U.S. likely to scale back planned limits on intrusion-software exports

The U.S. Department of Commerce said on Wednesday it will revise regulations intended to restrict the export of software that can be used to break into computers and smart phones.

An initial draft of the regulations, published in May, attracted hundreds of comments, many of them complaints that the rules were so broad as to bar the easy sale of standard tools used to test electronic security.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1776754,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"security,","session":"B"}']

“All of those comments will be carefully reviewed and distilled, and the authorities will determine how the regulations should be changed,” a spokesman for the Commerce Department said in an interview. “A second iteration of this regulation will be promulgated, and you can infer from that that the first one will be withdrawn.”

The spokesman, who declined to give his name, said the process will take months.

The step had been expected after the avalanche of objections from major technology companies as well as security specialists. Even some activists who applauded the idea of cracking down on the sale of tools to despotic regimes that spy on dissidents said the draft had been clumsy.

Some version of regulation is called for under the latest iteration of the Wassenaar agreement among 41 countries, which limits the movement of “dual-use” technologies sought for both peaceful and military purposes. The U.S. plan had gone further than other countries, for example, in taking aim at tools for finding software flaws.

“We’re very encouraged,” said Joseph Lorenzo Hall, chief technologist at the nonprofit Center for Democracy & Technology. He said he expected the next set of rules to be more narrowly tailored and added that the trade group would keep pushing to deregulate cryptography software and protect security research.