La Présidente. – L'ordre du jour appelle le débat sur:
- la question orale à la Commission sur le contrôle des exportations des produits à double usage après les révélations sur Hacking Team, de Marietje Schaake, au nom du groupe Alliance des démocrates et des libéraux pour l'Europe (O-000094/2015 - B8-0756/2015) (2015/2882(RSP)),
- la question orale à la Commission sur le contrôle des exportations des produits à double usage après les révélations sur Hacking Team, de David Martin et Alessia Maria Mosca, au nom du groupe de l'Alliance progressiste des socialistes et démocrates au Parlement européen (O-000099/2015 - B8-0759/2015) (2015/2882(RSP)), et
- la question orale à la Commission sur le contrôle des exportations des produits à double usage après les révélations sur Hacking Team, de Tiziana Beghin et Rolandas Paksas, au nom du groupe Europe de la liberté et de la démocratie directe (O-000102/2015 - B8-0760/2015) (2015/2882(RSP)).
Marietje Schaake,author.– Madam President, due to the hacking by Hacking Team we now know that companies’ tools allow users to monitor and record a person’s every digital move. Think about that.
Leaked internal documents demonstrate that these tools were marketed and sold to the governments of countries the human rights records of which have been criticised by the EU, including Azerbaijan, Bahrain, Egypt, Morocco and Uzbekistan.
We need EU rules to know the impact such EU-made systems have here at home and in the rest of the world, and to prevent exports to human rights violators. Commissioner, we need clear answers. Has Hacking Team violated EU sanctions against Russia and Sudan by selling systems that can be used to violate the human rights of journalists, political opponents and human rights activists, as the hacked and leaked documents suggest? More precisely I am referring to whether Article 2(1) of Regulation No 428/2009 should have applied. Did Security Council Resolution 1556 apply to Hacking Team and similar systems?
The sanctions regime established under Article 4 of Regulation No 428/2009 includes an embargo on software and technology that can be used for civil or military purposes. I would like to know whether the Commission can guarantee that Member State authorities are implementing international obligations and doing so using the same yardstick.
While this particular company may not survive this particular hack and this situation, the technology that they make is part of a wider industry and it continues and the market remains largely unregulated.
Transparency and accountability are needed with regard to the sales of invasive dual-use tools that endanger people. Internal policies and self-regulation simply do not suffice. We need to ensure that our policies in foreign affairs and human rights are credible, and that they are not undermined by unregulated trade that happens at the same time.
Alessia Maria Mosca, autore.– Signora Presidente, onorevoli colleghi, con la questione orale che abbiamo presentato, chiediamo che la Commissione riparta dalla dichiarazione congiunta di Parlamento e Consiglio dello scorso giugno per continuare a chiedere con forza una decisa modernizzazione del regolamento (CE) n. 428/2009 sui prodotti a duplice uso.
Ci sono due principi generali che sono alla base della questione che è necessario sottolineare perché vanno oltre il caso specifico cui fa riferimento la nostra richiesta. Le Istituzioni europee, specie in tema di diritti umani devono garantire il rispetto delle regole che devono valere per tutti e ovunque ed effettuare stringenti controlli che siano in grado di punire chi non le rispetta. Il caso di Hacking Team non può passare senza conseguenze, ma non ci si deve accontentare di punire le società colpevoli di spionaggio illecito e violazioni dei diritti minimi di libertà. Il vero problema non è Hacking Team o la prossima compagnia che darà modo di parlare nuovamente della questione, il problema sta in un regolamento debole non concertato con gli altri paesi e che viene troppo facilmente eluso.
Non siamo credibili se pretendiamo di proteggere la sicurezza informatica e i diritti umani in paesi lontani, mentre allo stesso tempo permettiamo che le nostre aziende commercializzino con questi stessi Stati alcuni fra i prodotti che sono vietati proprio perché violano questi stessi diritti umani. La vendita di tecnologie per la sorveglianza è troppo poco regolata ed un intervento a livello comunitario è quanto mai urgente, anche se non potrà che essere un primo passo in vista di una complessiva modernizzazione globale che abbia come punto di partenza l'intesa di Wassenaar.
È indispensabile che l'Unione europea sia all'avanguardia in questa battaglia di civiltà per evitare che le straordinarie innovazioni tecnologiche che stanno accompagnando la nostra epoca diventino armi in mano a pochi a svantaggio dei più deboli.
Tiziana Beghin, autore.– Signora Presidente, onorevoli colleghi, ricordo che Hacking Team è una società di Milano, in Italia, che si occupa di spionaggio informatico ed ha sviluppato una nuova generazione di virus in grado di spiare e controllare PC e smartphone, pensata per colpire criminali e terroristi ma, se nelle mani sbagliate, anche attivisti, difensori dei diritti umani e giornalisti.
In Italia il software era usato dalle forze dell'ordine, ma i veri affari la società li faceva vendendo a Sudan, Emirati, Colombia, Marocco, Kazakhstan, Libano, Egitto, Russia, Messico e altri, violando la normativa, ma soprattutto i diritti umani. E noi sappiamo tutto questo perché, ironicamente, la Hacking Team è stata hackerata. Il suo software di spionaggio avanzatissimo è stato rubato da un attacco informatico, con tutti i rischi che ne derivano. Ho appena sentito le parole dell'onorevole Mosca e volevo aggiungere un dettaglio: per vendere questo software ai regimi e ai dittatori c'era bisogno dell'autorizzazione del ministero, autorizzazione conseguita grazie alle pressioni della Presidenza del Consiglio italiana, cioè di Matteo Renzi, e non sono io a dirlo, ma lo stesso presidente di Hacking Team in una mail intercettata e pubblicata su WikiLeaks.
Complimenti collega, ho apprezzato molto le sue belle parole di condanna, adesso però vorrei che andasse a dire queste parole ai giornalisti arrestati dai regimi con cui avete fatto affari. Poi vorrei capire perché, voi che siete al governo in Italia, non avete bloccato le autorizzazioni per la vendita di questi software? Parlate di diritti umani ma fate affari con i dittatori. Siete l'espressione perfetta della coerenza del vostro partito.
Questi strumenti di sorveglianza fanno parte del dual use, uso duale, perché non sono tecnicamente armi da guerra, ma possono diventarlo nelle mani sbagliate. Un computer compromesso è più utile di un satellite spia; per questo è necessaria un'autorizzazione per esportare questi software, soprattutto verso i paesi non democratici, autorizzazioni che la Hacking Team ha volutamente ignorato o ha ottenuto troppo facilmente dal ministero italiano.
Come intende la Commissione risolvere il problema dell'applicazione della legge europea sugli strumenti a duplice uso, soprattutto per quelli relativi alla sorveglianza informatica? Come crede sia possibile evitare un nuovo caso Hacking Team?
Președinte: IOAN MIRCEA PAŞCU Vicepreședinte
Věra Jourová,Member of the Commission.– Mr President, when documented reports first emerged four years ago that companies based in the EU had been involved in the supply of cyber-surveillance technologies which may have been misused in connection with violations of human rights the Commission immediately took action.
It is indeed a key concern that the export of cyber-surveillance technologies could be misused for supporting oppressive regimes or the violation of human rights. Firstly, in late 2011 and early 2012 respectively, the EU arms embargoes on Iran and Syria were both updated to include prohibitions on the export of interception technologies for internet and telephone communications. Secondly, the EU and its Member States promoted, in a timely way, multilateral controls on certain surveillance technologies, notably in the relevant multilateral forum known as the Wassenaar Arrangement. In December 2013 an agreement was reached to control internet surveillance equipment and intrusion software.
The Commission followed up quickly to implement this international agreement and adopted a Commission delegated regulation in October 2014 ensuring that the export of those technologies is controlled. Those technologies fall into the category of dual-use items. These are wide-ranging categories of goods, software and technologies normally used for civilian purposes, but which may have military applications or may contribute to the proliferation of weapons of mass destruction, such as nuclear materials, electronics or navigation systems.
The current EU export control system for dual-use items allocates the responsibility for assessing export transactions involving these products to national competent authorities. However, the Commission monitors and supports the consistent implementation of the controls by Member State authorities. To that effect it set up in September 2014 a surveillance technology expert group with Member State experts, which has been meeting on a regular basis since its establishment.
In addition to that immediate reaction, the Commission recognised in 2014, in its communication on the export control policy review, that although the EU export control system is robust and effective, it cannot remain static and must be upgraded in order to face new challenges associated with new technologies of concern.
This communication identified options for an ambitious modernisation of the system. This includes options to address human security issues as the ones we are discussing here today. The Commission is now conducting a public consultation and will finalise the impact assessment on those review options with a view to presenting, as appropriate, proposals to upgrade the EU legal framework in early 2016.
As regards the incriminated exports’ compliance with the regulations in place at the time, the Commission has obtained assurances from the Italian authorities that the exports from Hacking Team did not violate applicable sanctions and export control regulations. It should be noted in this respect that controls on intrusion software became effective in the EU only on 1 January 2015.
The Commission has taken note of concerns regarding possible unintended effects of controls on security testing tools which could possibly hinder research and has initiated dialogue with Member States, industry and NGOs to further assess the need to adjust some of the recent controls.
The Commission notes that the introduction of controls in the area, which to date has not been subject to export controls, will require efforts to raise operators’ awareness.
Inmaculada Rodríguez-Piñero Fernández, en nombre del Grupo S&D.– Señor Presidente, el 24 de noviembre de 2014 intervine en esta Cámara para solicitar una revisión de nuestra legislación sobre exportaciones de productos de doble uso. Hoy, casi un año después, lamento decir que seguimos prácticamente en el mismo punto. Incluso peor, porque el pasado mes de julio se destapó el caso de la empresa europea Hacking Team, especializada en la comercialización de dispositivos, tecnologías y software de vigilancia. Tecnologías que están siendo utilizadas para cometer violaciones de la privacidad en terceros países y que son usadas por algunos Gobiernos como herramientas para reprimir y violar los derechos humanos de periodistas, opositores políticos, blogueros y defensores de los derechos humanos.
Según los documentos internos que se filtraron, esta empresa europea vendió sus productos de vigilancia y espionaje a Gobiernos y servicios de inteligencia de países cuyas prácticas en materia de derechos humanos han sido reiteradamente condenadas por la Unión. No podemos consentir que ninguna tecnología europea esté implicada en abusos sobre los derechos humanos en terceros países. Se está produciendo una creciente comercialización de estas tecnologías, pero la verdad es que la regulación a la que se somete este mercado es francamente escasa.
Por eso, exigimos más transparencia y responsabilidad con respecto a la venta de estos dispositivos de doble uso que invaden la intimidad y la privacidad de las personas. Las políticas internas de diligencia debida y los esfuerzos de autorregulación han demostrado que han sido absolutamente insuficientes. Seguimos esperando una legislación que mejore y endurezca los controles sobre estas exportaciones. Una legislación moderna y eficaz, capaz de adaptarse a los rápidos cambios tecnológicos y científicos.
Las condenas por parte de la Unión Europea respecto a las violaciones de los derechos humanos de privacidad en terceros países carecerán de toda credibilidad si no se toman medidas para evitar que sigan sucediendo ese tipo de cosas. La coherencia de nuestra política exterior y comercial está en juego. No podemos esperar más a esa legislación de mejora.
Bodil Valero, för Verts/ALE-gruppen.– Herr talman! EU:s politik för fred och säkerhet bör handla om utveckling, handel, mänskliga rättigheter och mycket mer – och det hör ihop. Därför krockar det ofta när vi talar om export av krigsmateriel. Då menar jag inte bara den konventionella vapenexporten utan också riskerna med produkter som har dubbla användningsområden, och som inte alltid är reglerade i dag.
Jag talar också om de risker som är förenade med att exportera allt detta material till icke-demokratiska stater. Många gånger är det ju material som kan leda till större säkerhet men som om de hamnar i fel händer kan hota både vår säkerhet och mänskliga rättigheter i samma utsträckning som de konventionella vapnen. Då är det särskilt riskabelt att exportera informationsteknologi och övervakningsutrustning till regimer som kränker mänskliga rättigheter. Det har ju bland annat den arabiska våren visat, till exempel Nokia och Siemens som hjälpte den iranska regimen att förfölja demokratiaktivister. Svenska Ericsson valde att förse den syriska regimen med telekommunikationsutrustning när motsättningarna började, vilket innebar att oppositionella lätt kunde spåras av regimen. Tysk och brittisk teknologi användes mot demonstranter av regimerna i Bahrain, Egypten och Tunisien. Demokratiska organisationer med officiellt EU-stöd har det spionerats på, de har infiltrerats, medlemmar har torterats, dödats eller fängslats.
Därför är det väldigt viktigt att vi tar upp exporten av känslig informations- och kommunikationsteknologi till dessa länder. Jag hoppas att kommissionen i sin översyn också tittar på att hitta ett väldigt strikt och konsekvent regelverk för att förebygga i stället för att komma och släcka bränder.
Monika Flašíková Beňová (S&D).– Európska únia si zachováva vysoký štandard pri ochrane ľudských práv a slobôd a snaží sa byť príkladom pre celý svet v ich presadzovaní, dodržiavaní a rešpektovaní. Znepokojuje nás preto prípad talianskej spoločnosti Hacking Team, ktorá predáva nástroje umožňujúce vládam a iným používateľom monitorovať a zaznamenávať každý digitálny pohyb jednotlivca vrátane krajín, ktoré EÚ opätovne kritizovala pre stav v otázke dodržiavania ľudských práv, ako sú napr. Egypt, Maroko, Uzbekistan či Bahrajn.
Európska komisia musí preto promptne reagovať, nakoľko trh, na ktorom predmetná firma pôsobí, je v súčasnosti veľmi málo kontrolovaný a do veľkej miery neregulovaný. Vyšleme takýmto svojim konaním partnerom jasný signál, že porušovanie a nedodržiavanie základných ľudských práv a slobôd nebude v Európskej únii tolerované.
Európska komisia musí nájsť rovnako spôsob, ako zastaviť účinnými politikami predaj produktov, ktoré umožňujú takéto porušovanie ľudských práv v súvislosti s predmetnou problematikou. Považujem rovnako za potrebné, aby sme sa vážne zamysleli nad rozpočtom Európskej agentúry pre bezpečnosť sietí a informácií, ktorá dlhodobo trpí finančným poddimenzovaním a nedokáže tak aktuálne reagovať na podobne situácie.
Doru-Claudian Frunzulică (S&D).– Mr President, it is absolutely unacceptable that we permit hacking companies to sell to authoritarian regimes when we know that their products could be used to spy on journalists, dissidents and citizens, thereby using high-definition (HD) technology to facilitate gross human rights abuses. Even if they do not sell directly to authoritarian regimes, they are almost as guilty by letting dangerous tools fall into the hands of malicious states or non-state actors. If that happens, their failure to keep track of exports of their own software means that they do not care if their technology is misused and do not care about the vulnerability of those who defend human rights.
It is vital that we find a way to control the export of these tools that could be used to target human rights activists and pro-democracy supporters at home and abroad.
Procedura „catch the eye”
Seán Kelly (PPE).– Mr President, firstly thanks to Marietje Schaake and the other colleagues who have done great work in this rather complicated area, and thanks also to the Commission for the detailed statement a few moments ago.
I suppose hacking is the big enemy of the digital world and technological advancement, and it is very difficult to come to terms with. It reminds me a bit of doping in the sporting world: it is almost impossible for the enforcers to keep ahead of the dopers, and I suppose the same could be said here. Nevertheless, we have to try, particularly in relation to the issue raised here tonight: the sale of software equipment to dictators, etcetera. That cannot be tolerated under any circumstances. Everything must be done to try and stop it, and particularly to ensure that the rights of journalists and human rights activists, etcetera, are not violated. So I think a few things are needed: the first is strong regulation and the second is stronger penalties.
Νότης Μαριάς (ECR).– Κυρία Jourová, στην προηγούμενη συζήτηση, σας έθεσα ένα θέμα για την προστασία των Ελλήνων δανειοληπτών, σε ελβετικό φράγκο. Είναι 70.000 οικογένειες που κινδυνεύουν να χάσουν τα σπίτια τους.
Επειδή δεν άκουσα να λέτε τίποτε για το θέμα αυτό, θα πρέπει να το λάβουμε σοβαρά υπόψη και το επισημαίνω διότι συγκεκριμένη πολιτική ομάδα δρομολογεί διαδικασία χωριστής ψηφοφορίας επί δύο τροπολογιών που έχω καταθέσει για την προστασία των Ελλήνων δανειοληπτών σε ελβετικό φράγκο, και είναι σημαντικό.
Στο θέμα το συγκεκριμένο της εταιρείας hacking, το απαράδεκτο πρώτα απ' όλα είναι ότι υπάρχει μια εταιρεία η οποία φτιάχνει λογισμικό για να γίνεται hacking. Αυτό πρέπει να καταγγελθεί, διότι δεν πρέπει να επιτρέπεται κάτι τέτοιο. Το δεύτερο θέμα είναι ότι η εταιρεία αυτή δίνει ή της έκλεψαν το λογισμικό αυτό, το οποίο φτάνει πλέον σε οργανισμούς, σε κράτη, τα οποία παραβιάζουν τα ανθρώπινα δικαιώματα και θα πρέπει, εν προκειμένω, να πάρει σοβαρά μέτρα η Επιτροπή, για να μην έχουμε παραβίαση των ανθρωπίνων δικαιωμάτων με ένα λογισμικό το οποίο στηρίζεται καθαρά στο hacking.
Ivan Jakovčić (ALDE).– Gospodine predsjedniče, proizvodi koji mogu imati dvojnu namjenu tema su o kojoj smo već raspravljali u ovome domu, u ovome sazivu, ali čini mi se da nismo otišli puno dalje. Naime, morao se dogoditi ovaj slučaj Hacking Team-a kako bi ponovno ta tema došla na dnevni red i kako bismo ponovno otvorili niz pitanja naše opće sigurnosti, a pogotovo osobne sigurnosti, i nas koji živimo u Europskoj uniji, a pogotovo onih koji žive u zemljama gdje se te tehnologije prodaju. One se onda mogu koristiti i u raznim drugim zemljama, ne moraju se baš koristiti samo u onim zemljama u kojima su prodane.
Podsjećam da je ovo opasnost i za nas koji živimo u Europskoj uniji. Sami sebi možemo stvoriti enormne, grozne probleme. U tom kontekstu očekujem da će Komisija, ne samo zato što je sve predala zemljama članicama već zato što i ona ima dio odgovornosti, doći s konkretnim idejama i prijedlozima u ovaj Parlament.
Jonathan Arnott (EFDD).– Mr President, the Hacking Team revelations show up some serious failures. They show a failure by the Italian Government to hold firm on banning the export of this dangerous technology, and a failure of common sense, decency and basic morality in those who failed to consider the impact of their actions.
This spying software has been sold even to Saudi Arabia. Have we forgotten that this is the country which started to flog Raif Badawi, which beheads people on the flimsiest of evidence, and proposes to behead and crucify Ali Mohammed al-Nimr for protesting against the Saudi Government when he was just 17?
Yet, even in the UK, we seem to consider these people to be our friends. We sell them equipment too. When the Saudi Arabian King died, we flew our flags at half-mast. Perhaps we too in the UK need to take a good, hard, long look in the mirror.
Stanislav Polčák (PPE).– Pane předsedající, já bych chtěl říci, že jako každá věc má rub a líc, tak to platí zejména u zboží dvojího určení. Zde ten ruba a líc, myslím, že závisí také i na postupu našich spojenců. V okamžiku, kdy samozřejmě evropské podniky by měly sledovat žádoucí rozvoj, zaměstnanost, konkurenceschopnost, tak zboží dvojího užití nám v zásadě vyhovuje, to znamená, pokud skutečně plní účel rozvoje Evropy na tomto poli konkurenceschopnosti.
Ale v okamžiku, kdy tomu tak není, tak nám samozřejmě takovéto zboží začíná vadit a v okamžiku, kdy evropské podniky takto vytlačí jiné konkurenční podniky našich koaličních spojenců, zejména ze zemí NATO, tak to je, myslím si, jedna z věcí, která by nám asi vadila, pokud by tato aktivita nebyla koordinovaná.
Já velmi děkuji paní komisařce za její uvážlivý přístup. Budu sledovat veřejnou diskusi, kterou si k tomuto úkolu stanovila, a budu pevně doufat, že se ta pravidla podaří modernizovat a autorizovat.
Tomáš Zdechovský (PPE).– Pane předsedající, já bych chtěl poděkovat svým kolegům za poměrně dobrou a věcnou diskusi. Otázka porušení práva užívat věci soukromé je otázka lidské integrity. Otázka lidské integrity je vždycky otázkou morální.
Já si nemyslím, že jakákoliv regulace za strany Evropské komise zabezpečí to, aby podobný software nebyl prodáván zemím, které mají problém s lidskými právy. Já si myslím, že je to otázka více morální. Firmy, které dokáží vydělávat poměrně velké peníze na speciálním softwaru, by měly být natolik schopné tuto věc pochopit a integrovat, aby nemusely tento software prodávat zemím, které mají problémy s lidskými právy a s jejich porušováním.
(Încheierea procedurii „catch the eye”)
Věra Jourová,Member of the Commission.– Mr President, allow me to reiterate the Commission’s determination to take on the challenges posed by the export of dual-use cyber surveillance technologies. We have acted resolutely over the last few years and have taken unprecedented action to prevent exports that might be misused in violation of human rights. In this context we must ensure that export controls contribute to a broader policy perspective, along with other tools such as sanctions, in order to provide a progressive, proportionate and effective response.