13 Sept 2019
New Draft Guidance for U.S. Exports of Items with Surveillance Capabilities
The U.S. State Department has published a draft guidance document that seeks to provide exporters of hardware, software and technology having intended and unintended surveillance capabilities with insight on considerations to weigh prior to exporting these items. Comments on this draft, which State notes is not intended to be comprehensive or mandatory or to address any requirements under export control laws, are due by 4 October.
This guidance applies to hardware, software, technology, technical assistance, services and/or parts/know-how that are marketed for or can be used for the monitoring, interception, collection, preservation and/or retention of information that has been communicated, relayed or generated over communications networks to a recipient or group of recipients. Covered items range from consumer-grade to dual-use items listed on the Commerce Control List and defence articles and defence services listed in the International Traffic in Arms Regulations. Examples include spyware, crypto-analysis products, information technology products with deep packet inspection functions, products that can be used to track individuals’ locations without their knowledge and consent, automatic licence plate readers, body-worn cameras, drones and unmanned aerial vehicles, facial recognition software, thermal imaging systems, social media analytics software, network protocols surveillance systems, and devices that record audio and video and can remotely transmit or can be remotely accessed.
The draft lists human rights due diligence and risk mitigation considerations that exporters are encouraged to integrate into their export control compliance programmes, including the following.
- integrating into covered goods features that alert the exporter to misuse, enable the exporter to strip certain capabilities from the item prior to export, limit the use once sold, etc.
- reviewing the capabilities of the export to determine potential for misuse by government end-users and private end-users with close relationships with a foreign government
- reviewing the human rights record of the government agency end-user of the country intended to receive the export (e.g., a history of exporting items to other countries with authoritarian governments and a history of committing human rights violations or abuses)
- reviewing whether the government end-user’s laws, regulations and practices concerning items with surveillance capabilities are consistent with the International Covenant on Civil and Political Rights
- reviewing stakeholder entities involved in the transaction, including end-users and intermediaries such as distributors and resellers (e.g., referring to the Bureau of Industry and Security’s “Know Your Customer” guidance to gauge risks that the item will be transferred or diverted to a different end-user)
- striving to mitigate human rights risks through contractual and procedural safeguards (e.g., clauses requiring end-users to agree to comply with applicable U.S. export control laws and regulations, and reassessing human rights due diligence considerations prior to export licence renewal)