The long shadow cast by the use of surveillance technology and so-called lawful intercept tools has spread across much of the globe and has sparked a renewed push in some quarters for restrictions on the export of these systems. Politicians and policy analysts, discussing the issue in a panel Monday, said that there is room for sensible regulation without repeating the mistakes of the Crypto Wars of the 1990s.
The last couple of years have seen a major uptick in the use of surveillance technology by governments around the world. Researchers have found government agencies in many countries, including Egypt, Syria Iran and others, using surveillance technology to identify and track dissidents, journalists and activists.
Some politicians, especially in Europe, and privacy advocates have been calling for some regulation of the sale of such technologies, and on Monday Marietje Schaake, a Dutch member of the European Parliament who has publicly supported such regulations in the past, said she believes there’s a clear need for some sort of control of the export of surveillance technology and that it can be done without restricting commerce.
“There’s virtually no accountability or transparency, while he technologies are getting faster, smaller and cheaper,” she said during a panel discussion put on by the New America Foundation. “We’re often accused of over-regulating everything, so it’s ironic that there’s no regulation here. And the reason is that the member states [of the EU] are major players in this. The incentives to regulate are hampered by the incentives to purchase.
“There has been a lot of skepticism about how to regulate and it’s very difficult to get it right. There are traumas from the Crypto Wars. Many of these companies are modern-day arms dealers. The status quo is unacceptable and criticizing every proposed regulation isn’t moving us forward.”
In the 1990s, there was a pitched battle between the United States government and the technology community over the regulation of encryption software and its classification as a munition, which restricted its export. One of the points of argument by the government was the possibility that intelligence agencies would lose much of their ability to spy on foreign governments and citizens if encryption software was widely deployed on the Internet. A proposal at the time from the government sought to solve this problem through the use of key escrow, which essentially would allow the government to hold a copy of the private key for any user, giving it the ability to decrypt communications if there was a legal need.
The scars from that period of time have taken a long time to heal in the security community, and the resistance to export controls on other types of software can be traced to the Crypto Wars in some cases. But others see it as a road full of potential potholes and fear it could lead to broader regulation of the Internet as a whole. The panelists on Monday said they understood those concerns but saw control of surveillance technology as a way to protect, rather than hinder, online freedoms.
“We look at the Internet as a medium for self-expression and it needs to be protected,” said Arvind Ganesan, director of the Business and Human Rights Division at Human Rights Watch. “Not everyone is going to respect the rule of law or people’s rights when they use these technologies. There are a number of companies out there selling these technologies in an unregulated fashion.”
Schaake said that while some companies make no bones about what their products are designed to do, others have found themselves in situations where a customer was using the technology for something they hadn’t anticipated, leading to an unusual situation.
“We’ve been asked by companies to apply sanctions so they could breach contract without being liable,” she said.
While the discussion of export controls for surveillance technology is a relatively new one, Schaake said she hopes that it will continue to evolve and eventually lead to an international agreement on how such tools should be sold.
“We’re not talking about over-regulating the Internet for the sake of regulating the Internet. What I hope will happen is that gradually a set of open norms will emerge. Right now, we’re not even close to knowing what norms we’re looking at. You have to start somewhere, and of course you will lose some market to someone, but we have real policies that are being compromised by these companies. That problem needs to be addressed. That’s why we’re seeking smart regulation to make that happen.”