Full Text

I. Introduction

The use of commercially marketed cyber surveillance technology by authoritarian governments is a global policy problem.¹ Its impact is not confined to the countries where advanced surveillance techniques are employed to repress the population as it easily crosses borders.² Concerns about the export of cyber surveillance technology to governments with questionable human rights records and a weak(er) rule of law were initially flagged by human rights activists, and local struggles quickly became a global cause. By restricting the supply side of cyber surveillance goods and technologies, export control mechanisms can provide one of the few options to effectively regulate its availability and transfer.³

The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (‘the Wassenaar Arrangement’) is currently the only international agreement that provides a transnational legal framework for restricting the export of surveillance equipment, software and expertise.⁴ This scheme captures an extensive list of dual-use goods and technologies for which States agree to adopt export control laws, empowering licensing authorities to approve, reject and review their transfer. Cyber surveillance technology has been the most controversial addition to this list since its adoption in 1996. The so-called ‘cyber’⁵ amendments to Wassenaar adopted in the course of the 2010s had a significant impact on subsequent dual-use export reforms in many parts of the world, including the United States (US), China, and the European Union (EU), who assume leading roles in the production, sales and governance of cyber surveillance technology.

The essence of the Wassenaar Arrangement is a list of dual-use goods and technologies laying out the detailed technical attributes of the controlled items. As the control list itself does not contain substantive treaty obligations, it has been a widely shared practice for both member States like the US and non-member States such as China to use this list as a key reference point to develop and update their domestic export control systems. While the updates to Wassenaar have been closely reflected in the equivalent mechanisms at national and regional levels, the addition of cyber surveillance technology has changed this narrative of broad acceptance and impact. The cyber amendments are a test case examining the (in)ability of conventional export control mechanisms to address various risks associated...