BIS-2015-0011-0001 (Wassenaar) is a terrible idea. The only effect this legislation will have on cyber security is to harm legitimate researchers, and thereby make illegal activities even easier for cyber criminals.
First off, what problem is Wassenaar trying to address? Computer security has been a growing problem for the past decade, and it seems its importance has been growing at an exponential rate. There are reports in the media every week of large scale intrusions on companies and government organizations. Presumably the goal of Wassenaar is to attempt to stop or at least slow down these sorts of cyber attacks. However, it is not clear at all how Wassenaar will accomplish this. Will Wassenaar affect nation-state actors who are responsible for many of the breaches in the media? Clearly not; rogue nation-states are not going to be punished under our laws. In that case, this must help to prosecute criminals who use computers to attack corporations or people. However, what they are doing is obviously alrea