Sergey Nivens - Fotolia

European Parliament votes to restrict exports of surveillance equipment

European Parliament votes to tighten export controls to restrict supply of surveillance and encryption technology to states with poor human rights records amid fears British companies may not have to comply after Brexit

Members of the European Parliament have voted to curb the export of surveillance equipment to states with poor human rights records, following mounting evidence that equipment supplied by companies in Europe has been used by oppressive regimes to suppress political opponents, journalists and campaigners.

MEPs in Strasbourg agreed on 17 January to extend EU export controls to include new restrictions on the export of surveillance equipment, including devices for intercepting mobile phones, hacking computers, circumventing passwords and identifying internet users.

The proposals also seek to remove encryption technologies from the list of technologies covered by EU export controls, in a move which aims to make it easier for people living in oppressive regimes to gain access to secure communications which can circumvent state surveillance.

“Dictators spy on their citizens using EU cyber surveillance. This must stop. The EU cannot contribute to the suffering of courageous activists, who often risk their lives for freedom and democracy,” said MEP Klaus Buchner, European Parliament rapporteur. “We are determined to close dangerous gaps in the export of dual-use goods and call on member states to follow suit.”

The proposed changes to the EU dual use export control regime are likely to face opposition from the defence industry and governments, as the European Parliament and the European Commission prepare to negotiate their implantation with Europe’s 28 member states.

European companies supplied technology that led to torture and deaths

European technology companies, including UK firms, have supplied equipment that has been used for arresting, torturing and killing people in Iran, Egypt, Ethiopia and Morocco, according to the European Parliament.

An investigation by Computer Weekly revealed that the UK government had approved export licences to Gamma International (UK) to supply mobile phone interception equipment, known as IMSI catchers, to Macedonia, when the regime was engaged in a massive illegal surveillance operation against the public and political opponents.

And the UK’s largest arms manufacturer, BAE Systems, has exported equipment capable of mass internet surveillance to countries that campaigners say regularly commit human rights abuses, including Saudi Arabia, Qatar, Oman, Morocco and Algeria.

An overwhelming majority of MEPs supported reforms to the EU’s export control regime, which will require member states to deny export licences if the export of surveillance technology is likely to lead to a serious impact on human rights in the destination country. The proposed changes, backed by 571 votes to 29 against, with 29 abstentions, will impose tough requirements for EU governments.

Member states will be required to assess the likely impact of surveillance technology on citizens’ right to privacy, freedom of speech, and freedom of association, in the destination country before they grant export licences – a significant step up from current levels of scrutiny.

The proposed rules contain safeguards, however, that will allow legitimate cyber security research to continue. Companies exporting products that are not specifically listed will be expected to follow the OECD’s “due diligence” guidelines if there is a risk they could support human rights violations.

EU governments will be required to publish data on export licences

Improved transparency measures will require member states to record and make data on approved and declined export licences publicly available, opening up the secretive global trade in surveillance technologies to greater public scrutiny.

Although member states may already take human rights considerations into account in the current system, human rights groups argue that, in practice, they have prioritised other considerations and approved the vast majority of exports.

Out of more than 330 export licence applications for controlled surveillance technologies made to 17 EU jurisdictions since 2014, 317 have been granted and only 14 rejected, research by Security for Sale, an international consortium of journalists, revealed last year. Eleven member states, including France and Italy, refuse to open licensing data to public scrutiny, making the total number of exports likely to be much higher.

Brexit: UK technology may escape export restrictions

Pressure groups have raised concerns that the UK may escape the proposed safeguards, aimed at stopping the export of surveillance equipment to countries with poor human rights records, because of Brexit.

“We have to avoid a scenario where the UK’s withdrawal from the EU leads to a dangerous weakening of controls over the UK’s exporting of arms and surveillance equipment,” said Oliver Feeley-Sprague, UK arms control director at Amnesty International.

“Current EU arms controls aren’t perfect, but they are multilateral, which is the only sensible approach to regulating the export of weapons and related equipment.”

Lucie Krahulcova, policy analyst at lobby group Access Now, said the existing export regime was failing to protect citizens’ rights and privacy, and was putting journalists and campaigners in oppressive regimes at risk.

“The current system fails to adequately account for users’ rights to privacy and freedom of expression – an unacceptable status quo which betrays human rights defenders and journalists around the globe,” she said.

Timeline

2009: The global trade in surveillance technology came to public attention during the Arab Spring when it emerged that states across the region were using surveillance technology exported by EU member states to oppress opponents.

2011: The European Commission published a greenpaper, recognising the need to update the EU’s dual-use export control regulations to take into account advances in technology.

2016: The European Commission released an impact assessment which reported that: “Cyber surveillance technologies have legitimate and regulated law enforcement applications, but have also been used for internal repression by authoritarian or repressive governments to infiltrate computer systems of dissidents and human rights activists, at times resulting in their imprisonment or even death.”

2016: The European Commission released a proposal to modernise EU export controls. The proposal was criticised for not going far enough in restricting exports of dual-use equipment.

November 2017: The European Parliament’s Committee on International Trade agreed amendments to the European Commission’s export control proposals.

January 2018: MEPs voted in favour of reforms to reform EU dual-use export regulations, following a debate in Strasbourg. The new rules were backed by 571 votes to 29, with 29 abstentions.

‘Arab Spring’ led to calls for export restrictions

The European Union introduced the current export control rules in 2009 to require member states to assess the impact of dual-use technologies which have peaceful civilian uses, but which can also be used to commit terrorist acts or violate human rights.

But it emerged during the “Arab Spring” – a series of popular uprisings in the Arab World that began in 2010 – that authoritarian regimes were using surveillance technology and spyware supplied by European companies to target protesters, human rights activists and journalists.

The Dutch MEP Marietje Schaake, who has been campaigning for the EU to adopt tighter regulations on the export of dual-use equipment since the uprising, described the European Parliament’s proposals as a fundamental overhaul of the European export control system.

She called for the EU to end the practice of “licence shopping”, where a company, for example, which is rejected for a licence in the Netherlands, could be granted one in Italy.

“From Egypt to Iran and Turkey, governments use European systems to spy on and hack their citizens’ devices. This allows them to muzzle and even arrest journalists, human rights activists, as well as ordinary civilians,” she said after the vote. “The European Parliament today puts an end to these practices by regulating the export.”

The European Parliament, the European Commission and member states of the EU will hold a series of confidential “trialogue” negotiations aimed at reaching a compromise – a process that could take several years. Once member states and the European Parliament agree to the amendments to the export control regime, they will become binding across the European Union. 

Read more about surveillance

Read more on Regulatory compliance and standard requirements

Join the conversation

4 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hi,

This restricction to sell this surveillance software from EU, already includes the restriction to sell to mexican goverment?

Regards
Cancel
As far as I am aware, Mexico is not specifically mentioned but EU member states would have to take into account Mexico's human rights record before awarding export licences for surveillance equipment. I am not sure if the EU has exported such technology to Mexico, but it would be interesting to find out.
Cancel
Hi Bill,

There is a history of espionage. Of course, the software is Israeli.
Here the some links:
https://www.nytimes.com/2017/06/20/world/americas/mexico-spyware-surveillance-journalists-activists-investigation.html

https://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html

https://www.nytimes.com/2017/06/21/world/americas/mexico-pena-nieto-spying-hacking-surveillance.html

Regards
Cancel
Hi, thanks for the links. That is very helpful. It is a topic I would like to hear more about.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close