UN resolution ignores special rapporteur’s call for halt to spyware sales

UN’s Human Rights Council adopts resolution to explore the impact of new and emerging digital technologies on human rights, but the text ignores a damning report by the council’s own expert on freedom of expression

UN member states have sidestepped calls for a moratorium on the sale and transfer of surveillance equipment between governments and the private sector, instead opting to commission a report looking at the technology’s impact on human rights.

The report will be commissioned on the basis of a resolution adopted by the UN Human Rights Council during its 41st session, which ended on 12 July 2019.

The resolution requested that the Advisory Committee prepare a report, with recommendations for action, to be presented and discussed at a panel during the 44th session of the council, which will be held some time next year.

The resolution was submitted by Austria, Brazil, Denmark, Morocco, South Korea and Singapore, although it was agreed to by a number of other countries, including the UK, Turkey, North Macedonia and Australia.

But despite mentioning a number of previously adopted resolutions and reports that are relevant to the topic, the resolution made no mention of special rapporteur David Kaye’s recent report that called for an immediate moratorium on the use, transfer and sale of surveillance tools.

Kaye, the council’s mandated expert on freedom of expression, presented his findings to the 41st session on 26 June, where he described the international situation as a “surveillance free-for-all in which states and industry are essentially collaborating in the spread of technology that is causing immediate and regular harm to individuals worldwide”.

Speaking at the Open Rights Group conference on 13 July, Kaye said there were two main aspects to the problem – a lack of controls on the export and transfer of surveillance technology, and a lack of legal frameworks for how governments use them.

“The top-line recommendation is to stop selling this technology… until there is a framework of law that controls both the export of this technology and the use of it,” he said.

“Hopefully, it focuses the minds of people who can have a role in this because I am not, from the reaction so far, sanguine about governments going ‘oh, we didn’t realise’.”

Kaye also called for companies to start undertaking “human rights impact assessments” whenever they enter new markets, a subject he covered in the report.

“Companies have not disclosed instances of meaningful action,” said the report. “There is, for example, no public information suggesting that human rights assessments are a routine component of due diligence during sales.

“Indeed, mounting evidence of the industry’s central role in facilitating gross human rights abuses, coupled with its steadfast refusal to explain its safeguards, makes it difficult to avoid the conclusion that such self-regulation lacks substance.”

Read about surveillance technology

  • Computer Weekly investigation reveals the extent of interception of MPs’ and peers’ email communications and data.
  • New versions of the FinSpy malware for iOS and Android smartphones have extended targeted surveillance capabilities, warn security researchers.
  • Researchers at security firm McAfee have confirmed that social networks are being used to target North Korean dissidents with spyware.

Nick Dearden, director of social justice campaign group Global Justice Now, told Computer Weekly: “There is too much self-interest to actually take this seriously as an issue. There are just too many countries either making a lot of money selling this stuff or by receiving it and using it themselves to suppress human rights.

“If you look at the case that was won recently by Campaign Against the Arms Trade in terms of arms sales to Saudi [Arabia], actually what many people don’t realise is that surveillance equipment can be used to suppress human rights in equally serious ways.”

The UK’s quarterly export control licensing data, published by the Export Control Joint Unit and the Department for International Trade, shows that the UK exported telecommunications interception equipment to at least 20 countries in 2018.

These included Bahrain, Israel, Saudi Arabia, the United Arab Emirates, India and the US. They also included Singapore and South Korea, both of which were initial sponsors of the adopted resolution.

Since 2015, the UK has licensed £75m of spyware and surveillance technology to various countries, several of which, such as the Philippines, have cracked down heavily on political dissent in recent years.

However, interception equipment is just one of many surveillance technologies exported by the UK government. The full range of technologies can be found in the strategic export control list, which identifies different kinds of equipment using a code.

Comparing this code with the country licensing data shows what technology was exported and to where, but the disparate locations of the data can make it difficult to interrogate properly.

“This government has been horrific with freedom of information,” said Dearden. “Lives are at stake, human rights are at stake here. There is huge public interest in this stuff, so the more we push, the more we are likely to get information, even if it’s not tomorrow.”

Computer Weekly has previously revealed that the UK government approved an export licence for the sale of surveillance equipment to Macedonia while the country was engaged in an illegal surveillance programme against its citizens.

Read more on Privacy and data protection

Data Center
Data Management