Google has come out strongly against proposed new export control rules for exploits and software, arguing they could have a disastrous outcome and result in billions of users worldwide becoming less safe as security research is stymied.
In a blog entry co-authored by Google export compliance lawyer Neil Martin and Chrome security team member Tim Willis, the pair say the rules proposed by the US Department of Commerce as part of the Wassenaar Arrangement for weapons control are "dangerously broad and vague".
"The proposed rules are not feasible and would require Google to request thousands - maybe even tens of thousands - of export licenses," Willis and Martin wrote.
Security researchers need a standing exemption from licenses so they can report vulnerabilities, exploits and other controlled information to any vendor, they argued.
"You should never need a license when you report a bug to get it fixed," Willis and Martin said.
Google also criticised the proposed rules as complex and confusing, and said the US trade department's Bureau of Industry and Security should provide "a simple, visual flowchart for everyone to easily understand when they need a license" if the controls are to be implemented.
The rules have to be changed as soon as possible, Google said.
Google's call to modify the proposed infosec exploit controls comes after a group of security vendors banded together in The Coalition for Responsible Cybersecurity, which aims to stop the new regulations.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
