Germany’s ministry of economics has agreed on a new law that will impose controls on the export of surveillance technologies but EU reform on export controls is still stalled.
The German amendment was issued on Wednesday (8 July) and will subject companies that sell products that can used for surveillance to new mandatory licensing measures. Telephone monitoring and companies’ data retention will face extra regulation.
Germany’s ministry of economics described the new regulation as a move to prevent the use of surveillance technologies for “internal repression” in other countries and said it was stronger than current EU laws.
A spokesperson for the ministry confirmed that the amendment does not need to be voted on in the Bundestag and would go into effect in the coming weeks after Chancellor Angela Merkel signs off on it.
German Minister of Economics Sigmar Gabriel said in a statement, “European regulations for the export of such technologies to other countries have been incomplete up until now.”
The German government, Gabriel said, “is closing control loopholes now that are still being debated in Brussels. We’re going to advocate in Brussels and internationally for fast European and worldwide regulations.” Gabriel noted that surveillance technologies can be used to suppress human rights.
EURACTIV recently reported that the European Parliament would vote on Dutch Liberal MEP Marietje Schaake’s report on the export of surveillance technologies during yesterday’s plenary session in Strasbourg. That vote didn’t take place.
Schaake’s office confirmed to EURACTIV that they requested to have the vote postponed until September.
“I have a hard time explaining to some colleagues why this is important,” Schaake said.
“It’s hard for them to imagine. They don’t know the technical capabilities of some of these technologies, let alone the risks. The Hacking Team leaks has helped give concrete examples of how these things work in real life.”
Internal emails and invoices from the Italian company Hacking Team were leaked over the weekend. The company sells software that can be used for surveillance. New leaks revealed its clients include a number of EU member states, as well as Sudan, Morocco, Kazakhstan and other countries with poor human rights records.
The European Commission is reviewing the dual use regulation this year, which lays down restrictions for the export of technology that can be used for military purposes.
Germany’s new law jumps ahead of any upcoming EU agreement on export controls.
Edin Omanovic, a researcher on export regulation of surveillance technologies at the NGO Privacy International, says that makes Germany unique within Europe—even considering the country’s companies that have a vested interest.
“The German industry is the largest that I know in Europe,” Omanovic said of the companies there that produce surveillance technology.
“It provides an example to other EU member states and Germany should be congratulated for this if it’s done correctly,” he added.
The German economics ministry has been active in EU meetings on the dual use regulation. Minister Gabriel called a meeting last fall in Brussels on export control reforms.
Marietje Schaake said the European Commission has been dragging its feet on a new dual use proposal.
“I think it makes a lot more sense to have common laws on the EU level, but it’s good that countries take the lead,” Schaake said of the new German regulations.
Sanctions on exports are issued on the European level, but member states enforce them, Schaake said.
“What the Hacking Team leaks show is that if a country is more open to giving licenses to companies like Hacking Team, that can create a weakest link,” she added.
Instead, Schaake argues that EU countries should agree to the same conditions for giving licenses to companies that export surveillance products.
Hacking team leaks
Germany was among the EU countries exposed as a Hacking Team client.
One leaked invoice shows the small German company TKSL paid for maintenance of the “Falcon” programme, which the company’s director Simon Thewes says was used in Luxembourg.
Thewes told EURACTIV TKSL resells cybersecurity and surveillance products to police and intelligence services and that 80% of the company’s work is in Europe. According to Thewes, TKSL worked on one other deal with Hacking Team.
“It’d be better if this was done on the European level and if there were the same standards for every country,” Thewes said of the German regulation, adding that some companies simply export their products from another country if the EU country where they’re based has strict rules.
The German law will impact its surveillance technology industry, according to Thewes. “Entire countries will probably drop off the client lists. Procedures and export approval will take longer,” he said.
Aachen based company Utimaco, whose services include “lawful interception of telecommunications,” wouldn’t be affected by the new German law, since the company doesn’t have its own data retention centres, according to Heinz Kraus, who works on the company’s export compliance.
Kraus said the Wassenaar Arrangement is preferable to a European law that regulates the export of surveillance technology. EU member states are already signatories on the Wassenaar Arrangement, as are the United States, Japan, Russia and several other countries.
“There should be as many countries as possible” affected by export regulations so that European companies can still compete internationally, Kraus said.
Trovicor, a Munich-based company that sells surveillance products, did not respond to a request for comment.