WASHINGTON – On Monday, the Information Technology Industry Council (ITI), the global voice of the tech sector, submitted a letter to the U.S. Department of Commerce’s Bureau of Industry and Security regarding its proposal to implement stricter export controls on certain “cybersecurity” products, namely those interacting with “intrusion software,” identified in 2013 by the Wassenaar Arrangement. In the letter, ITI emphasizes its support for the human rights objectives of the Wassenaar Arrangement, while indicating its significant concerns regarding the commercial and security implications of the rule.
In the letter, ITI President and CEO Dean Garfield says, “The Obama Administration has consistently recognized the critical importance of cross-border data flows and real-time information sharing in combatting security threats to the global ICT environment.” Garfield then adds, “We are concerned that the proposed rule could undermine this key Administration principle and severely complicate the ability of companies in all sectors to protect and enhance their security.”
In particular, Garfield notes that the breadth of the draft measure could require companies to apply for and obtain thousands of export licenses to cover the vast range of information-sharing and other security-related activities that they undertake. Doing so could create prohibitive cost burdens and delays, for both companies and the U.S. government, in addressing genuine security risks.
At a global level, the broad scope of the proposed rule would be seen as the imposition of government restrictions on cross-border data flows, which could provide a precedent for other governments to expand their own limitations on the flow of information across borders, including on the basis of security. If this were allowed to occur, the economic and security interests of both U.S. companies, and the United States as a whole, would be put at risk.
ITI welcomes the opportunity to work closely with the U.S. government, as well as others in the technology community, to more appropriately address the technology and cybersecurity considerations at issue in the proposed rule.
# # #