Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by surprise with its proposed rule; we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial cybersecurity, human rights, and national security. While the outcome of this round of regulatory intervention is still uncertain, the fact that there will be more is not. This panel of experts will discuss the context, history, and general process of regulation, as well the related question of “weaponized” research in regulatory discourse. There is significant daylight between the relatively lax text of the Wassenaar Arrangement itself and the extraordinarily broad implementation proposed in the U.S. What will the practical effects of those differences be, and why did the U.S. diverge from the Wassenaar text? Regulators are, even now, still struggling to comprehend what the consequences of this new “cyber rule” might be. So, how are we to understand this regulatory process? What are its objectives? Its impacts? Its limits? How can we influence its outcomes? Eleventh-hour interventions are quickly becoming a hallmark of regulatory activities with implications for the wider world of information security; the fight here is almost exclusively a rearguard action. Without resorting to the usual polemics, what failures of analysis and advice are contributing to these missteps – on both sides? What interests might encourage them? How are security researchers being caught so off-balance? Come victory or despair in the present case, this panel aims to answer the question of whether there is a solution that prevents technology transfer to hostile nations while still enabling free markets, freedom of expression, and freedom of research. Speaker Bios: Dave Aitel (@daveaitel) is an offensive security expert whose company, Immunity, Inc., consults for major financial institutions, Fortune/Global 500s, etc. Matt Blaze (@mattblaze) is a professor in the computer science department at the University of Pennsylvania. Twitter: @mattblaze Nate Cardozo (@ncardozo) is a Staff Attorney with the Electronic Frontier Foundation. He focuses on the intersection of technology, privacy, and free expression. Jim Denaro (@CipherLaw; moderator) is the founder of CipherLaw, a Washington, D.C.-based intellectual property law firm and focuses his practice on legal and technical issues faced by innovators in information security. Mara Tam (@marasawr) is a semi-feral researcher and historian of policy, justice, culture, and security. Catherine “Randy” Wheeler has served as the Director of the Information Technology Controls Division in the Bureau of Industry and Security’s (BIS) Office of National Security and Technology Transfer Controls since June 2006.