Legal developments affecting network surveillance technology: Ignore them at your peril
- 25 June, 2012 19:30
Political and social events highlight the immense benefits of technology, but also reveal technology's dark side. Consider Arab Spring. The uprisings demonstrated, on the one hand, how innovations such as social media can be used to evade and challenge repressive regimes and promote democracy, but on the other hand, the ability of the same regimes to capitalize on improved surveillance technology to counter those threats and suppress their citizens.
That irony hasn't been lost on Western governments. In an effort to blunt the negative role of technology in the Arab Spring, governments have reacted with remarkable speed to restrict the sale and export of surveillance technology to countries such as Iran and Syria. In the United States, for instance, a bill known as the "Global Online Freedom Act" (HR 3605) is currently pending that would prohibit the export of surveillance technology to countries that the government designates as an "Internet-restricting country." The EU has already taken steps to prohibit the export of certain surveillance technology to Syria and Iran.
Action has not been limited to the proposal and implementation of new law. The United States has begun aggressively enforcing pre-existing laws that prohibit sales to sanctioned countries such as Iran and Syria. For instance, the U.S. Department of Commerce, Bureau of Industry and Security is currently investigating the sale to Syria of surveillance equipment manufactured by Blue Coat Systems. And investigations are being considered or already underway in France, Israel and the Netherlands on the sale of surveillance technology to repressive regimes by companies in those countries. [Also see: "EU IT companies to get guidance on human rights issues"]
In numerous ways, the government actions affect manufacturers and vendors of surveillance technology, as well as other parties involved in the transfer of such technology.
First, the government actions extend to a broad range of surveillance technology, from deep packet inspection to WEP and WPA code breaking equipment. Some of the actions are broad enough to include almost any type of surveillance technology, including those broadly referred to as filtering technology, tracking technology, or spyware.
To further complicate matters, some actions ambiguously define the scope of captured surveillance technology, leaving that task to a government agency or even the manufacturers and vendors themselves. Furthermore, the actions include not only hardware and software falling within the generic rubric of "surveillance" technology, but also information such as blueprints and manuals corresponding to such hardware and software.
Second, governments around the world are imposing restrictions on exporting, re-exporting, and transferring surveillance technology to unfriendly countries for nefarious end uses. Even among countries that have such laws already in place, such as the United States, the laws are becoming more aggressively enforced and/or getting amended to become more restrictive.
Finally, even if your business doesn't sell surveillance technology abroad, existing laws impose obligations on third party transfers within the United States. For instance, U.S. law prohibits companies engaging in business dealings with parties blacklisted on the Specially Designated Nationals (SDN) list published by the U.S. Department of Treasury Office of Foreign Assets Control (OFAC). In addition, it is unlawful to sell items or information if the seller has reason to know that the buyer will subsequently export, re-export, or otherwise transfer the items or information in violation of U.S. law.
Affected parties should bolster their compliance with existing laws and engage in the lawmaking process. As to the former, companies should refresh their knowledge of existing laws that apply to the sale and transfer of surveillance technology and implement policies, processes, and procedures to help comply with those laws. Examples of such measures include screening customer names against OFAC's SDN list and conducting brief due diligence to determine the intended end use of a sale.
As to the lawmaking process, companies that will be impacted by pending laws such as the Global Online Freedom Act should contact their representatives to convey their support or opposition and to explain how those laws would affect their business. Companies should also continue to stay abreast of developments in order to know how and when new laws will affect them.
A tidal wave of developments are on the horizon that no company within the network technology space can afford to ignore.
David Hardin is an attorney at Miller & Chevalier Chartered in Washington, D.C., where he specializes in U.S. export control and sanction laws.
Read more about lan and wan in Network World's LAN & WAN section.