Tech industry, privacy advocates pressure Commission on export control bill

Günther Oettinger [European Commission]

Technology industry groups are rushing to lobby the European Commission to change a draft bill, before it’s proposed in September, that would require export controls on surveillance products.

Companies are anxious that new, tougher export rules for a range of items, including biometrics and location tracking software, will clamp down on Europe’s technology industry and even push firms to move out of the EU.

The executive plans to require special licenses before companies export items that could be used to abuse human rights, according to a leaked draft proposal published on two weeks ago.

But industry groups have warned that the new rules will make it harder to export a broad range of commercial products like telecoms equipment or smartphones.

“If you have additional Europe-instigated burdensome conditions that apply to European companies then clearly it puts them at a disadvantage,” said John Higgins, director general of DigitalEurope, a trade association that represents large internet companies like Google and Microsoft and national tech industry groups from EU countries.

Firms might choose to relocate to the United States, where there are laxer export rules, Higgins told EURACTIV.

“It’s a given that the industry supports the aims of dual use export controls but the existing ones are fine. This is a backwards step,” he said.

The Commission’s trade policy unit DG Trade is handling the bill, which includes sweeping changes to a seven-year-old law on so-called dual use products that can be used either for military or civil purposes. Under the current law, companies need licenses to export products if they can be used to build weapons of mass destruction or violate a trade embargo. The new proposal adds a licensing requirement if exports can potentially harm human rights and includes a list of potentially harmful technology products.

Commission plans export controls for surveillance technology

EXCLUSIVE / Technology companies may face stricter licensing requirements to export products that could be used to violate human rights, as part of a change to EU rules.

Tech industry groups met with a member of EU Digital Commissioner Günther Oettinger’s cabinet last week to appeal for the new measures to be softened.

But at this point, Oettinger and other commissioners would have to delay the bill significantly if they want to make any big changes to the new measures, sources told EURACTIV. The executive is expected to present the proposal in late September.

Industry groups say Oettinger is planning to meet with tech companies over the new export control measures in early September.

Pressure is also mounting on the Commission from national governments that want to get rid of the requirement for export licenses if a product can be used for human rights abuses.

Austrian, Finnish, French, German, Polish, Slovenian, Spanish, Swedish and UK diplomats circulated a memo, seen by EURACTIV, asking the Commission to scrap the list of products that will be subject to EU export controls and instead broker an international agreement that involves countries outside the EU.

After the Commission proposes the bill, it will be negotiated between national diplomats and the European Parliament before being passed.

“Unilateral EU lists would be less effective, undermine the competitiveness of EU industry” and would not comply with existing EU weapons control law, the diplomats’ note reads.

“Targeted sanctions are the primary instrument to prevent the misuse of technology for human rights violations,” it continues.

The draft proposal has drawn criticism from privacy advocates as well.

London-based NGO Privacy International published a reaction to the leak earlier this week that called the measures to protect human rights a positive move. But the Commission’s proposal to require licenses for digital forensic tools could weaken cybersecurity technology, the group said.

“Like Intrusion Software, Forensic Tools can be used to enhance and improve cybersecurity, and by extension protect human rights globally, and must not be restricted when moving between international parties to remedy problems with IT systems,” Privacy International researcher Edin Omanovic wrote in a blog post.

Udo Helmbrecht, director of the EU cybersecurity agency ENISA, is at the extreme end of the export control debate.

During a meeting about encryption with the EU law enforcement agency Europol in May, Helmbrecht argued that a United States government policy in the 1990s backfired. By limiting exports of strong encryption, the US technology industry suffered commercially and encryption within the country was weakened, leading to security breaches and hacking attacks.

Helmbrecht insisted that governments should “refrain from limiting in any way the export of security features in computer software”.

EU cybersecurity and police chiefs reach breakthrough agreement on encryption

Two EU agencies that have been on opposite sides of a heated debate over encryption just agreed on limits to law enforcement agencies’ access to private data.

The European Commission is currently reviewing the dual-use regulation, the legislative framework for the export of products that can be used as weapons. The executive is expected to proposes changes to the law in September 2016. A vote on a report by Dutch ALDE MEP Marietje Schaake (Democraten 66) on export controls for surveillance technology was approved in September 2015.

  •  September 2016: European Commission will propose changes to the dual-use regulation

Subscribe to our newsletters