From: Joshua Cooper Ramo <

From: Joshua Cooper Ramo < To: Vincenzo Iozzo Subject: Re: "report" on the EU event Date: Fri, 02 Oct 2015 17:25:56 +0000 >, "Jeffrey E." <[email protected]> Thanks for the update. Sounds like a very promising outcome. Excellent contribution to public policy! On Fri, Oct 2, 2015, 10:58 AM Vincenzo Iozzo < > wrote: Jeffrey&Joshua, since both of you helped reviewing the doc I figured I'd share the results and also thank both of you again. First the things that might be interesting for you in the medium term: I) The EU is committed to introduce liabilities for software vendors. They are yet trying to figure out how to do it but I do think it will eventually go through in 3-5 years from now, especially as the IoT stuff becomes bigger. If that works out it will be a pretty good opportunity to make money in security 2) The EU wants to add to the list of export controlled items stuff like 3d printing, bio engineering and some of the drones stuff. This will have a number of interesting consequences for various startups (assuming it does happen) 3) Not security related but I had breakfast with a UK delegation to the EU, they were in Brussels to discuss the single digital market stuff. Apparently it's quite "scary" in the sense that multiple countries are actually trying to push to curb services like Netflix to prevail over the local competitors. What's going to happen in the end is unclear but if that does go through american consumer startups will have some troubles Now the bragging part: I) We finally got Privacy International and a couple of other human rights organizations to admit they were wrong about exploits. Which is awesome because I was tired of people labeling anybody associated with offensive security as a "merchant of death". Also on twitter: https://twitter.com/richietynan/status/649510644891435008 2) The EU Commission seems to be ready to leave exploits out of the export control stuff, not a done deal but that would be awesome 3) The MEP that is sort of driving this essentially incorporated almost all our proposals in her submission to the Commission. 4) They will try to help to get us in touch with the people at the national level who can get Wassenaar changed. We are talking with the State Department and the DHS as well, so hopefully by 2016 we'll have a revised version of WA without the horrible wording on exploits Overall I think we had an half-victory which is a lot more than what I would have expected! Assuming all of this goes as planned it will be quite good for the industry because people will be able to do research which implies that companies will still have to invest heavily in security. Thanks again :) V EFTA00844545