Last week, the Italian Coalition for Civil Liberties and Rights, together with Access Now, Amnesty International, Bahrain Center for Human Rights, Digitale Gesellschaft, Elektronisk Forpost Norge (EFN), Foundation for Information Policy Research, International Federation for Human Rights, Privacy International, and Reporters Without Borders, released a shared statement calling for strong human rights safeguards and clear security research exemptions as the EU updates its dual-use regulation.
Dual-use technology regulation
The NGOs welcome the proposal, presented in September 2016, of the European Commission to update controls on the export of dual-use items - goods, software and technology that can be used for both civilian and military applications and/or can contribute to the proliferation of Weapons of Mass Destruction (WMD).
The organizations highlighted the need to stay on message as the proposal moves through the European Parliament and, later, into the trialogues.
“The existing EU framework has failed to protect countless activists, human rights defenders, journalists, and regular users from the detrimental impact of cyber-surveillance technology,” said Lucie Krahulcova, EU policy associate at Access Now. “The Commission’s effort to bring attention to the impact of this technology on freedom of expression and privacy is laudable and should be broadly supported throughout the EU institutions.”
Four key components
While the organizations applaud the steps taken to strengthen the current EU regime, they argue that four key components must be improved if the regulation is to make a meaningful impact:
- Human rights protections must be strengthened and have a definitive impact;
- All relevant surveillance technology must be covered;
- Greater transparency and reporting is needed;
- Security research and security tools must be protected.
Notably, the organizations explicitly call for cryptography items to be removed from the list, and for no new items to be added where their inclusion undermines security research, such as forensics tools. In the statement, they argue that encryption is essential in supporting the safety and security of users, companies, and governments everywhere by strengthening the integrity of communications and systems.
With heightened media attention, there has been an increasing awareness regarding the controversial trade of cyber-surveillance technology in and out of Europe. MEP Marietje Schaake has previously said, “We are talking about a very grey, intransparent and dark industry.”
“There is no debate about necessity here. EU member states have a responsibility under the UN Guiding Principles on Business and Human Rights to legislate in order to ascertain that business enterprises operate in a manner consistent with the state’s human rights obligations,” added Krahulcova.