Ladies and Gentlemen, esteemed Members of the European Parliament and of the European Commission. It is an honor for me to be here and have the opportunity to speak before you on this very important topic. For the past 10 years I have worked in the Information Security industry as a Security Researcher and what follows in this talk derives from my experience in the field. It is not customary for me to do scripted talks, but I believe the argument is of high enough importance to deserve a written exposition - you will forgive me for reading my notes. I would like to begin my short briefing with a few premises on the topic of intrusion software and its regulation. I will then put forward a number of suggestions that my colleagues Thomas Dullien, Georg Wicherski, Stefano Zanero and myself have developed in the past few months. As most of you here, I strongly believe that software, as most things in science and technology, can be employed for ill-intentioned purposes and I strongly believe that the EU and the Rest of the World should regulate improper use of code especially in relation to human-rights violations. On the other hand, I am part of the school of thought that believes that code is speech and that speech should be free. Most, if not all, intrusion software is code and hence I posit that it largely should be free. Therefore I argue that the debate over software regulation is not particularly dissimilar from the debate on regulation of hate speech and as such it poses numerous important challenges. I would also like to add, for the record, that export controls have proven to be highly ineffective and counter-productive for cryptographic software in the past and that Wassenaar itself has never been used to mitigate human-rights concerns before. Nonetheless I acknowledge that the EU has decided to use these instruments to regulate intrusion software and I was glad to read that in the motion presented by Miss Schaake to the European Parliamen