Discussion Prompt: To what extent can and should surveillance technology be subject to export control?

See all contributions to this question.

As is, global trade in surveillance technology is a race to the bottom, in which liberal democratic governments continue to criticise the behaviour of others while using it to justify their own. In a twisted consequence of profits over human rights, democracies also continue to be the primary exporters of surveillance capabilities to repressive regimes. Controlling the spread of surveillance technology is a moral, legal, and strategic imperative though, and Europe must do better; not only through reformed export controls but also by making transparent and leveraging its international security partnerships to improve legal and governance standards around the world.

Chinese authorities are demonstrating in Xinjiang how the very notion of human freedom can be challenged by modern surveillance technology. If it is to serve as a warning and not a blueprint for the rest of the world, the continued proliferation of some of the world’s most invasive surveillance capabilities to some of its worst abusers must be stopped. This article will look at the strategic interests of controlling surveillance technology export, as well as the various difficulties and policy options at play. 

While this proliferation is a human rights crisis, it’s also a strategic and security issue for liberal democracies. In the long term, global security and prosperity can only be promoted through the realisation of democratic and human rights, access to justice, and accountable governance – the very things undermined by the empowerment of authoritarian leaders and their security apparatus with tools of political control.

This should also be of concern to intelligence and security bodies. Given the difficulties in definitely attributing malware and other surveillance techniques to their source, it is now almost risk-free for hostile and allied government agencies to spy on people in foreign jurisdictions, not just on their own dissidents – but on other countries’ intelligence agencies, industry, leaders, and public.

In short, it’s a moral, legal, and strategic imperative to control the spread of modern surveillance technology and its use. Otherwise, if liberal democracies continue to criticise China’s record while following its lead, they will find the future unkind to their underlying values.

Strategic trade controls

In his contribution to this discussion series, Mark Bromley of the Stockholm International Peace Research Institute (SIPRI) outlines how both sanctions and export controls have been used to control exports of specific surveillance technology, and ways in which the European Union can play a leading global role. As outlined in his article, without trade controls being seriously reformed they will do little to fully address the issue. But as he also points out, even with reforms, trade controls should only be considered as part of “a range of policy tools that can be used to improve standards in the trade and use of surveillance technology”.

Courts, telecommunications operators and equipment manufacturers, software and hardware providers, the security industry, investors, and standards bodies all have a role to play in this regard. It is democratic governments though which must take the lead. So far however, their record has been dismal, with many supporting industries that wreak havoc in the majority world. Furthermore, democracies have themselves pursued powers and practices which have set dangerous global precedents.

Counter-terrorism, drugs, and migration agendas led by authorities in liberal democracies are also driving surveillance globally through the funding, training, and equipping of security agencies in partner countries – many of which lack necessary legal safeguards or basic rule of law. Reforming such security cooperation programmes should be a priority for any government serious about addressing the long-term threat posed by surveillance and authoritarian governments to human rights, international security, and democratisation.

Making trade controls work

As discussed by Bromley, sanctions and export controls have an important role. Sanctions in the form of trade embargoes have been applied sporadically by national and international bodies and are often cited by policy makers as the go-to instrument to address concerns. However, they are political tools with targeted objectives and are not a human rights mechanism. While they have been imposed on actors in Iran or China, neighbouring countries with equally shameful human rights records have not been sanctioned. Although punitive measures targeting specific companies such as Huawei may be justified, they are far from consistent. Therefore, while useful, the political and temporary nature of sanctions makes them limited in scope and easy for others to ignore.

Export controls are more consistent and international in scope. So far, they have been used to subject the export of specific technology to prior licensing requirements, including tools used to infiltrate IT systems, monitor internet traffic, conduct lawful interception, monitor mobile and satellite phones, eavesdrop through windows, and extract data from devices.

However, export controls give national authorities significant scope to prioritise economic and bilateral interests over human rights; meaning that in effect, national authorities authorise the vast majority of license applications that are made to them. A 2019 review conducted by Privacy International found that out of 284 license applications for surveillance technology made between 2015 and September 2018 in the UK, only nine were rejected due to a risk of it being used for internal repression. Only 21% of the destinations for these 284 exports were considered “Free” by Freedom House’s 2018 global report on political rights and civil liberties.

The difficulty in accurately defining the technical parameters of what should be subject to control in the first place — which risks catching tools necessary for critical research and economic growth, including in defensive cyber security — further undermines their long-term application. Foreign availability also means that countries with significant surveillance industries such as China, Israel, and Russia may continue to supply the market regardless. While relevant, this argument is often overstated, given that the US, UK, France, and Germany are the top four countries in which surveillance companies are headquartered. Yet, these countries purport to hold themselves to higher ethical standards.

These shortfalls can and must be addressed, and the ongoing reform of the EU’s dual-use regulation provides a once-in-a-generation opportunity to do so after ten years of parliamentarians and civil society calling for EU member states to agree to reforms. 

Conditioning surveillance aid

These reforms should be complemented by a range of legislative and technical interventions aimed at different types of companies, technologies, and governments. One of the easiest and most realistic opportunities for government authorities is to use existing security cooperation relationships around the world to improve legal and governance standards.

In 2001, the US spent $5.7 billion in security aid – in 2018 it spent close to $20 billion. The maze of US intelligence, counter-narcotics, and immigration enforcement bodies all provide extensive assistance to foreign counterparts through the provision of equipment, training, funds, and technical and legal expertise. Similarly, the EU and its member states spend countless billions in supplying foreign government authorities with surveillance tools and training, aimed at stemming illicit drugs flows, fighting terrorism, and controlling migration.

Niger, for example, now finds itself a hub for the US global war on terror, international efforts against illicit drug trafficking, and EU efforts to stop migration to Europe. To that end, the EU has supplied its border forces with mobile interception tools, a wiretapping centre, and surveillance drones – tools subject to export controls that the European parliament has sought to control for human rights reasons. The US has similarly supplied authorities in Niger with surveillance aircraft and significant counter-terrorism training. This is not a unique case: From Latin America, Asia, and across Africa – the same national authorities who are being criticised for their human rights abuses by foreign departments in liberal democracies, are being supplied by these democracies’ security agencies with the necessary funding, equipment, or know-how to commit human rights abuses.

Reforming these relationships to end the supply of capabilities which undermine people’s rights and leveraging such programmes to improve legal and governance standards should be a priority. Security sector reform, legal assistance, and human rights training is already a small part of US, European, and other security assistance programmes but should become their core and reflect the good practices and jurisprudence with regard to surveillance being developed around the world.

In effect, reforms to these programmes would focus on two things: 1) stopping the exporting of dangerous and unlawful capabilities, and 2) promoting the export of safeguards and best practices. Though ill-suited, examples like the Leahy Law in the US — intended to stop the assistance of foreign agencies complicit in grave human rights abuses through vetting requirements — are a model of how external assistance might be controlled to prevent human rights abuses. Such due diligence could, for example, seek to ensure that inherently dangerous capabilities would not be supported, such as bulk hacking and interception powers. This could be complemented by a range of best practices, sourced from academic analyses, government inquiries, and jurisprudence, all of which have articulated standards of how surveillance powers may be deployed and safeguarded. Data protection laws and surveillance frameworks already exist – these can be adapted to different contexts.

Leveraging this influence will not only promote human rights in fragile countries, it will further the security and economic interests of the states providing such assistance. Even the most security-minded politicians and intelligence leaders would agree that there needs to be sufficient protections over surveillance powers; it is madness to continue to export the same powers to authoritarians without any of the protections. The argument that Western companies should continue to supply authoritarian agencies because if they didn’t, someone else would, would also be somewhat mitigated – given that at least some legal and other protections will be in place to provide a check against some of the worst potential abuses.

All of this is underpinned by transparency. Currently, while some agencies such as the US State Department, UK Foreign Office, or the EU’s Trust Fund for Africa report vague details about their international surveillance partnerships – it is not enough to inform or enable oversight bodies, parliamentarians, or researchers to meaningfully understand how they may be made better. Intelligence agencies are wholly silent on their international partnerships – yet we know they continue to train and equip foreign counterparts. What it takes ultimately is political will to open up these programmes and to stimulate and enact reforms. This would be a first step.

In a post-COVID-19 and cash-poor reality, states, industry, and civil society have to use all the tools at their disposal. The alternative is a race to the bottom, in which liberal democratic governments continue to criticise the behaviour of others while using it to justify their own. This hypocrisy on the part of liberal democratic governments may be understandable. The creation of a world hostile to their existence is not.