[liberationtech] Export Control of Intrusion Software

Richard Brooks rrb at acm.org
Fri Dec 13 06:36:55 PST 2013 

Some clarifications on the Wassenaar update:

http://www.lexology.com/library/detail.aspx?g=f642284a-03b0-4767-9c93-30a3407041cc

It seems that it is meant to be narrowly aimed at
snooping tools, and not at counter snooping tools.

On 12/10/2013 03:50 AM, Fabio Pietrosanti (naif) wrote:
> This email to note that the Wassenaar Agreement has been updated to
> include "Intrusion Software" in the export controlled goods.
> 
> See page 209:
> http://www.wassenaar.org/controllists/2013/WA-LIST%20%2813%29%201/WA-LIST%20%2813%29%201.pdf
> 
> "Intrusion software"
> "Software" specially designed or modified to avoid detection by
> 'monitoring tools', or to defeat 'protective countermeasures', of a
> computer or network- capable device, and performing any of the following:
> a. The extraction of data or information, from a computer or network-
> capable device, or the modification of system or user data; or
> b. The modification of the standard execution path of a program or
> process in order to allow the ex ecution of externally provided
> instructions.
> 
> Notes
> 1. "Intrusion software" does not include any of the following:
>  a. Hypervisors, debuggers or Software Reverse Engineering (SRE) tools;
>  b. Digital Rights Management (DRM) "software"; or
>  c. "Software" designed to be installedby manufacturers, administrators
> or users, for the purposes of asset tracking or recovery.
> 
> 2. Network-capable devices include mobile devices and smart meters.
> 
> Technical Notes
> 
> 1. 'Monitoring tools': "software" or hardware devices, that monitor
> system behaviours or processes running on a device. This includes
> antivirus (AV) products, end point security products, Personal Security
> Products (PSP), Intrusion Detection Systems (IDS), Intrusion Prevention
> Systems (IPS) or firewalls.
> 2. 'Protective countermeasures': techniques designed to ensure the safe
> execution of code, such as Data Execution Prevention (DEP), Address
> Space Layout Randomisation (ASLR) or sandboxing
> 
> -- 
> Fabio Pietrosanti (naif)
> HERMES - Center for Transparency and Digital Human Rights
> http://logioshermes.org - http://globaleaks.org - http://tor2web.org
> 
> 
>

More information about the liberationtech mailing list