A Dutch member of the European parliament is supporting a grass-roots effort to restrict the export of surveillance software such as FinFisher and others, which are used by some governments and law-enforcement agencies to monitor their citizens’ activities.
The effort, dubbed Stop Digital Arms, is supported by Marietje Schaake, a member of the EU Parliament’s International Trade committee. The petition itself is on the Change.org site, and it calls upon members of the European Union “to give the European Commission the mandate to draft the laws and develop initiatives necessary to stop digital arms trade”.
There are a number of companies that sell the kind of surveillance and “lawful intercept” software referenced in the digital arms petition. Perhaps the most well-known is a British company called Gamma International UK, which sells the FinSpy and FinFisher software used by various governments around the world. In a report called “For Their Eyes Only” released earlier this year, the Citizen Lab at the Munk School of Global Affairs at the university of Toronto detailed the spread of this software around the world and identified a slew of FinFisher command-and-control servers in countries such as Australia, Bahrain, Canada, Germany, the Netherlands and the United States, among many others.
“In the European Union there definitely is a growing interest and need to introduce stricter regulation. The stopdigitalarms.eu campaign is a clear example that it’s not just us technologists raising a concern, but it is the subject of an ongoing political debate,” said Claudio Guarnieri, one of the authors of the Citizen Lab report, and a security researcher.
“The trade of surveillance software and equipment remains largely unregulated at this day and the fact that a large number of these vendors are located in the EU has created a sense of responsibility and resentment that you can clearly experience at local conferences and when talking with local hackers, politicians, journalists and concerned citizens.”
The EU petition seeks to bring the issue to the attention of policymakers.
“We, users of the global open internet urge European politicians and institutions, EU Member States and European businesses to stop the trade in digital arms,” the petition says.
“We believe in the empowerment of individuals via the internet and technologies but also acknowledge that technologies can become powerful arms in the hands of oppressors, or when companies and governments gain unchecked power or market share; we regret that globally opposition members, journalists, bloggers and citizens increasingly face repression through the use of technologies.”
The existence and use of lawful intercept and surveillance software has been an open secret in the security and privacy communities for some time now, but research such as the Citizen Lab report and the use of these applications against activists and journalists in countries such as Egypt and Syria during their recent political upheavals has raised the awareness of them among politicians and the general technology community. There are U.S. companies that sell similar software and appliances, and are restricted by U.S. law from exporting them to certain countries the U.S. does not do business with. The EU petition seeks to prevent European Union companies from selling their wares in some countries, as well.
“We urge European technological companies to develop standards to embed ‘human rights by design’ principles in their business operations and sign up to codes of conduct that respect human rights and promote corporate social responsibility,” the petition says.
Guarnieri said the potential for export regulations on surveillance software is an important step.
“Whenever they had the chance to, commercial surveillance providers always claimed that they do comply with export regulations and sometimes even went further and claimed to take into account human rights records. The reality is that those are companies driven by profit and these export laws are an obstacle to that,” he said.
“The introduction of such regulation is important in order to make it harder in the first place to export to countries with critical social and political conditions, but also to be able to introduce better oversight and make them accountable when they’re in the wrong. In addition if they do attempt to circumvent the law, it would prove once for all that morality is not one of these companies’ concerns.
“Introducing better laws to regulate the export of governmental trojans is important, but we also need to revisit how they are currently being used in democratic countries as well. Nobody yet answered how is it possible for law enforcement to use evidences in court collected against the first rule of forensics: do not tamper with the system under investigation.”
This story was updated on Oct. 31 to add comments from Guarnieri.