UK

By Anne Lise Sigsgaard | 28. November 2017

The UK 2016 Updated NAP also makes a reference to ICT in the section discussing Actions taken [page 9]:

“To give effect to the UN Guiding Principles, the Government has: (…) strengthened international rules relating to digital surveillance, including leading work in the Wassenaar Arrangement to adopt new controls on specific technologies of concern. Specifically, new controls were agreed on: – equipment and software for creating and delivering “intrusion software” designed to be covertly installed on devices to extract data. – “internet surveillance systems” which can monitor and analyse internet traffic and extract information about individuals and their communications.”

The UK 2016 Updated NAP refers to ICT in the section Cyber Export Guidance [page 18]:

“The expansion of ‘cyber space’ has brought huge economic and social benefits. However, it also poses risks and new opportunities for hackers, criminals and terrorists. To help mitigate these risks, companies have developed security products and services which defend networks from malicious activity. In many countries, such as the UK, these products are used legitimately, including by law enforcement authorities, in accordance with domestic and international law obligations. However, in some countries which do not adhere to their international human rights obligations, there is a risk that the same products are used in ways that could breach state’s legal obligations, e.g. to restrict freedom of expression or to contribute to internal repression. Normally, exports that could cause harm, such as arms, are covered by the export licensing regime. However, many cyber capabilities, products and services are not listed. This problem was recognized by the Cyber Growth Partnership a joint body representing industry, academia and government. The FCO worked with techUK, a technology trade association, and the Institute for Human Rights and Business to produce practical guidance for companies on managing human rights risks.  “Assessing Cyber Security Export Risks: Human Rights and National Security” was published in November 2014. It is the first guidance for this sector in the world, and sets out:

  • the different sorts of potential harm associated with particular cyber capabilities;
  • a process to help companies assess country specific risks and to evaluate business partners and re-sellers; and
  • potential mitigation options for avoiding or reducing risks.”