ARTICLE
22 August 2013

EU Targets Cyber Surveillance Exports And U.S. Considers Cyber Weapon Controls

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
In light of the recent high profile disclosures of cyber surveillance, there is increased political momentum in the U.S. and EU to control the export of particular cyber technology products and services.
Worldwide International Law

In light of the recent high profile disclosures of cyber surveillance, there is increased political momentum in the U.S. and EU to control the export of particular cyber technology products and services.  In the EU, the focus is on electronic surveillance equipment, and in the U.S., the concern is the proliferation of cyber weapons.

At an export control conference in Brussels this summer, a Dutch Member of the European Parliament, Marietje Schaake, who sits on the Parliament's Committee of International Trade, called for EU regulation of "mass surveillance, mass censorship, tracking and tracing systems, as well as hacking tools and vulnerabilities that can be used to harm people".

Ms. Schaake's comments build on the European Parliament's adoption of a number of suggested amendments to the European Commission's proposal to amend the Dual-Use Regulation (428/2009) (the "Dual-Use Regulation").  These amendments include a proposal to include surveillance equipment within the "catch-all" provisions of the Dual-Use Regulation according to which EU Member States authorities may impose licensing requirement on items that are not listed specifically in Annex I of the Dual-Use Regulation.  The European Parliament's proposals are an extension of the current EU sanctions against Iran and Syria which prohibit the export of equipment and technology that may be used for the monitoring and interception of internet and telephone communications.

If adopted, the new catch-all clause could subject EU exporters of IT surveillance equipment to a licensing requirement.  How this provision will be applied in practice, however, will depend on the exact phrasing of the final text adopted by the EU institutions.  Specific licensing decisions may, for example, take into account the identity of the end-user of the equipment and/or the end-user country.  Thus, exports to end-users in countries with a proven track-record of human rights violations may be more likely targeted under the new provision than exports to countries that adhere to higher human rights standards.  The proposal to amend the EU Dual-Use Regulation still needs to complete its legislative procedure in the European Parliament and European Council.  We will continue to monitor its progress, and report any significant developments.

The U.S. is also considering new export laws with respect to cyberspace, with a particular focus on the export of cyber weapons.  On June 20, 2013, the U.S. Senate Armed Services Committee favorably reported S. 1197, the National Defense Authorization Act for Fiscal Year 2014, containing section 946 of the proposed Defense Authorization Act, which requires the President to convene an "interagency process ... to control the proliferation of cyber weapons through unilateral and cooperative export controls."  The Senate Report on the proposed legislation acknowledged that there might be some difficulty distinguishing between "cyber weapons" and "dual-use, lawful intercept, and penetration testing" technologies."  We will also monitor and report any relevant developments in this area.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More