Campaigners have cautiously welcomed the move to widen the Wassenaar Arrangement, and hope that it could slow the transfer of technologies used to suppress dissent in autocratic countries.
The arrangement was established in 1996 to limit the proliferation of weapons and dual-use items after the fall of the Soviet Union. Its ‘control lists’ include technologies that are either exclusively for military use, such as arms and munition, or that can be repurposed for security applications, including electronics, computers and propulsion technologies.
In all, 41 nations that produce or export these technologies have signed up to the voluntary agreement. The arrangement does not ban such exports, but it does mean that companies must obtain licences and that exporting countries must report transfers to the rest of the group.
Last month, technologies that are increasingly used by security services and intelligence agencies for online surveillance, such as intrusion software and communications surveillance systems, have been added to the list at a meeting in Vienna (3-4 December).
The moves comes after a series of diplomatic rows between the United States and regional powers including Brazil and Germany over the apparently widespread surveillance of official communications by the United States’ National Security Agency (NSA). A statement issued by the Wassenaar Arrangement’s secretariat following the meeting noted that these surveillance tools “may be detrimental to international and regional security and stability”.
While the NSA’s online dragnet has attracted the majority of recent attention, these technologies are also proliferating outside the United States, and many are developed by the private sector.
An index of the surveillance industry published last November by UK campaigning organisation Privacy International identified 338 vendors in 35 countries. UK Trade and Investment, the government’s trade promotion department, estimates that the global cybersecurity industry is worth nearly US$200 billion a year.
Clamping-down on dissent
Human rights defenders and journalists’ organisations have highlighted the increased use of sophisticated surveillance technology in repressive regimes around the world. The use of social media and voice-over-internet-protocol during the Arab Spring woke some governments up to the potential for dissent to be incubated and transmitted online.
Several have reportedly moved on from banning access to Facebook and Skype to more-active surveillance using commercial technology imported from Europe, according to the anti-censorship Reporters Without Borders group. Bahrain, Syria and Vietnam have joined a list of nations reported by mainstream press to use sophisticated technology to clamp down on dissent.
Marietje Schaake, a Dutch member of the European Parliament who has campaigned for greater restrictions on the technology, welcomed the expanded agreement. “For years, this has been a gaping hole in European Union regulation which has had profound implications for human rights,” she said in a statement. “Authoritarian regimes use technology to spy on and repress their populations, but the systems that European and other companies export can also be used against us in a cyber attack or for corporate espionage. Digital weapons can be as effective and dangerous as conventional arms.”
Edin Omanovic, a surveillance technology specialist at Privacy International, says that the expansion of the control list represents progress, but that more work needs to be done to curtail access to such technologies.
“We have to think of ways for [governments] to enforce the controls,” he says. “It’s always going to be the case that some of these technologies are intangible and very easy to export, which presents unique enforcement challenges that conventional arms don’t.”
Even before the revelations of widespread NSA surveillance, cybersecurity was increasingly on the agenda at gatherings of developing nations. The African Union and African Development Bank both opened discussions on formulating cybersecurity strategies for the continent during 2013.
Vulnerability to cyber attack
While some developing country governments have used surveillance and cybersecurity products to invade privacy and curtail their citizens’ rights, their own technology infrastructure can also be vulnerable to state-sanctioned and private attacks.
In 2010, an affiliate of the international hacking collective Anonymous claimed responsibility after Zimbabwean government websites were defaced in protest at censorship in the country. Last year, the network also claimed to have attempted distributed denial-of-service attacks, which overload a website with traffic, on the Zimbabwean Ministry of Defence and the Zimbabwe Revenue Authority.
Ahead of the announcement of the additions to the Wassenaar Arrangement, several reports and analysts raised concerns that a crackdown on technology exports could accidentally capture technologies legitimately used for security or research. In an analysis last month, the Open Technology Institute in the United States warned: “Although unintended, these controls could also catch some legitimate security products.”
But Omanovic says these fears now appear ill-founded as the new controls focus on technologies that can be used for intelligence gathering, rather than those applicable for cyber defence. “The agreements that they have ended up with have been incredibly specific,” he says.
Link to Wassenaar Arrangement