view counter

Cyber exports controlCold War to cyber war, here’s how weapon exports are controlled

By Bruce Baer Arnold

Published 18 December 2013

It was reported last week that the U.K. government is pushing for new restrictions on software — in particular, on tools that would prevent surveillance by the state. This was the focus of negotiations to incorporate cyber security technologies into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Wassenaar was born of the Cold War in 1996. The idea was to inhibit the Soviets (and Chinese) by preventing the export of military equipment and the technology that could be used to make, maintain or defeat that equipment. The push to include cybersecurity in Wassenaar negotiations is unlikely to be effective but will reassure nervous politicians and officials.

The Financial Times last week reported the U.K. government is pushing for new restrictions on software — in particular, on tools that would prevent surveillance by the state.

This was the focus of negotiations to incorporate cyber security technologies into the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies.

We can regard those negotiations as an effort to deal with intractable problems in a complex world. Or we could see them as the digital equivalent of King Canute: entertaining, self-involved and rather silly.

Wasse-what?
Wassenaar was born of the Cold War in 1996. The idea was to inhibit the Soviets (and Chinese) by preventing the export of military equipment and the technology that could be used to make, maintain or defeat that equipment.

As the Cold War faded the focus moved to restrictions on exports to countries such as Iraq and Iran. It also reflected anxieties about terrorists gaining access to new ways of killing people.

Wassenaar takes its name after one of the ritzier suburbs of The Hague, the place VIPs visit year after year for important international negotiations (it’s much easier to trade in upmarket restaurants that are out of sight of what happens when a drone hits a car, your government engages in chemical warfare or children play hopscotch in a minefield).

The Arrangement involves forty-one of the world’s leading powers, all of which (including those proudly emphasizing their neutrality) gain substantial revenue through the sale of military materiel.

What does it do?
It is concerned with restrictions on proliferation of technology that is used in warfare. Its origins are traceable to the first years of last century, where major powers faced a few problems.

They wanted to make money by selling cannons, torpedoes and other high technology but had moments of squeamishness about that equipment getting into the wrong hands.

The same countries emphasizing nonproliferation were often arming people on the sly (think former U.S. Marine Corps Lieutenant Colonel Oliver North’s sale of arms to Iran in the mid-1980s), and because much technology can be used for both good and evil.

The software that drives a high precision lathe might be used to make surgical instruments — or something deadly. Conversely, supercomputers useful for developing bombs might have also peaceful functions.

A decade ago the United States recognized that in the “age of cyberwarfare” — or a threatened “cybergeddon” in which powerstations would melt down, ATMs and phones would die and sewers would overflow — software might be just as important as bravery and bits of metal.

In particular, it sought to restrict the export of “strong crypto,” software tools that would enable states, businesses and individuals to impede surveillance by law enforcement and national security agencies.

U.S. cyberactivists responded by displaying particular algorithms on T-shirts. Others noted that it was easier to stop the export of a factory than the know-how embodied in five CDs.

What does this mean for us, then?
The push to include cybersecurity in Wassenaar negotiations is unlikely to be effective but will reassure nervous politicians and officials.

It will be accepted by much industry, such as the banks, and connectivity providers such as phone companies and Internet service providers who are already cooperating with governments and will continue, because they’re legally bound to do so.

What does the push mean for most of us? If you are a terrorist it probably doesn’t mean much, given indications that security services are flooded with information and typically rely on old-fashioned (read: effective) mechanisms — the mole, the anonymous tip-off — rather than decrypting email in a language few spooks understand.

If you’re a human rights advocate you will continue to alert people to tools (such as The Onion Router) in an effort to foil the secret police in Syria, China, Indonesia or Saudi Arabia.

If you are the leader of an emerging economy you’ll hope that a friendly nation hasn’t bugged your cabinet room, or assume that it has, or cut a special deal — you give me the illicit code, I give you a trade concession.

There are no easy answers in a wicked world.

Bruce Baer Arnold is Assistant Professor, School of Law at University of Canberra.This story is published courtesy of The Conversation(under Creative Commons-Attribution/No derivatives).

view counter
view counter