recommended reading

Congress' Plan to Stop Exporting Technology to Repressive Regimes

An Egyptian protester uses his laptop next to a cooling fan in Cairo's Tahrir Square in July 2011.

An Egyptian protester uses his laptop next to a cooling fan in Cairo's Tahrir Square in July 2011. // Khalil Hamra/AP

When a U.S. company wants to export military technology, it has to go through a rigorous approval process in Washington. That’s because, of course, if it ends up in the wrong hands, the technology could interfere with U.S. foreign policy, destabilize conflict-prone regions, or worse.

Now one member of Congress wants to apply the same scrutiny to technology that “can be used for potentially illicit activities” such as Internet censorship.

Unveiled this week by Rep. Chris Smith, R-N.J., the Global Online Freedom Act of 2013 would, among other things, make it illegal for firms to export equipment that could facilitate digital monitoring. The latest measure resembles previous efforts at curbing online surveillance, but analysts say there’s a danger in the proposed law: The export controls cast too wide a net and could sweep up innocent companies by accident.

“It's very difficult to describe in words [the difference] between ‘bad’ software and ‘good’ software,” said Susan Crawford, a former special assistant on technology for the Obama administration and author of the book Captive Audience. “The consequences of getting it wrong could lead to stifling innovation and making life unnecessarily difficult for U.S. companies.”

Smith’s bill takes aim at firms that have been implicated in repressive governments’ domestic espionage. As monitoring schemes have become more complex, Western companies have become involved in selling goods and services to these governments.

In the Middle East, censorship is routinely tied to the private sector overseas. As a Bloomberg investigation revealed in 2011, American and British entities played a remarkable role in Tunisia’s powerful Internet surveillance machine:

Western suppliers used the country as a testing ground. Moez Chakchouk, the post-revolution head of the Tunisian Internet Agency, says he’s discovered that the monitoring industry gave discounts to the government-controlled agency, known by its French acronym ATI, to gain access.In interviews following Ben Ali’s ouster after 23 years in power, technicians, activists, executives and government officials described how they grappled with, and in some cases helped build, the repressive Wonderland.

Several California-based companies, including the popular antivirus company McAfee, were found to have provided filtering services to Tunisia’s government. Among other tactics, Tunisian censors were capable of intercepting and rewriting e-mails in transit.

But not all technology lends itself well to the suppression of speech, and that’s precisely where Smith's proposal stumbles, watchdogs say. Whether they know it or not, companies like Cisco that provide networking hardware — routers and other equipment — often find their products repurposed in ways that advance foreign governments’ censorship agenda. The conundrum reveals what until now has largely been the concern of the defense industry: the so-called “dual-use” problem.

To say a product or technology is “dual-use” is to say it can be used for both peaceful and non-peaceful ends. Nuclear equipment is a great example. In civil contexts, it can help produce vast amounts of valuable energy. But in a more nefarious context, it can lead to weapons of mass destruction.

The Global Online Freedom Act reveals how far we’ve come from an era when “dual-use” meant technologies with possible military applications. Now the boundaries of that term are being forced wide open. Today, practically any Internet tool — social networks, open-source software, and so on — that can be co-opted for monitoring purposes could also be considered a dual-use technology. Over half of all U.S. smartphones run Android, Google’s open-source operating system. An app running on that system that collects location or browsing data could potentially run afoul of GOFA. Skype, whichEgyptian officials used to monitor opposition phone calls in 2011, might also plausibly fall into this category. Repurposing a civilian product for darker motives is no longer limited to the military realm — we’re now seeing completely ordinary technologies being (ingeniously) applied to “solve” intrastate problems.

The dual-use problem creates ambiguity that makes legislating much harder than we’d like. Building a kind of terror watchlist for tech suddenly becomes a monumental task when you aren't sure what should qualify. 

Not only is a blacklist heavy-handed, but it requires constant updating as companies break up and products get updated in ever-faster product cycles. And it’s never been clear that unilateral export controls imposed by a single country are actually effective; repressive regimes will just find vendors elsewhere.

Smith is justifiably concerned about accidentally giving hostile governments the tools they need to stay in power. But without much more nuanced language, a bill aimed at creating new freedoms abroad could unwittingly limit them at home.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.