Many international non-governmental organizations* say they are extremely concerned that little has changed since civil society first recognized the need to modernize current EU rules governing the export of surveillance equipment as far back as 2011 during the Arab Spring.
As the European Commission has since proposed reforms to the current system specifically aimed "to prevent human rights violations associated with certain cyber-surveillance technologies," NGOs urge member states to refrain from any further delays in the process and to ensure that states throughout the European Union prevent surveillance exports that pose risks to human rights.
Need for reform
The export of electronic surveillance equipment to governments involved in human rights abuses or lacking sufficient legal frameworks to protect privacy is a serious risk to the EU’s interests in protecting human rights, democratization and rule of law.
In Macedonia, where numerous EU member states and institutions have spent years and considerable resources to make progress in these areas, there have reportedly been some 20,000 people subject to wiretapping in recent years, including activists, members of the judiciary, opposition members and diplomats.
This effectively undermines many EU initiatives by allowing the former ruling party direct access to telecommunications surveillance systems. Recently, reports have shown how authorities in Mexico, the United Arab Emirates, and Bahrain have used surveillance powers that nominally target criminals and terrorists against human rights defenders, activists, lawyers, and others.
Recommendations for effective reform
- Human rights protections be strengthened and have definitive impact
The proposal should make clear that states are required to deny export licenses where there is a substantial risk that those exports could be used to violate human rights, where there is no legal framework in place in a receiving country governing the use of a surveillance item, or where the legal framework for its use falls short of international human rights law or standards.
- All relevant surveillance technology be covered
A mechanism to update the EU control list should be agreed, which will decide on updates to the EU control list in a transparent and consultative manner, taking into account the expertise of all stakeholders, including civil society, and international human rights law.
- Greater transparency and reporting is made mandatory
Greater transparency in export licensing data is needed. Such transparency is crucial in enabling parliaments, civil society, industry, and the broader public – both in the EU and in recipient countries – to meaningfully scrutinise the human rights impact of the trade in dual-use items.
- Security research and security tools be protected
To reinforce the protection of research as stated in the preamble, the new regulation should include clear and enforceable safeguards for the export of information and communication technology used for legitimate purposes and internet security research.
More information can be found here.
Adequate & uniform assessment criteria
Member states are failing to properly assess their human rights obligations when it comes to assessing export licenses and are interpreting their current obligations differently. It is essential that strong export assessment criteria are agreed and uniformly applied.
Reports in 2017 have shown that:
- Of over 330 export license applications for controlled surveillance technology made to 17 EU authorities since 2014, 317 have been granted and only 14 have been rejected; 11 member states, including France and Italy, refuse to make any licensing data available to public scrutiny, meaning that the actual amount of surveillance equipment being licensed for export is likely to be significantly more (The Correspondent).
- BAE Systems, the UK’s largest arms manufacturer, has been exporting controlled internet surveillance systems capable of carrying out mass surveillance to countries where human rights abuses are common, including to Saudi Arabia, UAE, Qatar, Oman, Morocco, and Algeria (BBC and Dagbladet Information).
- Italy approved then subsequently revoked an export license for an internet surveillance system to Egypt (Il Fatto Quotidiano).
- A French company has been exporting similar internet surveillance equipment to Egypt and has received nine other export licenses in 2016 (Telerama).
- Companies based in Italy were filmed admitting to be willing to skirt existing export regulations to sell surveillance technology to potential clients around the world, including to countries under EU restrictive measures (Al Jazeera).
The current criteria are inadequate. For example, Denmark and the UK have both approved export licenses for surveillance equipment to the UAE, where electronic surveillance is proven to be targeting human rights defenders and whose forces are torturing people in secret detention facilities, according to the Associated Press. The Netherlands in contrast has denied an application to the UAE reportedly based on human rights considerations.
Similarly, member states have been approving export licenses to Egypt, where security forces have routinely tortured detainees and forcibly disappeared hundreds of people, and where the government has recently taken unprecedented steps to criminalize human rights and independent groups.
In 2013, member states in the Council of the European Union expressed "great concern" following "an unacceptable large number" of deaths and injuries at the hands of Egyptian security forces, and agreed "to suspend export licenses to Egypt of any equipment which might be used for internal repression and to reassess existing export licenses."
Following the subsequent murder and torture of Italian student Giulio Regeni and "a large-scale campaign of arbitrary detention of critics of the government, including journalists, human rights defenders, and members of political and social movements," the European parliament called "for exports of surveillance equipment to be suspended when there is evidence that such equipment would be used for human rights violations."
Despite this, French media this week revealed that a company has been exporting internet surveillance equipment to Egypt. Similarly, the UK has approved the export of telecommunications interception equipment as well as satellite phone interception systems to Egypt.
In 2016, the Italian Ministry of Economic Development also approved an export license for internet surveillance systems to the Technical Research Department in Egypt, a secret unit of the Egyptian intelligence infrastructure which has previously purchased surveillance equipment from a range of other EU-based companies. After first approving the license, the Italian Ministry of Economic Development have since confirmed that they have revoked the export license following media reports that the company in question was under investigation and letters from NGOs urging the Ministry to reconsider their assessment.
As a result of the Italian Ministry’s decision, and in order to maintain consistent application throughout the Union, it is now essential that other EU member states, including France and the UK, also review their extant export licenses for surveillance equipment to Egypt and revoke them where there is evidence that it poses a risk to human rights.
Background
In 2011, as evidence was emerging during the Arab Spring that authoritarian regimes across the Middle East and North Africa were relying on European-made surveillance technology, the Commission released a Green Paper recognizing the need to update the Dual Use Regulation to reflect advances in technology and early in 2013 first recognized stakeholders’ desire to bring the "use of ICT interception and monitoring items or 'cybertools'" into the scope of the Regulation.
The Commission concluded on the basis of a wide-ranging Impact Assessment and public consultation "that Cyber-surveillance technologies have legitimate and regulated law enforcement applications, but have also been used for internal repression by authoritarian or repressive governments to infiltrate computer systems of dissidents and human rights activists, at times resulting in their imprisonment or even death.
As evidenced by numerous reports, the export of cyber-surveillance technology under such conditions poses a risk for the security of those persons and to the following fundamental human rights." The Working Document further noted that "The lack of a robust legal basis for controlling exports of cyber-surveillance technologies hampers the EU’s ability to prevent exports that may be misused for human rights violations," that there was a "lack of clear legal provisions for controlling cyber-surveillance technology or for denying an export based on human rights considerations."
The Commission eventually released a subsequent proposal to modernize the EU export control infrastructure in September 2016. While the proposal offers some improvements on the current regime, it requires significant further changes to ensure it lives up to its potential of protecting human rights.
Amendments to the proposal are currently up for discussion within the Committee on International Trade of the European Parliament, members of which have proposed some positive amendments to the proposal. After amendments are agreed within the Committee, they will be put to a vote in the European Parliament, possibly in September 2018. After a vote, the proposed amendments will be discussed between the Commission, Parliament, and member states in secret "trialogue" meetings aimed at reaching a compromise position, likely to be in 2018.
However, if Parliament subsequently does not vote in favor of the agreed amendments, the trialogue process continues until a position can be agreed - a process that can take years. Once the member states and Parliament agree to the amendments, they will become binding across the European Union.
* Access Now, Amnesty International, Bahrain Center for Human Rights, Bahrain Watch, Bahrain Institute for Rights and Democracy (BIRD), Coalizione Italiana Liberta e Diritti Civili (CILD), Digitale Gesellschaft, Gulf Center for Human Rights, International Federation for Human Rights (FIDH), Privacy International, Reporters Without Borders, Social Media Exchange (SMEX), Statewatch