An EU proposal intended to address important technological developments could significantly affect the controls on cyber-surveillance tools.

The proposal to introduce a “human security” dimension to export controls is designed to prevent the abuse of certain cyber-surveillance technologies by regimes with poor human rights records. However, the current scope of the proposal is particularly broad. It includes intrusion software, monitoring centers, lawful-intercept and data-retention systems, as well as digital forensics.

Although there is agreement on the need to improve human rights in the digital context, the proposal has divided stakeholders and is of particular concern to the cyber industry. It argues overly broad controls based on human rights considerations would place it at a competitive disadvantage in relation to non-EU rivals.

Instead, industry believes more targeted export controls would provide a better balance between concerns for national security and human rights. They argue many of the technologies affected by the proposal should be seen as part of the solution to human rights abuses.

In parallel, member states of the Wassenaar Agreement are considering multilateral export controls on intrusion software. Certain stakeholders have expressed disappointment at the relative lack of transparency in this area and believe the time is right for industry to increase its advocacy efforts. Once again, the problem is achieving the right balance between national security and privacy/human rights.

Finding this balance would allow for a narrowing and clarifying of relevant definitions and control descriptions in both Wassenaar and the EU.