The British government knows more about surveillance exports than it is letting on
The first joint report from the Committees on Arms Export Controls (CAEC), released last Friday, highlighted the importance of careful licensing and independent scrutiny for the export of ‘controlled’ goods, to prevent sales that could ‘facilitate internal repression’ in authoritarian regimes abroad. And as we wrote yesterday, the Committees advised that 10 Downing Street should make good on assurances PI was given in March that the problem of unlicensed surveillance exports would be addressed.
The British government thus far failed to regulate surveillance exports, and this has allowed public officials to consistently claim that they have no information about the foreign clients of UK firms or the current whereabouts of dangerous surveillance technologies manufactured in the UK. For example, in response to a Parliamentary question in November 2011 about UK intelligence company Detica and its trade with Tunisia, Baroness Wilcox of the Department for Business, Innovation and Skills stated that: “Detica does not, under the UK export control regime as it stands, need permission to export this kind of equipment. Because no permission is required, the Government therefore have no information on what has been sold to the Government of Tunisia by Detica.”
As a result, the debate on surveillance technology has been stifled by a lack of export data in the public domain. And the implication of the government’s reticence is that (to paraphrase Lord Kelvin) ‘what you cannot measure, you cannot find the political will to improve’.
But the government’s claim that no information on surveillance exports exists is at best misleading and at worst downright dishonest. While vendors of non-controlled goods do not have to obtain a license to export, every consignment of goods that leaves the EU must be accompanied by an ‘export declaration’ made by the vendor or by a shipping agent on their behalf. Although this requirement does not apply to surveillance software if it is exported virtually via an online download, all the physical components that comprise a communications monitoring centre - servers, data processors, network taps - must be declared to HMRC before they leave the country. There are several different declaration forms that may be used depending on the status of the exporter, but they all share common data fields, including the vendor, a description of the goods and their end destination. This information is electronically captured and stored for four years on HMRC’s CHIEF database (CHIEF stands for Customs Handling of Import Export Freight).
The system hardware associated with surveillance may be innocuously described as ‘servers’ or ‘data processors’ on export declarations. Nevertheless, it is clear that if they are being exported by one of the several highly specialised UK firms that deal exclusively in surveillance tech, there is only one purpose that the equipment will be put to. So if there is a centralised database that holds the records for every product exported in the last four years by firms that only sell surveillance technology, it cannot be a challenge for HMRC Customs and Excise to establish on behalf of the government who these companies are trading with, and thereby estimate the scale of surveillance technology exports to repressive regimes.
Ultimately, while independent scrutiny of the surveillance technology trade is certainly hampered by the difficulty of securing export data, the government need only consult its own database to uncover the scale of the problem. The question then is not whether the information exists, but whether our politicians have the will to stop turning a blind eye to the exports of British surveillance technology to authoritarian regimes, and the obvious and documented role that this plays in facilitating repression and human rights abuses.