The U.S. government has urged exporters not to share surveillance technology with human rights abusers. Draft Guidance was issued by the Department of State regarding the export of surveillance technologies that may be used in violation of citizens’ right to privacy, including the freedom of expression. Although the Draft Guidance will not be legally binding, it could have an impact on the development of broader human rights norms, discouraging businesses from enabling governments with a history of human rights abuses, such as Syria.
The Syrian government has a long history of surveilling its population through the use of human informants. Documents obtained by SJAC show that Syrian intelligence agencies ruled by instilling fear in the population, with “conscripts informing on fellow conscripts, officers informing on each other, soldiers informing on officers, hospital workers informing on colleagues, doctors informing on patients, and even family members informing on relatives.” The Syrian government expanded its capacity to invade all aspects of civilian life, and to suppress dissent, through the adoption of new technologies. For example, in 2010 or 2011, it purchased internet surveillance equipment produced by the U.S. company Blue Coat Systems (now owned by Symantec) through a Dubai-based reseller. In 2013, the Dubai company agreed to pay a civil penalty of $2.8 million to the U.S. Department of Commerce for violating U.S. economic sanctions against Syria.
It also bears mentioning that in 2012, French judges commenced a criminal investigation against the French technology company Qosmos. The company provided the Syrian government with surveillance technology and was charged with complicity in torture. If found guilty, the firm and its directors could be subject to fines, injunctions and/or judicial supervision. However, the investigation has languished and has yet to see an indictment.
It is not clear to what extent surveillance technologies originating in the U.S. continue to be put to use in Syria. But the Draft Guidance would have relevance to companies such as Blue Coat Systems contemplating the export of internet technologies. It may also have relevance for human rights advocates who wish to raise non-compliance, or advocate for sanctions against, companies that have enabled or facilitated human rights abuses through the sale of surveillance technologies to abusive regimes.
The Draft Guidance “seeks to assist exporters of items with intended and unintended surveillance capabilities with implementation of the UN Guiding Principles on Business and Human Rights.” The guidance is directed in part at law firms and their due diligence investigations conducted on behalf of companies conducting exports, with some suggesting that “this guidance could be used to assess the need to impose secondary sanctions under U.S. sanctions programs that target human rights abuses either under the Global Magnitsky Executive Order (which has a global reach) or under specific country programs[…].” Amongst other things, the Draft Guidance urges exporters to consider the human rights background of particular states and companies doing business with those states and to take into consideration the likelihood that the surveillance technology will be misused to commit human rights violations. It also urges companies to consider integrating safety and ‘privacy by design’ features that would enable tracking, alert the exporter to misuse, auto delete data, and/or provide a ‘kill switch’ that could remotely deactivate the device.
Overall, the Draft Guidelines are an innovative approach in the absence of other standards specifically related to the export of surveillance technologies. The hope is that the issuance of the guidelines will encourage businesses to make human rights a central consideration in the conduct of due diligence. The Draft Guidance may also establish standards for future regulations or impact decision-making on targets of Global Magnitsky sanctions and this could provide impetus for some companies to incorporate human rights standards. At present, however, there are no teeth behind the Draft Guidance as they are not legally binding. Furthermore, questions remain as to what efforts would be considered sufficient to satisfy due diligence requirements. For example, Blue Coat Systems claimed it had no knowledge that its surveillance equipment would be shipped from Dubai to Syria. The Draft Guidelines suggest that companies should undertake some investigative efforts to ensure that such technology does not end up in the hands of such regimes and to verify where equipment was sent. But how far does this obligation extend? As another example, many technologies have dual-uses, some of which are not abusive of human rights. How can a business assure itself that the technology in question will not be abused? Stated another way, in which of these cases should businesses be held accountable for complicity in human rights violations?
Another concern is that these standards do not impact on the conduct of businesses located outside of the United States. China’s Huawei Technologies is reportedly working through front companies in Iran and Syria in violation of sanctions regimes. Enforcement of such sanctions against company officials was only possible when Huawei’s CFO travelled to Canada, a close ally of the U.S. Other Russian and Chinese companies reportedly export surveillance technologies to repressive governments throughout the Middle East.
Absent an international consensus, and binding legal standards, the impact of the Draft Guidance will be attenuated. Nonetheless, the Draft Guidelines are an important first step at integrating a human rights framework into business practices, particularly with regard to surveillance technologies used to spy on and therefore violate the human rights of citizens.