The EU’s laws on snooping technology exports must be updated in light of the Regin breach, according to some MEPs.
It has recently been been revealed that Regin super-spyware was used to successfully hack Belgian telco company Belgacom as far back as 2010. Belgacom counts the European Parliament and the European Commission among its customers.
More ReadingSo long, Lenovo, and no thanks for all the super-creepy SuperfishResearcher says Aussie spooks help code Five Eyes mega malwarePrivacy bods Detekt Hacking Team code nasty dressed as bookmark managerRegin: The super-spyware the security industry has been silent aboutSpyware-for-cops Hacking Team faces off against privacy critics
According to Dutch MEP Marietje Schaake, this should wake law-makers up to the fact that the current dual-use export regulation must be updated. “Our data has been breached by EU-made technology. We would expect companies and governments to work as hard as they can to prevent attacks, to protect their own digital infrastructure and the freedoms of their citizens,” she said.
But she was even more concerned about selling such tech to countries outside the EU: “Trading in dangerous technologies that can be used to infiltrate computers, spy on users and threaten both human rights and our own security could be the biggest boomerang we could throw,” Schaake told el Reg.
The European Parliament discussed the issue on Monday night, after German MEP Bernd Lange asked the European Commission when it would put forward the new law it promised back in April.
His questions didn’t end there. “How does it envisage addressing the specific problem of the export of surveillance technologies from the EU? By means of what concrete measures does it intend to further address the human rights implications outlined in the above-mentioned communication? How does it view proposals to restrict the export of surveillance technologies to a predefined list of countries?” he asked.
Schaake said she was satisfied that the Commission would certainly propose something, probably next month, but added that there were still lots of issues to thrash out. She pointed out that decisions about controls or sanctions are made at EU level (by the Commission) but implemented at national level.
“Should control and sanctions come into play only after the fact or should licences be applied for? Personally I would like to see more licences,” she said.
However, not all MEPs agree with her. UKIP-per William Dartmouth said that national governments should decide on what can and cannot be exported and that it should not be “farmed out” to the Commission. ®