US State Department Seeks Feedback on Amorphous Human Rights Due Diligence for US Exporters of ‘Surveillance’ Items

In the Draft Guidance, the State Department seeks to “provide insight to exporters on considerations to weigh prior to exporting” items with intended and unintended surveillance capabilities, and highlights the UN Guiding Principles on Business and Human Rights, the OECD Guidelines for Multinational Enterprises, and the US Government’s human rights concerns. Ultimately, the Draft Guidance encourages exporters to examine whether a particular export transaction carries the risk that an end user will misuse the item to carry out human rights violations or abuses and to implement human rights diligence into their export compliance programs.

Although the State Department Draft Guidance, even when finalized, will not have the force of law, it seeks to impose additional human rights due diligence obligations on companies that export items with surveillance capabilities including:

• Spyware;
• Crypto-analysis products;
• Penetration-testing tools;
• Information technology products with deep packet inspection functions;
• Specialized computer vision chips;
• Non-cooperative location tracking [products that can be used for ongoing tracking of individuals’ locations without their knowledge and consent];
• Cell site simulators (Stingrays);
• Automatic license plate readers;
• Body-worn cameras;
• Drones and unmanned aerial vehicles;
• Facial recognition software;
• Thermal imaging systems;
• Rapid DNA testing;
• Automated biometric systems;
• Social media analytics software;
• Gait analysis software;
• Network protocols surveillance systems; and
• Devices that record audio and video and can remotely transmit or can be remotely accessed.

Some of these items already are subject to multilateral or unilateral export controls and are on the Commerce Control List. However, many are controlled for Anti-Terrorism only or fall under the EAR99 catchall. For example, some commercial UAVs fall under ECCN 9A012 while others are EAR99 and will soon stock holiday store shelves. And any parent who has surreptitiously placed a GPS device under his or her teenager’s car is familiar with “non-cooperative location tracking products” which, by the way, generally should fall under ECCN 7A994.

For the products that require an export license to particular countries (usually selected for such review based on elements such as their human rights record), the US Government should already be conducting the bulk of the due diligence outlined in the Draft Guidance using US Government intelligence information. In particular, the State Department already reviews license applications for items controlled for crime control reasons to assess the likely impact on human rights.

Therefore the Draft Guidance, if implemented, seeks to convince industry that it should be conducting its own due diligence on items that are not subject to export licensing to the vast majority of countries– such as that GPS device you put under your teenagers car or your GoPro camera – and the customers who want to buy them.

The State Department offers several risk considerations, and identifies detailed diligence steps and red flags for each. These include:

• Identifying the potential for misuse by government end users or private end users with a close relationship to a foreign government.
• Reviewing the human rights record of a government agency end user.
• Reviewing whether the government end user’s laws, regulations and practices that implicated surveillance capabilities are consistent with the International Covenant on Civil and Political Rights.
• Reviewing stakeholder entities involved in the transaction, including end users and intermediaries, such as distributors and resellers, and referencing Bureau of Industry and Security’s Know Your Customer Guidance.
• Tailoring the item to minimize the likelihood that it will be misused to commit human rights violations or abuses.
• After export, mitigating human rights risks through contractual and procedural safeguards and strong grievance mechanisms.
• Publicly reporting on the export transaction though, for example, an annual public report on human rights diligence.

The Draft Guidance also contains two extensive appendices with human rights tools, reports and guidance as well as government laws, regulations, and practices that could raise human rights concerns. Such concerns include privacy, freedom of expression, restricting civic space, targeting individuals or members of groups based on specific grounds like race, sex, and political opinion, and total or significant control over internet service providers or telecommunication networks.

Critically, the Draft Guidance does not identify any specific country or region where such human rights concerns may be likely, but rather provides a broad framework against which to assess the export of items with surveillance capabilities. As discussed, the Draft Guidance is not mandatory but may be a source of influence on future controls of items with surveillance capabilities.

Industry’s reaction will likely be supportive of the Draft Guidance, but, noting it is not a legal requirement, question who will foot the bill for such diligence? Reviewing whether a non-US government’s laws, regulations, and practices that implicate surveillance capabilities are consistent with the International Covenant on Civil and Political Rights takes time, possibly a law degree, and likely a bunch of money. Additionally, the use of an end-use certificate executed by the customer, which has long been a tool to assist in ensuring products are not used for WMD restricted end uses, is not particularly helpful in this context as no customer is going to state that the product is going to be used to spy and crackdown on dissidents.

Moreover, some of the items implicated can be used as powerful weapons against human rights abuses – such as the body cameras that can be used to record and bring to light human rights abuses. How does a company weigh the risks of misuse against these benefits? And what if the US Administration is already sending export-controlled defense articles and US troops to the country in question? Does that mean it is acceptable to send the GoPro to that country’s police department or other government end user? Arguably these are tasks and decisions are more readily handled by the US Department of State itself, which has both the legal chops and the requisite intelligence information.

And in fact, this Draft Guidance could potentially portend new export controls and just such a State Department review. In light of the potential upcoming controls of advanced surveillance technologies as part of BIS’s review of emerging technologies, which we reported on in an earlier alert (“Commerce Department Requests Public Comments for Emerging Technologies’ Export Controls”), companies involved in such technologies should take particular note of the Draft Guidance.

Companies considering submitting comments should review and determine if the suggested diligence is feasible and what additional burdens it may place on existing export compliance programs. Companies may also wish to consider submitting comments through industry associations. The US Government is soliciting feedback on the Draft Guidance by October 4, 2019, which can be sent to ifbhr@state.gov.