Commonplace digital technologies such as satellites, signal processors and radio equipment are beginning to be defined as 'dual use' under international political and legal frameworks. Spearheaded by Dutch Member of the European Parliament Marietje Schaake, the EU is reviewing the licensing of legitimate exports to include new categories of dual use items. Consequently, countries outside the EU may also have to consider the extent to which digital technologies could arm rogue governments or terrorist groups and threaten their strategic interests, as well as how best to respond to this threat.
Dual use items are products that have both civilian and military applications, such as chemicals, or in the case of information and communication technologies, GPS. Digital arms, for example, are packets of code, IT products called ‘exploits’, that allow hackers to infiltrate flawed software or operating systems, enabling basic spying or theft of money and data. The market for these products has grown over the last few years and they are being traded by individuals, companies and governments from Syria to the US. Many are made in the EU, which is currently examining legislation to limit exports.
The challenge is to balance security with competitiveness under the pressure of constant innovation. In Brussels on 26 June the 2013 Strategic Export Control Conference, organised by the European Commission and the Irish Presidency, gathered hundreds of representatives from industry associations, companies, academia, national authorities and European institutions to discuss and review the authorisation and licensing of the export of controlled items.
Schaake is campaigning for the European Commission to adopt stricter regulations. In October 2012 she introduced legislation obliging EU companies to seek authorisation if they believe the export of particular technologies might infringe human rights or EU strategic interests.
Schaake believes both rogue governments and terrorist groups can purchase digital arms made in the EU to hack into computers, violate privacy, and undertake mass surveillance, censorship, and monitoring. For example, software manufacturers Hacking Team from Milan recently launched a remotely controlled spyware product to tap encrypted communications, Skype calls and Instant Messenger chats. Hacking Team has voluntarily adopted export bans on countries blacklisted by international organisations such as the EU and NATO as well as the US, yet there is no guarantee it will maintain them.
Export restrictions on dual use items are not new. Australia initiated and manages the international secretariat of the Australia Group, established in 1985 to help member countries identify which of their exports should be controlled to avoid the proliferation of chemical and biological weapons. The group has 42 members including the European Commission and the OECD.
Likewise, the dual use of digital technologies will have implications beyond Europe and its trading partners. Regulation could take multiple forms, including licensing in certain categories of technologies, analysis of countries which pose a potential security risk, a blacklist of aggressive technologies, a blacklist of certain countries, and more sophisticated country reporting which includes information about national telecommunication sectors and their accountability, transparency and applications.
As well as examining the technology itself, the context of its use will need to be considered in the analysis of whether an export poses a potential threat to the strategic interests of a nation or multilateral institution, something which is likely to require some degree of international coordination.
Photo by Flickr user Keoni Cabral.