The failure of EU’s regulation on cyber-surveillance tech exports
When in April 2016 the Italian Ministry of Economical Progress revoked Hacking Team’s licence to export their Galileo remote control software outside of the EU, it seemed, at first glance, like a long overdue reaction to the many revelations that the company provides offensive intrusion and surveillance software to governments that don’t have a good track record at respecting human rights.
Alas, it was not so – the decision was mostly a political reaction to the diplomatic problems that arose between Italy and Egypt in the wake of the death of an Italian graduate student. The man, Giulio Regeni, was abducted, tortured and killed in Egypt while he was researching the country’s independent trade unions.
But the news did briefly raise interest in the problematics of how European companies that develop surveillance software – i.e. technologies that can be used both for peaceful and military aims – get permission to export it to other countries.
The problem with EU cyber-surveillance technology regulation
Almost a year later, and just as the European Parliament is set to debate a new proposal to strengthen the regulation that forms the basis of EU’s export control regime of dual-use technology, a report by a network of European media outlets shows how the initial regulation has failed to prevent authoritarian regimes from getting their hands on this type of technology.
The reporters have requested information from EU member states and Norway about the exports of surveillance technology, and have received a response from 18 of the 29 countries (by the by, Italy was not among the 18).
The provided information does not provide a full picture of the situation, but it definitely shows that export applications are very rarely denied.
“Almost 30 percent of the issued licenses were for exports to countries that are ranked as ‘not free’ by the think tank Freedom House. One example is The United Arab Emirates – a country known for using surveillance technology against peaceful critics of the regime,” the reporters noted.
“52 percent of the licenses revealed by the investigation were for exports to countries that Freedom House ranks as ‘partially free’. This includes a country like Turkey, where the Erdogan government has cracked down on political opposition following a failed coup last year. Only 17 percent of the licenses were for exports to countries that Freedom House ranks as ‘free’.”
It seems obvious that the regulation, in its current form and in practice, is not strong enough.
Professor Quentin Michel from Université de Liège, an expert on export control regulations, says that the problem with the current EU dual use regulation is that it was originally designed to avoid the proliferation of weapons of mass destruction, and does not focus on protection against human rights violations.
Unfortunately, while the new proposal for strengthening the regulation does expand the list of cyber-surveillance equipment whose export has to be controlled, it still does not require member states to deny export applications if there is risk of human rights violations.