I just received the good news that my research article on the state of export controls for cyber-surveillance technologies was published. Here’s a direct link to my article in the Strategic Trade Review, a peer-reviewed journal that specialises on topics such as trade in dual-use items and strategic goods, nonproliferation and sanctions.
The article incorporates some findings of my Master’s thesis at the Hertie School of Governance, which discussed the same issue from a much broader perspective. I also recently received an ‘Aquila Ascendens’ award for my thesis work. My thesis advisors were Prof. Dr. Wolfgang Ischinger, Chairman of the Munich Security Conference and Professor at the Hertie School of Governance, and Dr. Ben Wagner, who is now a researcher at the Stiftung Wissenschaft und Politik (SWP) in Berlin.
Want to know what ‘cyber-surveillance technologies’ are before reading the article?
Good question. There is no universally accepted definition and this is part of the problem. The European Commission recently proposed to include all items “specially designed to enable the covert intrusion into information and telecommunication systems with a view to monitoring, extracting, collecting and analysing data and/or incapacitating or damaging the targeted system.” (see pp. 91-92 of my article). Admittedly, this definition is a little more complicated than one might hope and remains both too vague and too broad to act as a good basis for export controls. What is basically meant is a cluster of heterogeneous (and very often dual-use) technologies that in the end all contribute to surveillance, but work very differently and come into play at different stages of the surveillance process. Here is a brief overview of products that various actors in the debate identify as cyber-surveillance technologies:
The abstract of my new article:
The global trade in cyber-surveillance technologies has largely evaded public scrutiny and remains poorly understood and regulated. European companies play a central role in the proliferation of a broad spectrum of advanced surveillance systems that have legitimate uses, but have also been repurposed for nefarious ends. Export controls have developed into an important instrument to restrict sales of cyber-surveillance equipment and software to repressive regimes; however, these technologies pose significant challenges to traditional frameworks for the control of dual-use exports. This article provides an overview of current developments on the European level and within the multilateral Wassenaar Arrangement and presents the current state of export controls on cyber-surveillance technology. Most importantly, it discusses the outcome of the EU export control policy review, focusing on the regulation proposed by the European Commission in September 2016, and provides an initial assessment of the key innovations and limitations of the draft text. In addition, the article presents an analysis of the current debate regarding the problematic definition of ‘intrusion software’ in the Wassenaar Arrangement and offers insights into some alternative proposals.