EU Scrutinizes Spyware Exports To Sketchy Regimes

The European Union will start paying closer attention to sales of invasive surveillance software, which has previously flowed from European companies to countries with questionable human rights records. Under new EU rules issued recently, certain kinds of monitoring software will require a license to export. Those license applications would provide more transparency about where the software is going, and could potentially allow governments to block […]

A European Union flag waves in the wind in front of the chancellery in Berlin Friday, Oct. 12, 2012, after the European Union won the Nobel Peace Prize. The EU won the prize for fostering peace on a continent ravaged by war, giving bruised leaders of the 60-year-old European project a badly needed boost in morale. (AP Photo/Markus Schreiber)

The European Union will start paying closer attention to sales of invasive surveillance software, which has previously flowed from European companies to countries with questionable human rights records.

Under new EU rules issued recently, certain kinds of monitoring software will require a license to export. Those license applications would provide more transparency about where the software is going, and could potentially allow governments to block unsavory sales.

As The Intercept has reported, companies like Milan-based Hacking Team or FinFisher, of Munich, sell to countries where authorities appear to have used the software to spy on dissidents and the press. Hacking Team implants have been discovered on the devices of Moroccan and Ethiopian journalists, while leaked FinFisher documents showed that activists and political opposition members in Bahrain had been targeted.

“Time and time again human rights activists and their families have been spied on, detained and even tortured — all enabled by surveillance technologies made here in the EU,” said Wenzel Michalski, Director of Human Rights Watch Berlin, in a statement.

Many online-security researchers have reservations about the regulations, worrying that they might hamper research and legitimate security products. Privacy International said in a statement that the new EU controls are adequately tailored and “do not apply to technology or software in the public domain or relating to basic scientific research,” but others are still concerned the new rules could be read too broadly.

“I’m deeply concerned about the human rights implications of surveillance software – I’ve been involved in that research,” said Eva Galperin, Global Policy Analyst for the Electronic Frontier Foundation. “But I don’t want regulations to make it impossible to do more research.”

The EU move was prompted by changes to the Wassenaar Arrangement (a voluntary international arms control pact), which were made specifically in response to documented abuses of spyware. The U.S. is also mulling how to implement the Wassenaar changes.

Photo: Markus Schreiber/AP

Join The Conversation