Update export controls long overdue



Member of the European Parliament, Marietje Schaake (ALDE/D66) welcomes the proposal by the European Commission to update the EU’s export control mechanism for items that have both military and civilian uses. It will include systems designed for surveillance, hacking and exfiltrating information from people's mobile phones or computers.

Schaake: “We have pushed for this much needed update. We need clear export control rules that ensure strategic and potentially dangerous items do not fall into the wrong hands. European-made products should not be used against the EU’s own interests or to violate human rights abroad. In called for human rights to be a criterium, and am glad the Commission has introduced a ‘human security approach’ to export controls.”

No free pass for national authorities

One of the crucial aspects of the regulation is how member state authorities assess requests of producers to export dual use items. Schaake: “In the past, we have seen too often seen how intrusive exfiltration technologies were exported to countries with a proven track record of human rights violations. National export control authorities must do serious assessments and not rubber stamp applications for a licence.”

Last year, it was revealed that Italian spyware company Hacking Team had sold products to Bahrain, Morocco or Uzbekistan, where they were used in some cases to spy on journalists and human rights activists. Schaake: “By strengthening the export control criteria, as well as by increasing transparency and information sharing, we can make sure that the member states take their responsibility.”

Security researchers no target

A key area of the new regulation is to look for ways to disable the export of certain new technologies to authoritarian regimes. Schaake: “The fast-paced changes in technology require modernized policies. However, we need to make sure that we do not target any activities that are done for legitimate research purposes or that enable activists to defend themselves against cyberattacks. By cooperating with all relevant stakeholders we can ensure the definitions in the law are targeted.”

Exclude encryption products

The review process of the dual use regime is not only an opportunity to add extra items on the control list, but also to exclude some items. Schaake: “While the Commission had made positive efforts to further facilitate the export of encryption items, we can do more. It is time to ask ourselves whether products that contain cryptography still have a legitimate place on the export control list. For me, the answer is a resounding no.”

Now that the European Commission has proposed a draft regulation, both Parliament and the Council will have to make amendments. After this, all three institutions will enter into negotiations to reach a final agreement.

See Schaake’s interactive timeline on the export control review process here.

See Schaake’s debate with the Commission on the Hacking Team revelations here.

Schaake has organised a roundtable in the European Parliament last year (video) with cybersecurity researchers on how to avoid such unintended consequences.

In 2015 the European Parliament adopted a resolution on the impact of intrusion and surveillance systems on human rights in third countries which was drafted by MEP Schaake.