back to article Hackers fear arms control pact makes exporting flaws illegal

Export regulations that threaten to hinder vulnerability research and exploit development have put hackers on edge ahead of the annual Pwn2Own contest. Operators of the hack-fest have reportedly issued an email warning to researchers to obtain legal advice about how the Wassenaar Arrangement, a 42-nation effort aimed at " …

  1. Voland's right hand Silver badge

    Intention of the agreement

    If memory serves me right, the road to hell is paved by what...

    1. Destroy All Monsters Silver badge

      Re: Intention of the agreement

      Politicians' buttocks?

    2. Anonymous Coward
      Anonymous Coward

      Re: Intention of the agreement

      Great idea tech companies and governments. Let's lower payments for malicious software discovery and ban the discussion of such tech to drive the talented kids who generate the stuff onto the streets. Give them no option but to actually use the stuff for no good purpose to generate a living wage.

      Short sighted idiocy formulated by corporate accountants and marketing types who have no concept of IT or security beyond their X-Boxes.

  2. Anonymous Coward
    Anonymous Coward

    Might be worse

    Hackers might find that merely exporting their expertise is banned - they could find that skill in poking holes in systems is sufficient grounds for a withdrawn passport.

    Unlikely? In this borked world, these days, I'm not so sure.

    1. Nick Kew
      Black Helicopters

      Re: Might be worse

      I'm not so sure.

      I could tell you, but then I'd have to kill you.

      Folklore is full of dark stories of people who had to be killed because they knew too much, or were too good at something that couldn't be shared.

      1. phil dude
        Joke

        Re: Might be worse

        Surely not? There is this guy though, currently on a Russian tourist visa who writes about sharing...

        P.

        1. Destroy All Monsters Silver badge

          Re: Might be worse

          Hagbard Celine apparently was owed money for carding services and a suicide occurred.

          "The shit is out there"

  3. jake Silver badge

    I wore a T-shirt similar to this one on several trips (10? 12?) ...

    http://upload.wikimedia.org/wikipedia/commons/9/96/Munitions_T-shirt_%28front%29.jpg

    ... between the US and several other continents (and back) between late-1991 & mid-1993(ish). Not a single idiot in charge of so-called "security" even blinked.

    Security theater, when you examine it, is absolutely hilarious.

    1. Christoph

      Re: I wore a T-shirt similar to this one on several trips (10? 12?) ...

      It's hilarious until you're the victim getting the rubber glove or the several years in a US jail.

      1. Destroy All Monsters Silver badge

        Re: I wore a T-shirt similar to this one on several trips (10? 12?) ...

        "Justice" in the US is always hilarious.

        Best in the world right behind Russia. At least our slavic friends don't brag about it.

  4. Ole Juul

    Top pic

    That looks like the same hacker that was in the other story. Or is this his twin brother?

  5. Anonymous Coward
    Anonymous Coward

    Export licence

    I am not sure the Wassenar Agreement should be the one fingered here as it is pretty much down to national governments on how they regulate the export of dual use items. Like anyone else involved in defence or security, it is a VERY good idea to check what you are doing or taking with you does or does not require an export licence. With cyber defence being the new 'hot' thing, countries are tightening up on defence products relating to computer systems. Owning a browser or PC is not just for script kiddies, countries are doing it too and so hacking tools now have military/security applications and thus taking them with you to a convention may require a licence.

    Remember all those stories about hacking and security tools being exported to [choose your repressive Middle East state here] who then used them to repress 'rebellious' citizens? The government will want to keep this sort of thing under control so any software/hardware you take with you that can do that sort of thing will be of interest. What it in your head cannot be licensed, but telling people how you did it can be. Be glad you are not in the US, breaking their export controls can put you in jail longer than for being a convicted rapist/thief etc!

    1. Yet Another Anonymous coward Silver badge

      Re: Export licence

      But what if you are not "involved in defense" but merely report a vulnerability in some software.

      Do you know need to become Mr Snowden to report a security flaw?

      ps the spy software exported to middle eastern countries was detected by the government, IIRC the companies "advisor" on the deal was a former tory party leader.

      1. Anonymous Coward
        Anonymous Coward

        Re: Export licence

        "But what if you are not "involved in defense" but merely report a vulnerability in some software"

        This is the very issue surrounding 'dual-use'. You may not be involved in defence business at all, but customs can (and will) stop you if they think something is dual use and at risk of ending up somewhere it shouldn't. They wont arrest you as you are not breaking any laws, but you will lose time and money as a result. Bit of an issue if you are meant to be going to a convention on a specific date!

        The oil industry is one of several that finds itself with this problem because their gear can be dual-used to make fuels for missiles. Thus those companies put in for an export licence even though their equipment is only controlled under dual-use and supposedly going to a middle eastern oil field. Thus they try to get approval before sending the gear abroad, thus avoiding being stopped. They don't bother worrying about it if the gear is going to the US for example because dual-use is not just about the equipment, but also the end destination and that includes transit locations. (hint just because it is going to Dubai which has a huge port and not a lot else industry wise, does not mean that is the end destination!)

        The advisors of the convention are advising attendees to check whether they should do the same. Bit of an overkill really because Canada is not exactly a hotbed of illicit weapons or dual-use equipment transfers, but I guess if the customs people of some governments are being anal enough then it is a good idea to get the paperwork sorted before it becomes a problem. The licence is not likely to be refused, but you may be stopped for not having one.

    2. Destroy All Monsters Silver badge

      Re: Export licence

      Remember all those stories about hacking and security tools being exported to [choose your repressive Middle East state here] who then used them to repress 'rebellious' citizens? The government will want to keep this sort of thing under control...

      You are mistaken. These were security tools duly licensed and exported under full cognizance of said government, and fuck the people ending up in torture chambers. "Keep it under control" they would. To tax the sale.

  6. Mark 85 Silver badge

    Impractical law

    It's basically unenforceable. The presumes that unless you tell the security/customs people what's on your laptop, they won't know as none of them have the technical expertise to find it. On the other hand, you put the file in say Dropbox, grab your clean laptop and go. Download before the meeting and wipe after the meeting.

    I'm also curious is "exporting" could mean sending malware in a email, etc. from one country to another? Again, how would they enforce this?

    It's bafflegab meant to make someone (the sponsors of the legislation) feel important and that they are doing something.

    1. Yes Me Silver badge

      Re: Impractical law

      > how would they enforce this?

      Randomly and capriciously, when they decide to go after someone who has pissed them off. But otoh, Wassenaar is very old news, so making a big deal of it now for this particular event is a political choice. (Just as Citizen Four made a political choice, one I admire, and like the PGP T-shirt, which was intentionally provocative.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021