The House on Tuesday will discuss concerns over a set of proposed Obama administration regulations designed to keep hacking tools out of the hands of repressive regimes.
Lawmakers will try to break the stalemate on how the administration will rewrite the regulations, which have been bashed by the cybersecurity industry, researchers and a large bipartisan coalition of lawmakers.
“It’s an important issue,” said Rep. Will Hurd (R-Texas), who chairs the House Oversight subcommittee on Information Technology, one of two subpanels holding Tuesday’s hearing. “We just want to make sure we get this right.”
Lawmakers will hear testimony from the federal agencies currently locked in discussions over the regulations, as well as a number of industry representatives.
The rules are part of the effort to implement the Wassenaar Agreement, a little-known pact with 40 other nations that governs the export of weapons and so-called “dual-use” technologies that have both civilian and military uses.
Over the summer, the Commerce Department moved to add restrictions to the export of intrusion software and surveillance tools that the government feared could be used by oppressive regimes or criminals to crack down on journalists and dissidents.
But a swift backlash from the security industry and eventually from Capitol Hill caused Commerce to reconsider its proposal.
These opponents said many of the definitions were broad or vague, and could potentially ban the legitimate sharing of security vulnerabilities or the tools that companies use to test and fortify their own defenses.
“We don’t want to see, obviously, dual-use technologies get into the wrong hands,” Rep. Jim Langevin (D-R.I.), who has led the Capitol Hill push to get the rules rewritten, told The Hill. “But we also don’t want to be overly restrictive in the language that prevents actual information sharing.”
Hearing the concerns, Commerce decided to go back to the drawing board. Some also say the State Department should renegotiate the original Wassenaar pact, given similar concerns about the agreement's definition of technical terms such as “intrusion software.”
Hurd and Langevin said the administration is at somewhat of an impasse.
“This is really kind of almost an internal debate right now that needs to be resolved in the administration,” Langevin said.
Hurd said he wants to hear from the administration: “What is their framework for how they think they’re going to review the rules?”