Dual Use Tech Regulation
Dual Use Tech Regulation
An important perspective for us at Data Rights is to be tech-agnostic when long-term solutions are needed. Technologies change, democratic values stay. We see the temptation to reinvent the wheel every time there is a new technology hatching. Often, this temptation needs to be fought. Otherwise civil society and researchers will always be reactive, trying to catch up with the private sector. It is exhausting and frankly, where is our added value in that dynamic?
We particularly feel this regarding dual use technologies. According to the European Commission, dual use items are “goods, software and technology that can be used for both civilian and military applications”. Because these technologies and software have military advantages, States have incentives to push investments and limit regulation for their industry to be ahead of the curve.
Examples of the dual use technologies or software:
- Biometric recognition
- Artificial intelligence (AI)
- Spyware
- Satellite visualisation
Why is this important?
Another way to see dual use technology is to picture it as a powerful technology that is wonderful in times of democratic stability, but is extremely potent if a government decides to use it against its population. Extremely potent in the sense that it can harm a high number of people, quickly (unlike for instance, a knife). Put simply, these are technologies that are amazing, but can quickly become surveillance technology in hands of powerful players. These technologies are often deployed with public money to make the population safer, to avoid fraud, or just to make things simpler. A few examples:
- Uganda's deployment of biometric IDs on its population became a way to surveil it and crackdown on human rights;
- European States are now able to use AI with face recognition for law enforcement purposes. Given how most EU states are gradually increasing surveillance on human rights defenders in the name of law enforcement, this is worrying;
- The used of spyware by States, originally meant for intelligence purposes, quickly became used in Europe to surveil journalists and human rights defenders in countries like Poland, Spain and Hungary.
Methods
Primary means of action for this programme are advocacy and strategic litigation where we can be useful, for instance with third party intervention and/or involvement with litigation strategy.
Status of work
Data Rights' first employee started work a few months ago! Work on this programme is starting.
Projects
We are currently mapping existing initiatives and joining work streams with relevant partners. Although we are streamlining our strategy and positions, it is clear we will have a strong Brussels focus.
Still, a past project may be relevant to mention. In 2019 Data Rights' Director, Lori Roussey, was granted the right to intervene in Privacy International's proceedings against the use of hacking by the UK's intelligence, security and cyber agency (the GCHQ). More details here.
Resources
- On the need to regulate dual use technology
- Access Now produced a brochure on the topic in 2018
- Quentin M., Paile S., Tsukanova M., and Viski A. 2013. Controlling the Trade of Dual-Use Goods - A Handbook. PIE Peter Lang.
- Sukumar, Arun. 2017. “The UN GGE Failed. Is International Law in Cyberspace Doomed As Well?” Lawfare blog.
- Yasuhara, Yoko. 1991. "The Myth of Free Trade: The Origins of COCOM 1945–1950". The Japanese Journal of American Studies, 4: 127–148. This resource is about the historic root of dual use technologies regulation, at the initiative of the US to weaken the USSR economy.
- On the Wassenaar Arrangement
- Bratus, Sergey, et al. 2014. “Why Wassenaar Arrangement’s Definitions of Intrusion Software and Controlled Items Put Security Research and Defense At Risk—And How To Fix It”. Computer Science Department, Dartmouth College.
- Galperin, Eva et al. 2015. “What Is the U.S. Doing About Wassenaar, and Why Do We Need to Fight It?” Electronic Frontier Foundation (EFF) website.
- Galperin, Eva et al. 2016. “House Grills State Department Over Wassenaar Arrangement” Electronic Frontier Foundation (EFF) website.
- Granick, Jennifer. 2014. “Changes to Export Control Arrangement Apply to Computer Exploits and More”. Center for Internet and Society, Stanford Law School.
- US Department of Commerce, Bureau of Industry and Security (BIS). 2015. “Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items”.
- Wassenaar Arrangement, Secretariat. 1996. Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Founding Document. WA-DOC (17) PUB 001.
- Wassenaar Arrangement, Secretariat. 2013. Public Statement 2013 Plenary Meeting of Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. Vienna.
- On biometrics
- Roussey L., 2023, Digital ID Litigation & Dual Use presentation at the Alan Turing Institute
- On Artificial Intelligence
- Regarding the AI act, we recommend Sandra Wachter's paper publishe din 2024. She summarised it in a helpful video.
- Fang, Lee. 2019. “Google continues investments in military and police AI technology through venture capital arm”. The Intercept.
- Gasler, 2020. “Thousands of contracts highlight quiet ties between Big Tech and U.S. military”. NBC News.
- Wong, J. C., 2019. “'We won't be war profiteers': Microsoft workers protest $480m army contract”. The Guardian.
- On spyware
- CitizenLab. 2012. “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” The Citizen Lab.
- CitizenLab. 2013. “For Their Eyes Only: The Commercialization of Digital Spying” The Citizen Lab.
- Fidler, Mailyn. 2015. “Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis.” A Journal of Law and Policy for the Information Society, 11(2):405–83.