Stopping the Unlawful Trade of Surveillance Tech

Yesterday, a coalition of human rights organizations sent a strong message about the need to curb the uncontrolled export of surveillance technology to countries with questionable human rights records. The message was delivered by the Coalition Against Unlawful Surveillance Exports (CAUSE) in an open letter to the members of the Wassenaar Arrangement ahead of their 2014 plenary meeting.

The letter urges the 41 members of the Wassenaar Arrangement to “address the alarming proliferation of surveillance technologies available to repressive countries involved in committing systematic human rights violations.” To this end, the CAUSE advises governments to modernize out-of-date export controls to prevent exports to end-users in countries where they may be used for illicit purposes or to commit human rights abuses. The letter also urges governments to be more transparent about their technology exports and encourages greater participation by human rights groups and independent experts in the Wassenaar forum in order to ensure that controls are effective and reflect the latest technological developments.

The Wassenaar Arrangement is a multilateral export control regime that 41 states participate in, including the United States, the United Kingdom, and Germany. Every year, representatives of the member states gather at the plenary meeting — which usually happens in December — to agree on updates to the Wassenaar’s munitions and dual-use control lists, although most of the technical and policy-related matters are hashed out in working groups before the meeting starts. After the plenary, a new version of the lists are published, followed by the process of implementing the new controls at the national level, which can take months or even years. The letter was sent ahead of the 2014 plenary, which is currently underway in Vienna.

In 2013, the Wassenaar member states took some historic steps to address the trade in global surveillance technology by adding “Intrusion Software” and “IP Network Communication Surveillance Systems” to the list of controlled dual-use goods. These changes were described as part of a broader report published by OTI, [Privacy International] https://www.privacyinternational.org/), and Digitale Gesellschaft on how export controls can be used as a policy solution to address the transfer of surveillance technology to repressive regimes. The report explains how the export control regimes work in the US, the UK, and Germany, with a specific focus on how they can craft controls that capture monitoring technologies and other tools that can be used to commit human rights abuses. As part of the follow up to the report launch, OTI and other members of the CAUSE coalition have also helped produce additional guidance for specific member states about how the 2013 Wassenaar rules can be incorporated into their national export control regimes. This implementation process is still underway domestically.

Even after new controls are created in the U.S. and other Wassenaar countries to reflect the 2013 updates, more work remains to be done — which is why yesterday’s letter urges governments not to “let the momentum halt.” By and large, export controls remain outdated when it comes to addressing these technologies. States should consider whether and what type of controls should apply to additional technologies such as undersea fiber-optic cable taps and mass voice/speaker recognition tools, which have the potential to be used for pervasive surveillance and internal repression — especially when they end up in the hands of governments that have a track record of human rights abuses.

New evidence continues to emerge that confirms the importance of updating export controls to cover these technologies. A recent report by Privacy International on the deployment of surveillance technology in Central Asia reveals that governments such as Kazakhstan and Uzbekistan are following the lead of repressive regimes in the Middle East and spying on their citizens — and that often get their technology from Western companies, including U.S. and Israeli vendors. Among other recommendations, the report notes that stronger export controls are crucial to stem the flow of these technologies to governments that seek to use them to monitor and control digital communications.

While the use of these technologies continues to grow, the victims of these abuses still have limited legal recourse. According to the International Federation for Human Rights (FIDH), liability protections for surveillance companies are a major obstacle to effective access to justice for those who have suffered human rights violations as a result of the surveillance tools sold by these companies. FIDH urges states to "proceed with legal reforms to enable victims of abuses committed by European-based surveillance companies to bring cases in companies’ home States." The report notes that a comprehensive approach to addressing this issue not only requires stronger export controls on surveillance technology, but must also provide justice to victims of human rights violations.

The addition of intrusion software to Wassenaar’s dual-use list in 2013 is particularly critical in light of a new Citizen Lab report which shows the direct human rights impact as civil society organizations are increasingly being targeted by government-sponsored malware. Just like businesses and governments, human rights groups and other organizations face a growing number of network intrusions that threaten the privacy of sensitive information and communications. However, as the report explains, civil society organizations possess far fewer resources to strengthen network security and prevent these attacks. Any solution that curbs the use of these tools may help protect civil society in repressive countries.

Organizations and networks concerned about the complicity of Wassenaar member states in the surveillance operations of repressive regimes are rallying around this issue. The CAUSE open letter and other recent proposals to strengthen global export controls seek to stem the flow of surveillance technologies. Continuing to update the Wassenaar Arrangement to reflect technological developments is essential for preventing surveillance technologies from falling into the wrong hands, and the effective implementation of these rules into national export controls is a crucial first step.