Dear Ben, in the Pegasus Committee of Inquiry, you pointed out in the hearing 21 June that ten years earlier you had also spoken in the EU Parliament about a report on surveillance. What exactly was that about?
My previous report 10 years ago in 2012 to the EU Parliament DROI (the human rights subcommittee of the foreign affairs committee) was about the ways to deal with European technology supporting authoritarian states repress their citizens in the Middle East after the Arab Spring. We discussed many different policy responses to this challenge including export controls and ways that Europe can create different technological ecosystems.
Your reference to the 10-year-old EP study was probably made because of continuities with today. Where do you see these?
As I mentioned during the hearing, the unwillingness to sufficiently respond to the needs of surveillance victims outside of Europe, has contributed to a market for surveillance inside of Europe. In terms of continuity, there has been a high degree of turnover among the companies doing surveillance, so lots of change in the relevant actors. A high degree of the regulatory and oversight burden is taken on by civil society and journalists, which suggests much is still to be done by government actors.
More broadly speaking, many of the measures suggested then, investing in decentralised human-rights based communications infrastructure, robust oversight and meaningful accountability. There is still much work to be done.
Surveillance software produced in the EU not only causes damage abroad, if it is sold there, it also causes problems within the EU, for instance when opposition members in exile are thus persecuted by their states of origin. How is this supposed to be contained? In the Committee of Iquiry, you said that no EU money should be used for spy software. Does it actually do that?
Currently European taxpayers at a national and EU level are footing the bill for a big chunk of the surveillance ecosystem. There is no mechanisms that prevents EU funds being used to support research and development of these technologies inside of Europe, or of EU funds being used for these technologies at EU borders, for example at the Spanish/Moroccan border.
At the same time all European clients of Pegasus are purchasing these technologies with public funds. As such, the market for these surveillance technologies is created with European public sector funding. Without EU and European public money, a large part of the market market would not exist.
What is the point of regulating dual-use goods in blacklists that are only followed by some countries? And how could this control, which only exists in bits and pieces, be strengthened?
The benefit of dual-use regulation is that it has an effect on this market, limiting access to it. So there is a benefit in reducing the size of the market. At the same time more and more countries follow these rules over time, leading to a reduction in the size of the market for surveillance products.
But the market will continue to exist in this way, probably also finding ways out of or around export barriers. And it would probably strengthen companies in countries that do not submit themselves to the regime, which could include China and Russia, don’t you think?
Sure, the market will have to adapt, but a significant part of the demand-side would disappear and the overall market would shrink. None of these barriers are perfect nor are they designed to be. Rather the barriers reduce the overall prevalence of the technologies and force individuals and companies who want to support authoritarian states in their authoritarian practices to experience authoritarian governance first hand.
In the Committee of Inquiry, you spoke of a global surveillance „ecosystem“. What is meant by this? You also said that surveillance should be intercepted like environmental pollution…
There is a global surveillance ecosystem which is funded in no small part with European taxpayer money. Lots of companies live off the short term perceived security needs of individual European states, which do not take the long-term danger into account of building a surveillance ecosystem which is through its business practices constantly reduce the technological security of all EU citizens. I’ve written about this, but only in Dutch.
You said that the manufacturers of spyware must become more transparent. But shouldn’t the demands be addressed to governments and authorities?
Obviously a higher level of transparency should be expected from governments and authorities than private companies. It’s crazy that we expect private companies transparency to fix the transparency failings of our own governments and authorities.
At the same time, the industry obviously also has a role to play in becoming more transparent. However this isn’t a sufficient condition for the creation of effective governance and accountability for abusive surveillance practices.
To limit the amount of surveillance technology traded with non-EU countries, you refer to European programmes such as the International Partnerships (INTPA). Can you explain this?
Cooperation with international and neighbourhood partners is starting to consider human rights aspects more systematically. This also means ensuring that EU funds are not used to build surveillance infrastructure and other key aspects of ensuring human rights. We put together some examples of how to do this well as part of a handbook.
You call for a redress fund for victims who have been targeted so that they can be compensated. How could this be implemented? Where would the money come from?
If the EU were to impose tariffs on imports and exports of surveillance technologies, then the resulting funds could be used to provide redress mechanisms to victims of surveillance.
Many thanks for the interview!