Eleven member states back EU controls on selling spyware

Eleven member states are backing a controversial EU legal overhaul that would create tougher export control rules for surveillance technologies. [Pexels]

EXCLUSIVE / Eleven EU countries have signalled their support for draft rules that would place export restrictions on companies selling surveillance technologies, a leaked working paper shows.

The group is backing the European Commission’s proposal to introduce export controls on products that could harm human rights, according to a negotiating document that EURACTIV.com has obtained.

Germany led the initiative, and is supported by Croatia, the Czech Republic, France, Italy, Poland, Portugal, Romania, Slovakia, Slovenia and Spain.

Diplomats from the 11 countries signed off on a six-page document embracing the Commission’s plan to create “effective EU cyber-surveillance controls for the protection of human rights”. Their paper is dated 29 January.

Member states are negotiating their position on a Commission proposal from 2016 to overhaul EU export rules for dual use items, which face extra trade restrictions because they can be used for either civil or military purposes.

The Commission proposed the changes to export control restrictions after it was revealed that European companies sold software to governments that used it to spy on Arab Spring protesters.

Reports about governments that used European firms’ spyware have continued to add fuel to political talks over the bill. Last summer, the BBC reported that British weapons manufacturer BAE Systems sold surveillance software to the likes of Tunisia and Saudi Arabia.

MEPs approve export controls tailored to stop government surveillance

MEPs approved stricter rules on Wednesday (17 January) to control how European companies export technologies including software that could be used for surveillance, and any products that may violate human rights.

Officials close to the legal negotiations described the 11 member states’ document as a breakthrough.

The countries’ support is a victory for the Commission. The EU executive has struggled to convince sceptical member states and tech firms that there is a need to update the bloc’s export control rules by adding on human rights safeguards and restrictions on how firms sell surveillance software to foreign countries.

The diplomats support new EU controls “dealing with the specific human rights dimension such as violations of the freedom of expression, right to privacy, and the freedom of association, directly linked to the misuse of cyber-surveillance items”.

With backing from some of the biggest member states, the Commission’s proposal is now more likely to secure approval from a majority of EU governments.

But there are still some member states that disagree. Some others are wary of introducing any new export restriction on products that could harm human rights. Technology companies have also criticised that part of the Commission proposal, arguing that it will be difficult to prove whether some everyday products could be misused.

The legislation can only go into effect after member states, the European Parliament and the Commission agree on a compromise in three-way negotiations. The Parliament approved an identical version of the bill last month, but talks with the other two institutions have not yet started.

A few member states that backed the new working document appear to have changed their views, having initially been hesitant when the Commission first announced the reforms in 2016.

Shortly before the Commission published its proposal, Sweden drafted a document rejecting the plan to create a legally binding list of products set to face extra approval procedures in order to be exported. That method would be “less effective” and “undermine the competitiveness of EU industry”, the paper said. Austria, Finland, France, Germany, Poland, Slovenia, Spain and the UK also signed off on the 2016 document.

The 11 member states favour extending EU export controls to apply to cyber-surveillance technologies, but they do not want the same restrictions to apply to a list of other kinds of tech products that the Commission identified in its original proposal.

One EU official said the member states’ exclusion of technologies like robotics or artificial intelligence systems that could be used as weapons is “too restrictive” and “not forward looking”.

But the official described the working paper as generally reassuring since it supports the broader plan to create new export controls on surveillance technologies.

The Commission proposal outlined types of technologies that should require extra licenses before companies are allowed to export them. That was the EU executive’s attempt to also apply the tougher rules to products that might increasingly be used as weapons at some point in the future.

The 11 member states also gave a mixed view of the tougher transparency requirements in the Commission’s proposal.

Their paper describes the legislation as “an opportunity for promoting transparency” because it will push them to make more data public about the licenses they approve and decline.

But national governments are sensitive about how much data they share with each other and the Commission about their export of dual use products.

Diplomats from the 11 countries criticised the Commission’s proposal to require member states to consult each other before approving a company’s export of any product that might damage human rights.

That would create “an unnecessary administrative burden” and step on national authorities’ toes. Member states have the right “to assess the case and exercise their export control authority”, the document said.

Trade MEPs want to scrap all EU export restrictions on encryption

MEPs want the European Commission to remove export control restrictions on technology products that use encryption.