »

Stay Updated

Send me IA updates
I'm a member of the press