State Department Issues Final Guidance on Surveillance Exports
The State Department issued the final version of its guidance on exports of surveillance technology (see 1909040071 and 1911060049), which includes definitions and guidance principles for companies to weigh before exporting sensitive items to potential human rights abusers. The Sept. 30 guidance expands on the agency’s initial definition of human rights due diligence and offers a range of red flags and due diligence considerations, but did not significantly narrow its definition for surveillance items, despite requests from industry.
The 12-page guidance is intended to warn companies away from completing transactions that may result in an end-user carrying out human rights abuses with U.S.-origin surveillance equipment or technology. While the State Department said the guidance offers a “framework for U.S. businesses to consider the potential and foreseeable consequences” of exporting surveillance technology, the guidance does not impose formal requirements under the International Traffic in Arms Regulations or the Export Administration Regulations. “This guidance will be particularly helpful for U.S. businesses that want to undertake a human rights review where the U.S. government does not require an authorization for export,” the State Department said.
The agency also said surveillance technology, when “used appropriately,” can help solve societal problems. But the technology can be misused if exported to “foreign government end-users or private end-users that have close relationships with governments that do not demonstrate respect for human rights.” The U.S. has actively pursued restrictions against Chinese companies and shipments to China over the country’s mass surveillance and detention of ethnic minorities in the Xinjiang region (see 2007220050, 2007200026 and 2007160021) and recently increased due diligence requirements for exports to military end-users and for end-uses in China (see 2007090075).
The guidance is the “result of extensive coordination among the U.S. government, industry, and civil society leaders,” Robert Destro, assistant secretary for democracy, human rights and labor, said on Twitter. “We encourage businesses to consult this guidance and implement its recommendations to ensure that products and services with surveillance capabilities are not misused by foreign governments.”
Some in industry said the guidance’s draft, issued by the State Department in September 2019, was too broad and could unintentionally restrict U.S. exports. The Information Technology and Innovation Foundation called the draft guidance “troubling” and urged the State Department to change its definition for surveillance, which was so “broadly” defined that “it arguably covers nearly any digital product or service that collects, stores, or processes data about individuals” (see 1910040011).
The State Department did not appear to significantly narrow the definition from that in the draft guidance. The agency said its definition for a “product or service with intended or unintended surveillance capabilities” includes items that are “marketed for or that can be used” with or “without the authorization of the business” to conduct surveillance activities. ITIF had asked the State Department to modify the definition to cover items “designed and marketed primarily” for surveillance activities and to issue a clearer definition for “surveillance.” ITIF did not respond to a request for comment on the final guidance.
The final guidance did, however, expand on the agency’s definition of due diligence. The State Department defined human rights due diligence “as the process by which a business works to identify … how it addresses actual or potential adverse impacts on the human rights of individuals.” Companies should consider its “leverage over the entity concerned,” how “crucial” its relationship is with the entity, the “severity” of the abuse and whether ending its relationship with the entity “would have adverse human rights consequences.”
The guidance also includes a range of red flags for companies to consider before completing a transaction involving surveillance equipment. Companies should consider information about a foreign government agency “end-user’s misuse of products or services with similar capabilities,” the State Department said, and whether the country has a lack of “independent judicial or other appropriate oversight/rule of law.” The agency deleted a red flag from its draft guidance relating to government purchases of items from other governments with poor human rights records, because that only applied to government exporters and not to commercial companies.
The State Department also deleted a suggestion that companies incorporate a “kill switch” into their surveillance technology, which could be used to remotely deactivate a device if a company was concerned it was being used for human rights abuses. In its comments last year, the ITIF said a kill switch could be used for “censorship or other negative purposes.”