On September 4, 2019, the US Department of State (State) published draft Guidance for the Export of Hardware, Software and Technology with Surveillance Capabilities and/or parts/know-how (the “Guidance”) to provide insight to exporters of items with surveillance capacities on human rights concerns to consider prior to export of such items. State is soliciting feedback on the Guidance until October 4, 2019 for its consideration for the final version of the Guidance to be published at a later date (yet to be specified).

According to State, the Guidance is not intended to be comprehensive or mandatory and is not meant to address any requirements under export control laws. Rather, it seeks to assist exporters of items with surveillance capacities with implementation of the UN Guiding Principles on Business and Human Rights as well as the OECD guidelines for Multinational Enterprises to prevent and eliminate the misuse of such items in violations or abuses of human rights, with a particular concern for the right to privacy.

The Guidance encourages exporters of “items with intended or unintended surveillance capacities” to integrate human rights due diligence into their export control compliance programs and provides suggestions for how to do so as well as detailed due diligence considerations, examples of red flags, and other practice-ready advice on how to conduct effective human rights due diligence.

The term “items with intended or unintended surveillance capacities” is defined broadly in the Guidance to include “hardware, software, technology, technical assistance, services, and/or parts/know-how that is marketed for or can be used for the monitoring, interception, collection, preservation and/or retention of information that has been communicated, relayed or generated over communications networks to a recipient or group of recipients.” Examples of items with surveillance capabilities, include, but are not limited to: spyware; crypto-analysis products; penetration-testing tools; information technology products with deep packet inspection functions; specialized computer vision chips; non-cooperative location tracking (i.e., products that can be used for ongoing tracking of individuals’ locations without their knowledge and consent); cell site simulators (Stingrays); automatic license plate readers; body-worn cameras; drones and unmanned aerial vehicles; facial recognition software; thermal imaging systems; rapid DNA testing; automated biometric systems; social media analytics software; gait analysis software; network protocols surveillance systems; and devices that record audio and video and can remotely transmit or can be remotely accessed.