Export Control Reform Teleconference June 17 – Intrusion and Surveillance Items Proposed Rule (Cyber Rule) for Implementation of the Wassenaar Arrangement 2013 Plenary Agreements
In a special ECR teleconference on June 17 at 2:30 p.m. Eastern Time, BIS officials will respond to written questions and will address some possible misconceptions regarding the proposed rule to revise the Export Administration Regulations to implement the Wassenaar Arrangement 2013 Plenary Agreements on intrusion and surveillance items (the Cyber Rule, 80 FR 28853 of May 20, 2015). If you have questions on the Commerce proposed rule, you may send them to
[email protected] and BIS staff will respond so as to assist you as you draft your comments on the proposed rule.
To hear the teleconference, please call 1-888-455-8218 and use passcode 6514196. If you are calling in from overseas the number is 1-212-547-0330.
You may view the Federal Register notice at:
The Bureau of Industry and Security proposed rule is available at:
Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items (proposed rule with request for comments)
The Bureau of Industry and Security (BIS) proposes to implement the agreements by the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013 with regard to systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software; software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor. BIS proposes a license requirement for the export, reexport, or transfer (in-country) of these cybersecurity items to all destinations, except Canada. Although these cybersecurity capabilities were not previously designated for export control, many of these items have been controlled for their “information security” functionality, including encryption and cryptanalysis. This rule thus continues applicable Encryption Items (EI) registration and review requirements, while setting forth proposed license review policies and special submission requirements to address the new cybersecurity controls, including submission of a letter of explanation with regard to the technical capabilities of the cybersecurity items. BIS also proposes to add the definition of “intrusion software” to the definition section of the EAR pursuant to the WA 2013 agreements. The comments are due Monday, July 20, 2015.