Swiss moves to curb surveillance exports an example to the EU
The Swiss Federal Council has introduced a major amendment to its export licensing legislation in order to ensure surveillance technologies that might be used for human rights abuses are not exported from Switzerland.
What this means is that Swiss authorities must reject companies’ requests to export internet and mobile surveillance technologies if there “are reasonable grounds to believe” that the items could be used for repression in the country of destination.
The amendment follows sustained calls by Privacy International for Switzerland to take concrete action to stop companies from using the country as a convenient territory from which to sell and export surveillance technology.
The European Union (EU) and its member states are this year considering whether or not to take similar steps to restrict the export of surveillance technologies. The decision by the Swiss Federal Council, which is welcomed by Privacy International, serves as a strong reminder to the EU that parallel reform is badly needed at the European level.
Much needed reform
The decision of the Federal Council to tighten restrictions on surveillance technology exports comes after almost two years of sustained campaigning by Privacy International, paired with significant media attention on high profile surveillance exports from Switzerland. A timeline of the events in Switzerland which have led to the recent legislative change is below. A catalyst to export reform in Switzerland was a joint investigation by Privacy International and Swiss magazine WOZ into the attempts of Swiss company Neosoft to export mobile phone monitoring technology to the Rapid Action Batallion (RAB), a branch of the Bangladeshi police branded a “death squad involved in serial, systematic killings” by Human Rights Watch.1
As a result of the investigation Neosoft - one of the most prominent and advanced sellers of such technology in the world - was referred for prosecution by Swiss authorities in September 2014 for failing to comply with export licensing regulations. Although the prosecution was eventually abandoned, the proposed export to the RAB was halted. Consequently, the Swiss government was forced to publicly disclose detailed data relating to arms and dual-use exports, revealing the dates, monetary amounts, and destinations of controlled items that companies have attempted to export from Switzerland.
Throughout Privacy International's campaign, the Swiss export authority has maintained that it has not had the explicit statutory authority required to turn down an application for an export license for surveillance technology based on concerns related to human rights.2 Swiss legislation would have allowed the licensing authority to reject an application based on concerns the export could lead to repression if the item was a military item regulated by the War Material Act. However, the same safeguards did not apply to surveillance technologies because they are classified as “dual-use” goods and regulated by the Goods Control Act.
The recent amendments are clearly a decisive attempt to rectify the inadequacies of the Swiss export control regulations. They aim to address the existing gap by mandating that the licensing authority reject any applications for surveillance technology if there are reasonable grounds to believe that the export would lead to repression.
They relate to all types of surveillance technology which are currently subject to restrictions, including mobile phone monitoring technology (aka IMSI Catchers or Stingrays), intrusion software (aka state trojans), IP network communications surveillance systems (internet monitoring centres) and any other surveillance technology subjected to licensing restrictions within the Wassenaar Arrangement control lists. 3
Over to EU
While the need for such a mandate is apparent in Switzerland, it also provides a blueprint for the EU and its member states, which are this year carrying out a major review into the export control system to decide the extent to which it should and can be reformed in order to restrict exports of surveillance technologies.
One of the main issues to be resolved is whether or not criteria similar to the one now adopted by Switzerland can be introduced into the EU dual-use regulation. Similarly to Switzerland, export controls of dual-use items in the EU are regulated differently from the trade in military items. Applications for exports of military goods should be screened by EU national licensing authorities for their potential to lead to repression, but these criteria are not uniformly applied to surveillance technologies by all countries as they are classifed as dual-use items.
Privacy International and the wider Coalition Against Unlawful Surveillance Exports are calling for the EU to introduce a clear, appropriate, and strong mandate for national authorities to reject applications if exports have the potential to lead to human rights abuses. In addition, surveillance technologies should be subject to exporting restrictions. Authorities should consider the legal framework governing the use of the surveillance technology in the country of destination and the risk of the exported item to be used for internal repression.
It is essential that this reform be prioritised. As the Swiss example demonstrates, export restrictions are not a silver bullet designed to comprehensively protect human rights, but rather a necessary and major component of any successful mitigation strategy. In order to ensure that EU trade policy and regulation are in line with its commitment to human rights and democratisation, it is essential that it takes steps to prevent its companies from actively facilitating repression and authoritarianism.
The road to reform
Late 2013: Following reports in the Swiss media4 that Swiss authorities had received some 15 applications from companies seeking permission to export surveillance technology, Privacy International wrote to over 70 Swiss lawmakers, competent committees and departments5, highlighting the potential of such products to be used for human rights abuses. Examples included internet and phone monitoring technology. Among these were tools produced by Gamma, capable of allowing its user full access to a targeted computer or mobile phone, including devices’ cameras and microphones.
March 2014: The reports and pressure from Privacy International and other organisations appeared to work. Some of the companies withdrew their applications6 following the announcement of a federal review into the issue and the postponement of any decisions by the Swiss authorities related to the applications. According to one of Switzerland's largest German language dailies, St. Galler Tagblatt, Gamma was one of the companies that had withdrawn their application.7
Summer 2014: Soon afterwards, however, Privacy International learned that another Swiss company, NeoSoft, was attempting to export mobile phone monitoring technology to the Bangladeshi Rapid Action Battalion (RAB)8. Following an investigation by Privacy International and Swiss magazine WOZ, Swiss authorities were provided with evidence showing that ten RAB representatives were in Zurich and likely to be receiving training from NeoSoft.9
September 2014: Swiss authorities referred Neosoft for prosecution for failing to comply with export licensing regulations in September 2014.10 Unfortunately, the charges were eventually dropped due to the prosecutor's inability to definitively prove that the RAB received formal training from Neosoft. This was despite the fact that the RAB officers’ visa application specified they were travelling to Switzerland for training purposes. In addition, the officers’ had been photographed at NeoSoft's offices, and they were staying at a Zurich hotel booked by NeoSoft. Nevertheless, Additional Director General of RAB, Colonel Ziaul Ahsah, subsequently reported to Bangladeshi media that the export had in fact been stopped “just before the shipment of the materials” by Switzerland following allegations that the equipment could be used for human rights abuses.11
January 2015: Following a Freedom of Information challenge and consistent pressure from Privacy International, Swiss journalists, and several Members of Parliament the Swiss government was forced to publicly disclose detailed data relating to arms and dual-use exports. This is considered a major victory for government and corporate transparency.12 The previously secret government-held data, now publicly available and updated annually, reveals the dates, monetary amounts, and destinations of controlled items that companies have attempted to export from Switzerland. The data’s eventual disclosure was a result of a Freedom of Information request relating specifically to surveillance technology, but the records also pertain to license applications for all items subject to exporting restrictions. These include small arms, tanks, missiles, and drones, as well as a wide range of other strategically sensitive items classified as “dual-use.” Regarding the previously withdrawn license applications, the records show that requests for the export of surveillance technology to Ethiopia, Indonesia, Yemen, Qatar, Malaysia, Namibia, Oman, Russia, Chad, Taiwan, Turkmenistan, UAE, and China were all withdrawn by the companies as a result of the federal review, meaning that the exports did not go ahead.The records also show, however, that the Swiss export control authority did grant 21 exported licences for mobile phone monitoring technology in 2014 - 14 of which were for temporary export and included requirements for re-entry. What this means is that the technologies were likely used in for trade shows, demonstrations and exhibitions. A further seven licenses were issued for definite export. In total, licenses for mobile phone monitoring technology worth CHF 8 million (£5.2 million) were approved for export to Ethiopia, Indonesia, Qatar, Kuwait, Lebanon, Lithuania and Thailand.
May 2015: The Swiss Federal Council introduces a major amendment to its export licensing legislation in order to ensure surveillance technologies are not exported from Switzerland and used for human rights abuses.
1http://www.hrw.org/news/2014/07/20/bangladesh-disband-death-squad
2http://www.tagblatt.ch/aktuell/schweiz/tb-in/Big-Brother-mit-Schweizer-Technik;art120101,3741417
3http://trade.ec.europa.eu/doclib/docs/2014/april/tradoc_152446.pdf
4http://www.tagblatt.ch/aktuell/schweiz/tb-in/Abhoeren-mit-Schweizer-Software;art120101,3468787
5https://www.privacyinternational.org/?q=node/432
6https://www.privacyinternational.org/?q=node/377
7http://www.tagblatt.ch/aktuell/schweiz/tb-in/Abhoeren-ohne-Schweizer-Software;art120101,3719521
8http://www.hrw.org/news/2014/07/20/bangladesh-disband-death-squad
9https://www.woz.ch/1436/ueberwachungsexporte/die-bangladesch-connection
10https://www.privacyinternational.org/?q=node/453
11http://www.newsbangladesh.com/english/Switzerland%20holds%20back%20shipping%20of%20intelligence%20gears%20for%20RAB/482
12https://www.privacyinternational.org/?q=node/98