Wassenaar: Cybersecurity and Export Control

Chairman Will Hurd (R-TX) – Oversight Subcommittee on Information Technology
Chairman John Ratcliffe (R-TX) – Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies

PURPOSE:

• To review the interagency export control policy and process implementing the 2013 Wassenaar Arrangement cybersecurity technologies additions.
• To review the Department of Commerce’s (Commerce) rule-making process for implementing the Wassenaar export controls.
• To highlight the impact on American businesses and the cybersecurity industry.
• To discuss how the Department of State (State) and their interagency partners should proceed on cybersecurity matters at Wassenaar moving forward.

BACKGROUND:

• In 2013, State agreed to a proposal to make intrusion and surveillance technologies subject to multilateral export controls under the Wassenaar Arrangement.
• The Wassenaar Arrangement is a multilateral export control forum for dual use goods and technology where 41 countries must come to a consensus on proposed export controls. Then, each country implements these controls under their national rules with a significant level of discretion.
• On May 20, 2015, Commerce’s Bureau of Industry and Security (BIS) published a proposed rule to implement the 2013 Wassenaar Arrangement control on intrusion and surveillance technologies. In response, BIS received 264 public comments that overwhelmingly opposed the proposed rule. BIS retracted the proposed rule and is reengaging with its interagency partners.