Wednesday 15 Jul 2015 @ 16:05
techUK
Printable version

Hacking team leak highlights the need to implement human rights due dilligance

Read techUK's Export Guidance to prevent abuses and avoid resulting reputational damage.

Hacking Team, a specialist surveillance tech and spyware supplier headquartered in Italy, has found itself victim to its own hack. 400gb of documents and email exchanges publicised by hackers confirmed that it has conducted export deals with governments who have controversial human rights records.

The hack revealed that the company's offering has been pushed out to governments across the world, enabling them to infect computers and mobile phones with covert spyware to harvest data and record correspondence. Customers have included the likes of Russia, Sudan, Bahrain and Egypt. The documents also evidence talks with Syria prior to unrest against Bashar Al-Assad in 2011 in addition to a policy of leaving legal considerations to the discretion of the government client.

The story has received extensive media attention both within the technology and national press. It has not yet been established what the repercussions will be for Hacking Team but one only has to look to the similar case of Gamma International and its export of the FinFisher spyware product. Following a similar media furore, Privacy International filed complaints against the company with various national authorities in the UK for the abuses committed by the Bahraini regime it helped facilitate.

It is vital that companies implement human rights due diligence upon their customers when biding for contracts, even for products that do not fall under dual-use nor export controls. techUK believes that respecting human rights is not only an end in itself but is in line with greater expectations on companies to answer to their boards, shareholders, investors, and consumers and the media as to how they are assessing and monitoring associated risks. In response to the Hacking Team developments, techUK and CGI's Andrew Rogoyski told SC Magazine: "A supply chain assessment should be made every time you put a contract out to a third party and take a view of the risk involved, and the level of protection they have in place."

This can prove a difficult undertaking for companies, in particular for SME's who may not have the resources to implement due diligence. With this in mind and at the request of the Cyber Growth Parnership (CGP), techUK, in association with the Foreign and Commonwealth Office and the Institute for Human Rights and Business published guidance for the cyber security sector advising on human rights risks involved in the export of their products and services.

'Assessing Cyber Security Export Risks' is the first tech sector guidance of its kind. It provides cyber security companies of all sizes with actionable advice to help identify and manage the risks of exporting their products and services. It gives detailed background information and a framework to help companies develop their due diligence processes, manage human rights risks and identify national security risks. This reduces the likelihood of a buyer being able to use your technology to help perpetrate human rights abuses. It also reduces the likelihood of reputational damage to British companies.

The guidance outlines a risk assessment process that helps companies to:

  • Look at the capabilities of the product or service they want to export and how it could be used by purchasers
  • Examine the places where they are exporting to including their political and legal frameworks, the state's respect for human rights and potentially vulnerable people
  • Assess who the end purchaser of the product is and how they intend to use it
  • Evaluate potential business partners and re-sellers
  • It also provides advice on how to mitigate and build risk management clauses into the contract

The Cyber Growth Partnership is a forum made up of members from government, industry and academia that works to help UK cyber security companies increase their access to overseas and domestic markets and to increase the talent pool available to them in the UK. It is co-chaired by the CEO of BT, Gavin Patterson, and the Minister of State for the Digital Industries, Ed Vaizey MP.

You can download the guidance via the link above.

 

Channel website: http://www.techuk.org/

Share this article

Latest News from
techUK

New CCS Chief Executive announced

24/04/2024 16:25:00

Last week, it was announced that the Crown Commercial Service had appointed it's new Chief Executive to replace Simon Tse when he retires this summer

Prime Minister announces significant increase in Defence spending

24/04/2024 13:20:00

Speaking yesterday at a NATO press conference in Poland, the Prime Minister committed to increase Defence spending to 2.5% of GDP by 2030, representing an additional £75bn in funding over the next 6 years.

Financial Conduct Authority publishes its response to work on big tech and data asymmetry in financial services

24/04/2024 11:20:00

Watch techUK’s Head of Financial Services, Andy Thornley, explain the FCA’s response to their work on big tech and data asymmetry in financial services!

Innovate to elevate: Can product design solve the UK's productivity paradox? (Guest blog from Exclaimer)

23/04/2024 11:25:00

Blog posted by: Vicky Wills, Chief Technology Officer, Exclaimer, 22 April 2024.

New National Cyber Security Centre CEO Announced

22/04/2024 11:25:00

Recently, Friday 19 April, the NCSC officially announced Richard Horne as the incoming Chief Executive Officer (CEO), succeeding Lindy Cameron who stepped down earlier this year.

NFCC Data, Digital and Technology Conference 2024

22/04/2024 10:25:00

The Digital, Data, and Technology (DDaT) Conference hosted by the National Fire Chiefs Council is a pivotal event designed to bring together senior leaders and practitioners in the fire service sector.

What the London Marathon can teach us about Open Finance and Digital Identity

19/04/2024 15:25:00

This Sunday 21st April, the 44th London Marathon takes place. With a world record of more than half a million hopefuls that have applied, it has become ever important for participants to share their journey around the city’s landmarks with their friends and family. Of course, just relying on spotting a runner’s face or individual number on their chest amongst this many people would be difficult, so how do the organisers solve this problem?

HMRC Publish Cross Justice Secure Mail PIN

19/04/2024 13:10:00

HMRC has just published a PIN to seek industry guidence to help define the requirements of future market competition.

techUK leads members delegation to the 8th edition of the UK-US SME Dialogue in Belfast

17/04/2024 16:25:00

On 15 and 16 April, techUK organized a members delegation to the 8th edition of the UK-US SME Dialogue in Belfast, Northern Ireland.

Latest WiredGov Survey: How Are Public Sector Budget Cuts Hurting Talent Acquisition? 10 x £100 Amazon Vouchers Up for Grabs!