NSO Group human rights

Export bans alone won’t stop surveillance — we need a new global approach

Ahmed Mansoor, an Emirati human rights defender, recently celebrated his 50th birthday behind bars, serving a 10-year sentence for speaking out on social media about human rights violations in the United Arab Emirates. In March 2017, Mr. Mansoor was detained by authorities in the UAE after being targeted and surveilled using tools provided by the now infamous spyware company, NSO Group. 

Though governments have long employed different methods to surveil and track their citizens, dissidents, and political opponents, the technological tools now available to them make the reach of this surveillance more alarming than ever. Companies such as NSO Group and Hacking Team make it possible for repressive regimes to target those who oppose them in order to stifle dissent. The covert nature of targeted spyware make it the tool of choice for authoritarians.

We need global reforms. Fast.

As the cyber-surveillance industry continues to thrive, there are few protections and safeguards put in place to ensure that fundamental human rights do not suffer as a result. This alarming trend led David Kaye, the U.N. Special Rapporteur on the freedom of opinion and expression, to call for a moratorium on the transfer, sale, and use of surveillance technology until “rigorous human rights safeguards are put in place to regulate such practices and guarantee that Governments and non-State actors use the tools in legitimate ways.” Rapporteur Kaye’s recommendation aligns with Access Now’s call for a “presumptive prohibition on all government hacking” in our 2016 paper, A Human Rights Response to Government Hacking, as well as with the U.N. General Assembly’s consensus resolution in fall of 2018, “recognizing States should refrain from employing unlawful or arbitrary surveillance techniques, which may include forms of hacking.”

The impact that surveillance technology has had on vulnerable individuals and members of at-risk communities demonstrates why comprehensive, systemic regulation of this industry is both necessary and urgent. Export controls have long been held up as one of the few instruments that democratic countries can leverage to control, and, when necessary, stifle the trade of certain categories of spyware. However, it is evident that this tool alone is not enough. The question of how to limit the surveillance industry to protect human rights has been a topic of heated debate for stakeholders in the context of the Wassenaar Arrangement (a voluntary international regulatory system for “dual-use” technology) and in recent years at the E.U. level in Europe, as member states have considered further tightening E.U. export rules to respond to revelations that repressive regimes are (still) using European-made technology against civil society.

An export ban is just the first step

This discussion is playing out in a different form and political context in the United States. The U.S. government recently blacklisted a group of Chinese firms, citing human rights violations directed towards the Uyghur population. The order bans U.S. companies from exporting technology to the blacklisted firms.

For background, the Uyghurs — an ethnic minority group within China, living in the Xinjiang region — have been subjected to extensive and well documented digital surveillance by the Chinese government. Over the years, the government has used a variety of surveillance technologies to monitor the lives of Uyghurs, online and off. Facial recognition-enabled cameras, big data-powered predictive policing platforms, mobile surveillance and malware apps are among the growing list of technologies deployed for explicit, targeted surveillance in the region. 

Much of this technology is supplied by private and state-owned Chinese firms that rely substantially on technology from western countries. For example, Chinese video surveillance suppliers Hikvision and Zhejiang Dahua — both of which have profited immensely from security-related government contracts in Xinjiang — rely on technologies from U.S. firms such as Intel, Nvidia, Seagate, and Western Digital for their surveillance products. The government has also collected extensive biometric data on the Uyghurs requiring them to pass through facial recognition surveillance checkpoints in order to enter religious spaces and transportation hubs. 

Systemic problems need systemic solutions

There can be no doubt that such surveillance is in stark violation of human rights and that the export ban is necessary and justifiable. However, the proliferation of targeted spyware and surveillance systems is a systemic and global problem. States across the globe must engage in a comprehensive overhaul of regulations for the surveillance industry, and work to strengthen international norms against state hacking, to ensure accountability, transparency, and operation under a uniform set of rules. Otherwise, companies will simply continue to cherry pick jurisdictions from which to peddle their spyware.

Imposing a moratorium on sales or export of surveillance systems, and improving existing export controls, is important but only a stepping stone to addressing the systemic failures and gross deficiencies in regulating the trade of technologies that facilitate surveillance. In the case of the Uyghurs, the primary responsibility for protecting human rights lies with the Chinese government, and we call on the government to cease its unlawful surveillance and the use of invasive tracking technologies. At the same time, we urge international institutions and global leaders to work together to forge deeper reforms with the potential to fix the broken system that is failing to protect users at risk.