McCaul and Langevin Urge Administration to Weigh in on Wassenaar

Washington, D.C. – Congressional Cybersecurity Caucus Co-chairs Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX) today sent a letter to National Security Advisor Susan Rice urging the Administration's involvement in revising the U.S. implementation of export controls on cybersecurity software. The letter, which is signed by 125 bipartisan Members of Congress, expresses concerns that, without careful tailoring, export controls could have both a chilling effect on research and a negative impact on the nation's overall cybersecurity posture.

The underlying goal of the export controls, which were agreed to by the 41 member states of the Wassenaar Arrangement, is to restrict the export of hacking tools, or "intrusion software," that could be used for cybercrime and illegal surveillance. Although well intended, the legislators argue such terminology is very broadly defined in the original language of the Arrangement and that the Bureau of Industry and Security (BIS) did not sufficiently tailor the definition when issuing its draft regulations. As a result, the original rule could have included a number of cybersecurity research products and defensive tools, thereby potentially hindering the ability of network operators to defend against cyber-attack. Langevin and McCaul, along with Congressmen Ted Lieu (D-CA) and David Schweikert (R-AZ), submitted public comments in July outlining flaws in the original draft.

"BIS has conducted an unprecedented degree of outreach on this issue, and I greatly appreciate their flexibility and transparency," said Langevin, a senior member of the House Committee on Homeland Security and its Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies. "However, I think it is incumbent upon the White House to weigh in and help deconflict the guidance BIS has been receiving from the various agencies, particularly the State Department."

"This proposed rule – and perhaps the underlying agreement itself – would have significant unintended consequences for security researchers, cybersecurity providers, and our overall cyber posture. As reports emerge that the Departments of Homeland Security and Commerce share our concerns, I hope that this bipartisan message from the House of Representatives will spur the rest of the Administration to right the ship. We cannot let the good intentions of these export controls trump the fact that in their current form they would depreciate cyber security at home and for billions around the world," said McCaul, chairman of the House Committee on Homeland Security.

The letter calls for the revised rule to "greatly narrow the range of affected technologies" so that the regulations "conform to the United States' broader cybersecurity strategy." In addition to sending the letter to Ambassador Rice, Langevin and McCaul today called for oversight hearings on the implementation of cybersecurity export controls and their potential implications on national security.