Lawmakers in the European Union have advanced plans to subject hacking tools to export controls currently reserved for depleted uranium, human pathogens and other “dual use” products and technologies with both military and civilian applications.
The European Parliament’s Trade Committee voted 34-1 Thursday in support of expanding its list of regulated dual use products to cover “cyber-surveillance technology which can be used for the commission of serious violations of human rights or international humanitarian law, or can pose a threat to international security or the essential security interests of the Union and its Member States.”
The EU’s existing export controls impose restrictions on dual use products capable of being used to make weapons of mass destruction or otherwise banned by trade embargoes.
But if passed by the EU Parliament’s full House, the draft proposal adopted Thursday would placed spyware and other surveillance technologies in the same category as missiles, lasers, toxins and other items prone to being harnessed against civilians.
“Surveillance activities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties must be laid down by law and constitute a necessary and proportionate measure in a democratic society with due regard for the legitimate interests of the individuals concerned,” said an explanatory memorandum accompanying the proposal approved Thursday. “In recent years however, there have been numerous reports of cyber-surveillance technologies being exported to repressive regimes and/or into conflict areas and misused in violation of human rights.
“Cyber-surveillance technologies, which have legitimate and regulated law enforcement applications, have thus been misused for internal repression by authoritarian or repressive governments to infiltrate computer systems of dissidents and human rights activists, at times resulting in their imprisonment or even death,” the memorandum said. “As evidenced by those reports, the export of cyber-surveillance technology under such conditions poses a risk to the security of those persons and to the protection of fundamental human rights, such as the right to privacy and the protection of personal data, freedom of expression, freedom of association, as well as, indirectly, freedom from arbitrary arrest and detention, or the right to life.”
Intrusion technology developed by private companies and sold to government clients are routinely used in criminal investigations, most notably when the U.S. paid upwards of $1 million for professional hackers to break into an encrypted iPhone recovered from a slain terrorist suspect.
Those same types of tools have been sold to repressive regimes, however, and have repeatedly been used against journalists, political opponents and other targets in societies where civilians risk death and imprisonment for speaking freely.
The EU’s full House is slated to discuss the proposal as soon as a December plenary session in Strasbourg, Parliament said in a statement.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.