The European Parliament Committee on Foreign Affairs (AFET) adopted the non-binding resolution on ‘Human rights and technology: the impact of intrusion and surveillance systems on human rights in third countries’ on 26 May 2015.
The document focuses on the impact of technological developments on human rights. It aims to contribute to smart EU legislation which takes into consideration every aspect, including human rights and technological advances.
Background
The report highlights two faces of technology. It describes its increasingly important role in ensuring and expanding the scope of fundamental freedoms, such as the right to freedom of expression, access to information and the right to privacy. The report also emphasises the fact that modern technological systems nowadays can be open to abuse and are being misused as tools for human rights violations. Censorship, surveillance, unauthorised access to devices, jamming, interception, and tracing and tracking of information and individuals are all topics which speak for themselves. In particular, human rights defenders and whistle-blowers appear to be the victims of monitoring activities by state- and non-state actors.
The 2014 FIDH position paper ( Fédération internationale des ligues des droits de l’homme; FIDH is the oldest international human rights organisation worldwide, www.fidh.org (accessed 15 July 2015), entitled Surveillance technologies ‘made in Europe’ reveals a number of European companies which are allegedly involved in providing surveillance equipment or services to third countries such as Bahrain, Syria and Egypt where these technologies are misused and lead to human rights violations.
In the Amesys case, for example, a European company provided sophisticated surveillance communication systems to a third country (Libya) which was then used to monitor suspected individuals on- and off-line throughout the country and the subsequent data analysis was used to identify them. The human rights organisation fidh concluded in its position paper that the system which was supplied enabled the Libyan regime to hone their methods of oppressing the Libyan people to perfection.
Marietje Schaake, AFET Rapporteur and MEP emphasised that ‘too many surveillance and intrusion technologies are being produced in Europe and sold to enable human rights violations’.
Legal state of art
Today, few legal frameworks address this issue on an international level and of those that do – the Wassenaar Arrangement and the EU Dual-Use Regulation (EC) 428/2009 – are among the most known. The Wassenaar Arrangement is a voluntary export regime with 22 parties, which regulates the transfer of conventional arms and so-called dual-use goods1 and technologies, and it has implications for the EU dual-use Regulation. However, the Regulation leaves it to each EU Member State to decide whether or not to implement it, leaving much space for legal fragmentation within the EU.
For example, on 8 July 2015 Germany amended its Foreign Trade Regulations (AWV), implementing national notification obligations and licensing requirements for businesses dealing with the export of surveillance communication technology. The German Government emphasised its intention to act now and stressed in its reasons that this matter does not allow for waiting for EU legislation to be enacted, which is unlikely to happen before 2017. As soon as adequate EU regulations are provided, EU-conformity can be restored.
What does the report suggest?
Paragraph 35 of the report criticises the incomplete nature of the EU dual-use Regulation when it comes to the effective and systematic export control of harmful ICT technologies to non-democratic countries. AFET therefore urges the Commission to review the dual-use regime in this context and to include effective safeguards to prevent any harm by these export controls to research, including scientific and IT security research.
A number of additional ideas are outlined by AFET on how to prevent human rights violations through the transfer of harmful technology products. The following list, which is not exhaustive, serves to give an idea on which matters have been pointed out by the AFET which:
- stresses that the impact of technologies on the improvement of human rights should be mainstreamed in all EU policies and programmes (para 5);
- urges the EU itself to use encryption in its communications with human rights defenders, to avoid putting defenders at risk (para 9);
- calls on the EU to adopt free and open-source software (para 10);
- draws attention to the plight of whistle-blowers and reiterates its call on the Commission and the Member States to examine thoroughly the possibility of granting whistle-blowers international protection from prosecution (paras 14 and 65);
- reiterates its strong belief that national security can never be a justification for untargeted, secret or mass surveillance programmes and insists that such measures be pursued strictly in line with the rule of law and human rights standards (para 15);
- calls on the European External Action Service (EEAS) and the Commission to promote the democratic oversight of security and intelligence services in its political dialogue with third countries (para 16);
- stresses that the Commission should be able to provide companies with accurate and up-to-date information on the legality or potentially harmful effects of potential transactions (para 37);
- calls for the development of policies to regulate the sales of zero-day exploits and vulnerabilities to avoid their being used for cyber-attacks, or for unauthorised access (para 40); and
- calls for the promotion of tools enabling the anonymous or pseudonymous use of the internet (para 49).
The report is expected to influence trade in harmful technology products and to lead to an adequate European regulatory and policy framework. Surprisingly, given previous announcements, the vote which was planned to be held during the European Parliament plenary session of July 9th 2015 in Strasbourg did not take place. Schaake’s office requested that the vote be postponed until September. According to the AFET rapporteur, she is having a hard time convincing some of her colleagues of the importance of this document.
The Incyder team will keep you informed about the proceedings.
Lorena Trinberg
This publication does not necessarily reflect the policy or the opinion of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre) or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication.
- Dual-use items are goods such as software and technology that are usually used for civilian purposes but which may also have military application or may also contribute to the proliferation of weapons of mass destruction. [↩]