Parts of Surveillance Exports Guidance 'Troubling,' 'Overly Broad,' ITIF Says
The State Department should revamp several aspects of its draft guidance for exports of surveillance technology (see 1909040071) because some of it is “troubling,” “overly broad” and may unnecessarily restrict exports, the Information Technology and Innovation Foundation said in comments.
The State Department “should be careful” that its guidance does not harm U.S. technological leadership, ITIF said Oct. 3. The foundation said the agency should “provide more resources” to exporters, such as a “comprehensive website or online tool” that helps companies determine whether their exported goods will be used for human rights violations in another country. “It is important that the State Department provide such information directly so that companies do not have to identify and validate this information from non-governmental sources,” ITIF said.
The agency should also make sure the guidance “does not unnecessarily restrict” exports, the foundation said, asking the State Department to change its definition of “surveillance.” The definition is so “broadly” defined that “it arguably covers nearly any digital product or service that collects, stores, or processes data about individuals.” The term “surveillance” also has a negative connotation and could make it more difficult for exporters to sell the technology to lawful customers “who may not want to be viewed as purchasing something labeled as ‘surveillance technology,’” the foundation said. “The framing of the guidance is troubling.”
The foundation said Appendix 2 in the guidance, which contains a list of government regulations that may violate human rights, is “so broad as to likely include a significant share of the world’s population.” The appendix could restrict exports without serving a justifiable purpose, ITIF said. “Coupled with the overly broad inclusion of ‘surveillance’ technologies, the guidance risks sending a message that U.S. companies should err on the side of not selling a wide array of digital products and services in much of the world, an outcome whose principal result would be to reduce U.S. technology companies’ competitiveness and jobs, while doing little to change these nation’s technology-based human rights’ practices,” the foundation said.
ITIF also said that there are several parts of the guidance that “have negative repercussions for technological innovation,” including a recommendation that companies use “privacy by design” features, which restrict companies’ collection of data. The foundation said companies that do not use those data methods “should not be considered non-compliant,” especially because Congress has considered the “privacy by design” concept in several bills but has never passed it. “It would be inappropriate for the State Department to adopt this controversial policy without a clear mandate,” ITIF said.
The guidance does have “many strong points,” the foundation said, including the point that not all red flags “carry the same weight” and that the presence of a red flag “does not mean a transaction should necessarily be cancelled.” ITIF said the State Department was correct to “leave some of these determinations to companies who are best positioned to evaluate the specifics of a given transaction.”
As part of its feedback, the ITIF also provided a series of edits to the proposed guidance, including questions, deletions and recommendations. Comments for the proposed guidance were due Oct. 4.