EU nears conclusion on cyber surveillance export controls

EU negotiators are closing in on new rules that would put an end to the sale of cyber-surveillance technologies to autocratic regimes worldwide, after the German Presidency of the EU adopted a position more amenable to Parliament counterparts.

EU negotiators are closing in on new rules that would put an end to the sale of cyber-surveillance technologies to autocratic regimes worldwide. [Shutterstock]

EU negotiators are closing in on a deal over new rules that would end the sale of cyber-surveillance technologies to autocratic regimes worldwide.

In what is being billed as potentially the final round of talks on Tuesday (22 September), representatives from the German  EU Presidency and the European Parliament are set to hash out a deal on the regulation on dual-use goods, which aims to clamp down on exports that can be used in the surveillance of citizens in countries with despotic regimes.

Speaking to EURACTIV ahead of the talks, lead MEP on the file, the Pirates’ Markéta Gregorová sounded a confident tone about an agreement being reached, after two years of negotiations.

“We’re feeling positive about reaching an agreement after the Germans came closer to our position,” she said, adding that there had been a concerted effort to move closer to Parliament’s position in a new proposal penned by the Germans, which included more robust measures on transparency and evaluation obligations.

Change in German position

The move marks a change of tack in the German position, following previous opposition to various elements in the text, that would have allowed the sale of cyber-surveillance technologies to autocratic regimes to continue.

An EU source had suggested to EURACTIV that Germany’s position may have been heavily influenced by commercial interests, owing to the fact that the country accounts for an estimated 50 to 60% of the EU’s exports of so-called dual-use items.

However, Gregorová believes that the German government may have realized that their opposition to the plans was untenable, and that several recent developments may have swayed their position.

“I think one case that certainly helped amplify Parliament’s voice was when Germany’s FinFisher was alleged to have been illegally selling spy software to Erdogan,” she said.

Last year it was reported that FinFisher products had been sold to the Turkish government, in a bid to surveil opposition protesters in 2017 without a permit. The German company’s FinSpy product had been embedded into smartphone applications that were marketed by fake Twitter accounts to opposition protesters.

Those who downloaded the app were susceptible to the spyware, which gave unimpeded access to the personal data contained on the device.

EXCLUSIVE: Germany blocking EU plans to stop spyware trade with dictators

EU proposals to establish export restrictions on spyware are being held back by Germany, which has adopted an ambiguous stance on the plans, EURACTIV has learnt.

Amnesty Report

Meanwhile, a report published by Amnesty International on Monday urged the EU to adopt more stringent measures in its export regime, noting that current rules “fail to address rapidly changing surveillance dynamics and fail to mitigate emerging risks that are posed by new forms of digital surveillance technologies.”

The report noted how European exports in this industry have found their way to totalitarian regimes worldwide, including in China, where such technologies have been used by national security authorities for egregious human rights abuses.

This is particularly the case in Xinjiang, the survey finds, where the Uighur Muslim minority has found itself at the mercy of the authorities, having been forced into ‘cultural re-education camps’ as part of China’s anti-Uighur campaign.

“Europe’s biometric surveillance industry is out of control…a multi-billion Euro industry that is flourishing by selling its wares to human rights abusers,” a statement from Merel Koning, Senior Policy Officer, Technology and Human Rights at Amnesty International, read.
“The current EU export regulation system is broken and needs fixing fast.”

Specifically, the investigation levelled a series of allegations against three European firms:  Morpho (now Idemia) from France, Axis Communications from Sweden, and Noldus Information Technology from the Netherlands.

All firms, Amnesty say, exported surveillance software such as facial recognition and network cameras to China, for alleged use in mass surveillance programs.

For their part on Monday, Axis and Noldus did not deny to EURACTIV that their technologies were sold to China, but both said that they develop software solutions with an ethical framework in mind. CEO of Noldus, Lucas Noldus, claimed that “Amnesty also has not presented a single piece of evidence that the use of our software has led to human rights violations.”

Meanwhile, Idemia strongly ‘condemned’ the use of facial recognition technologies for mass surveillance purposes that “would be contrary to human rights,” and pleaded ignorance on the use of their ‘old-generation’ facial recognition technologies by the Shanghai Public Security Bureau for nefarious means, after a 2015 deal between Morpho subsidiary Safran and the Chinese authorities.

Facial recognition in scope?

The concerns surrounding the export of facial recognition technology could have an impact on the inter-institutional discussions on Tuesday, as such technologies are currently not included in the scope of the definition of certain products that would be placed under restrictions.

“From our position, we’d like to see export controls on the sale of facial recognition technologies to autocratic regimes,” Gregorová told EURACTIV.

“The report from Amnesty International on Monday highlighted how these technologies can be employed to erode human rights worldwide, and we need to take a strong stance against such uses.”

“It will be our intention on Tuesday to get facial recognition technologies included in the scope of banned products,” she added.

Commission urged not to backtrack on EU spyware rules

The European Commission has been urged not to soften its stance on EU rules that would outlaw the export of cyber surveillance tools to despotic regimes worldwide, amid ongoing negotiations between the European Council and the Parliament on the new measures. 

[Edited by Benjamin Fox]

Subscribe to our newsletters