The US State Department recently solicited feedback on its draft US Government Guidance for the Export of Hardware, Software, and Technology with Surveillance Capabilities and/or Parts/Know-How, which was issued on 4 September 2019. The consultation period ended on 4 October 2019.
In the draft guidance, the State Department:
- seeks to "provide insight to exporters on [the] considerations to weigh prior to exporting" items with intended and unintended surveillance capabilities; and
- highlights the United Nations Guiding Principles on Business and Human Rights, the Organisation for Economic Cooperation and Development Guidelines for Multinational Enterprises and the US government's human rights concerns.
Ultimately, the draft guidance encourages exporters to:
- examine whether a particular export transaction carries the risk that an end user will misuse the item to carry out human rights violations or abuses; and
- implement human rights diligence into their export compliance programmes.
Although the draft guidance – even when finalised – will not have the force of law, it seeks to impose additional human rights due diligence obligations on companies that export items with surveillance capabilities, including:
- crypto-analysis products;
- penetration-testing tools;
- IT products with deep packet inspection functions;
- specialised computer vision chips;
- non-cooperative location tracking (ie, products that can be used for the ongoing tracking of individuals' locations without their knowledge and consent);
- cell-site simulators (ie, stingrays);
- automatic licence plate readers;
- body-worn cameras;
- drones and unmanned aerial vehicles;
- facial recognition software;
- thermal-imaging systems;
- rapid DNA testing;
- automated biometric systems;
- social media analytics software;
- gait analysis software;
- network protocols surveillance systems; and
- devices that record audio and video and can remotely transmit or be remotely accessed.
Some of these items are already subject to multilateral or unilateral export controls and are on the Commerce Control List. However, many are controlled only for anti-terrorism purposes or fall under the Export Administration Regulation (EAR) 99 catch-all. For example, some commercial unmanned aerial vehicles fall under Export Control Classification Number (ECCN) 9A012, while others are EAR99 and will soon stock holiday store shelves. GPS devices are "non-cooperative location tracking products", which should generally fall under ECCN 7A994.
For products that require a licence to be exported to particular countries (usually selected for such a review based on elements such as their human rights record), the government should already be conducting the bulk of the due diligence outlined in the draft guidance using government intelligence information. In particular, the US State Department already reviews licence applications for items controlled for crime control reasons to assess the likely impact on human rights.
Therefore, the draft guidance – if implemented – seeks to convince industry that it should be conducting its own due diligence on items that are not subject to export licensing to the vast majority of countries (eg, GPS devices and GoPro cameras) and the customers that want to buy them.
The US State Department offers several risk considerations and identifies detailed diligence steps and red flags for each. These include:
- identifying the potential for misuse by government end users or private end users with a close relationship to a foreign government;
- reviewing the human rights record of a government agency end user;
- reviewing whether the government end user laws, regulations and practices that implicate surveillance capabilities are consistent with the International Covenant on Civil and Political Rights;
- reviewing stakeholder entities involved in the transaction, including end users and intermediaries (eg, distributors and resellers), and referencing the Bureau of Industry and Security's (BIS's) Know Your Customer Guidance;
- tailoring the item to minimise the likelihood that it will be misused to commit human rights violations or abuses;
- after export, mitigating human rights risks through contractual and procedural safeguards and strong grievance mechanisms; and
- publicly reporting on the export transaction through, for example, an annual public report on human rights diligence.
The draft guidance also contains two extensive appendices with human rights tools, reports and guidance, as well as government laws, regulations and practices that could raise human rights concerns. Such concerns include:
- freedom of expression;
- restriction of civic space;
- the targeting of individuals or members of groups based on specific grounds such as race, sex and political opinion; and
- the total or significant control over internet service providers or telecoms networks.
Critically, the draft guidance identifies no specific country or region where such human rights concerns may be likely, but rather provides a broad framework against which to assess the export of items with surveillance capabilities. The draft guidance is not mandatory but may be a source of influence on future controls of items with surveillance capabilities.
Although the industry will likely be supportive of the draft guidance, as it is not a legal requirement, it may question who will foot the bill for such diligence. Reviewing whether a non-US government's laws, regulations and practices that implicate surveillance capabilities are consistent with the International Covenant on Civil and Political Rights takes time, possibly a law degree and likely a lot of money. In addition, the use of an end-use certificate executed by the customer, which has long been a tool to assist in ensuring products are not used for weapons of mass destruction restricted end uses, is not particularly helpful in this context as no customer will state that the product will be used to spy and crackdown on dissidents.
Moreover, some of the items implicated can be used as powerful weapons against human rights abuses – such as body cameras that can be used to record and bring to light human rights abuses. How does a company weigh the risks of misuse against these benefits? Further, what if the US administration is already sending export-controlled defence articles and US troops to the country in question? Does that mean it is acceptable to send the GoPro to that country's police department or other government end user? Arguably, these are tasks and decisions that are more readily handled by the US State Department itself, which has both the legal skills and the requisite intelligence information.
Moreover, this draft guidance could foreshadow new export controls and a US State Department review. In light of the potential upcoming controls of advanced surveillance technologies as part of BIS's review of emerging technologies,(1) companies involved in such technologies should take particular note of the draft guidance.
(1) Further information is available here.
Sylvia G Costelloe, associate, and Aman Kakar, associate, assisted in the preparation of this article.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.