The European Parliament today formally recognized what has become increasingly clear: some European tech companies have been selling to repressive governments the tools used to surveil democracy activists. In response, it passed a resolution to bar overseas sales of systems that monitor phone calls and text messages, or provide targeted Internet surveillance, if they are used to violate democratic principles, human rights or freedom of speech.
According to Bloomberg, the decision came after a Bloomberg report in August that "a monitoring system sold and maintained by European companies had generated text-message transcripts used in the interrogation of a human-rights activist tortured in Bahrain." The legislation reportedly leaves enforcement to the EU’s 27 member nations.
But European companies aren't the only ones. Recently Narus, a Boeing subsidiary based in Silicon Valley, was revealed to have sold to Egypt sophisticated equipment used for surveillance. (Note: EFF watchers will recognize Narus as one of the companies whose equipment is in AT&T “secret room” used to help the NSA conduct warrantless surveillance in the U.S. at the heart of our Jewel and Hepting cases).
And it's not just a problem in the Middle East. Cisco Systems is facing litigation in both Maryland and California based on their sales of surveillance equipment used by China to allegedly track, monitor and otherwise facilitate the arrest, detention or disappearance of human rights activists and religious minorities who have been subjected to gross human rights violations.
Despite the “head in the sand” approach of some tech companies, this concern is real and is not going away. Members of the U.S. Congress, such as Republican Representatives Chris Smith and Mary Bono and Democratic Senator Richard Durbin, are also watching closely.
It’s time for tech companies to step up and ensure that they aren’t wittingly or unwittingly assisting in the commission of gross human rights violations. While there may be many ways to accomplish this, a simple step would be for companies to voluntarily adopt a robust "know your customer" approach. First, companies selling these specialized surveillance technologies to repressive foreign governments need to take affirmative steps to know who they are selling to and what the technology will be used for, especially when they are providing ongoing service or customization of the systems. The U.S. State Department already publishes annual human rights reports about countries around the world and other objective resources are readily available, including EFF. This wouldn't be much more of a burden than what these sophisticated companies already must do to comply with laws like the Foreign Corrupt Practices Act and the the U.S. export restrictions. Second, companies need to refrain from participating in transactions where there is either objective evidence or credible concerns that the technologies or services are being used, or will be used, to facilitate human rights violations.
We'll be writing more about this. But the message from the EU Parliament is clear: Tech companies need to stop participating in human rights abuses around the world by selling tools that repressive governments need to commit them. Tech companies need to stop serving as "repression's little helpers."