Schumer Urges Commerce To Modify Wassenaar Security Software Implementation Rules

rules proposed by Commerce’s Bureau of Industry and Security have come under fire from a range of U.S. cybersecurity stakeholders for being overly broad and potentially punishing legitimate security research (see 1507240054). “The goals of the proposal are laudable, and I share them: the proposal is intended to limit access to powerful surveillance tools by oppressive foreign regimes and agents,” Schumer said Wednesday in a letter to Commerce. “Unfortunately, I believe the proposal as drafted is vague and overbroad, and may inhibit the development of important cyber protection tools, as well as limiting the ability of US companies to protect their own networks.” House Homeland Security Committee Chairman Michael McCaul, R-Texas; Rep. Jim Langevin, D-R.I.; Rep. Ted Lieu, D-Calif.; and Rep. David Schweikert, R-Ariz., have also jointly voiced their concerns about the Wassenaar implementation proposal. Deputy Secretary of Commerce Bruce Andrews said during a podcast interview with Steptoe & Johnson cybersecurity lawyer Stewart Baker that there’s likely to be “a very strong effort to be responsive to those comments and to try to figure out what is the next iteration of this” along with another comment period. USTelecom President Walter McCormick said in a statement that he shares Schumer’s concerns about Commerce’s Wassenaar implementation proposal, “which could significantly hamper cybersecurity and information sharing between industry and government.” The proposed rules, “while well-intentioned, are too broad and would limit the telecommunication industry’s ability to protect its networks against intrusions by hackers, cyber-criminals, terrorists, and nation-states,” McCormick said.