A Global Campaign to Monitor the "Digital Weapons" Trade
BY Carola Frediani | Tuesday, April 8 2014
It might seem that there is little connection between Milan and the atrocities occurring in Syria under the regime of President Bashar al-Assad but we now know that a little known Italian tech company called Area SpA was providing Assad with technology that could virtually allow him to seize and search any e-mail that passed through the country. Unfortunately, such an example is now fairly commonplace: Vodafone in Egypt, as well as Siemens and Nokia in Iran, to name a few.
Though Area SpA later announced it was curtailing its surveillance project in Syria, in an alarming trend, surveillance technology companies, many of them in western countries with decent human rights records are selling such technology to countries with fairly sinister ones. This problem, which some activists have called the "digital arms trade" is global and complex in nature and is at the heart of a new global campaign launched on April 4 by an international group of leading NGOs. They banded together to create the Coalition Against Unlawful Surveillance Exports (CAUSE), calling for governments to take action on the international trade in communication surveillance technologies.
The group -- which includes Amnesty International, Digitale Gesellschaft, the International Federation for Human Rights (FIDH), Human Rights Watch, the New America Foundation’s Open Technology Institute, Privacy International, and Reporters without Borders -- wants governments and private companies to tackle the proliferation and abuse of these technologies across the world, since they are more often than not used to violate their citizens' right to privacy, free speech and a host of other human rights. World leaders are responsible for keeping such invasive surveillance systems and technologies out of the hands of dictators and oppressive regimes, said the coalition's organizers.
“What is unique about the CAUSE coalition are the groups that are part of it,” Mike Rispoli, Communication Manager of UK-based Privacy International, says to techPresident. “You have organizations like Privacy International, as well as Open Technology Institute or Digitale Gesellschaft, that focus on technology, digital rights, etc., but you also have more traditional human rights groups like Amnesty International, Human Rights Watch, and Reporters without Borders. The reason why this is so important is that there’s a broad recognition that surveillance technologies pose significant threat to the enjoyment of rights around the world, not just the right to privacy but also freedom of expression.”
What exactly do these technologies do? There is malware that allows surreptitious data extraction from personal devices such as phone and PCs; tools that can intercept telecommunications traffic; spygear that geolocates mobile phones and can therefore track their owners; monitoring systems that allow authorities to track entire populations; and devices used to tap undersea fiber optic cables to enable NSA-style internet monitoring and filtering.
On the CAUSE website, an interactive map pinpoints where some of these technologies end up and which companies supply them; many of these technologies appear in countries with serious human rights violations. There are many European companies on the list, but also US and Canadian firms, as well as Russian, Chinese, Israeli, and South African ones. Their technologies have been found in countries such as Bahrain, Brazil, Côte d’Ivoire, Egypt, Ethiopia, Libya, Nigeria, Morocco, Turkmenistan, UAE, and others.
FinSpy, for example, is a software created by the British company Gamma Group, and has been found in Turkmenistan, Brunei and Bahrain, countries that have been criticized for human rights abuses. Three Bahraini activists received emails containing FinSpy software, which can grab images of computer screens, record Skype chats, turn on cameras and microphones and log keystrokes, all the while avoiding detection by antivirus software.
A similar spyware made by the Italian company Hacking Team has been found in the computers of journalists from the award-winning Moroccan media outlet Mamfakinch, as well as in the computer of United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Hacking Team software, called RCS, has also been used to target Ethiopian journalists, according to University of Toronto's Citizen Lab, a non-profit group that, together with the US-based non-profit Electronic Frontier Foundation, has been very active in following the use of spyware and surveillance technologies around the world.
DigiVox, a Dutch firm specializing in security technologies designed primarily for law enforcement and intelligence agencies, has been reported to have sold its products to all the GSM network operators in Nigeria, as well as Nigeria's intelligence agency, the State Security Service (SSS), amidst growing worries that the African country might be building a massive surveillance regime.
As with the case of Area SpA and the Assad regime, these technologies can also be used to filter and intercept mass communications. The American company Naurus -- also deeply involved in the NSA's monitoring programs -- sold “deep packet inspection” (DPI) technology to Egypt under deposed President Hosni Mubarak. DPI is a form of network filtering that allows those who wield it to inspect and track content from Internet users and mobile phones as it passes through routers. Turkey recently passed a controversial internet law that allows ISPs to use “deep packet inspection” to filter specific web pages and monitor users in real time.
Regulating the international trade of these surveillance technologies is not an easy task. Many of these products fall under the dual use category: it means they can be used for both good and bad, to legitimately manage traffic, filter spam, and track criminals or terrorists, but also to block websites and track people.
“However, what we are seeing increasingly is that the types of governments buying these technologies have a horrendous track record in terms of human rights. So the company's standpoint can’t just be: ‘We are selling them for legitimate purposes,'" says Rispoli. "We would like to see more restrictions and regulations in place that would prevent the sale of these technologies to repressive regimes, just like how the traditional arm trade is controlled."
The CAUSE coalition is not the only group asking for accountability from the surveillance tech industry. There are at least two other campaigns, though not international in nature like CAUSE, and they were both born in Europe.
A couple of days before the launch of CAUSE, the Greens-European Free Alliance in the European Parliament created the No Spyware for Dictators petition and website calling for new EU legislation to govern the global trade in European telecommunications and internet surveillance technology. An interactive map on their website shows how European technologies are exported in countries with dubious human rights records. Germany, France, Italy, the UK and Sweden are at the forefront of this trade. Currently, there is not a single restriction in Europe on the export of surveillance technology.
“It is a difficult task to draw the line between what needs to be regulated and what should be sold freely," Barbara Lochbihler, a member of the Greens in the European Parliament and Chair of the Subcommittee for Human Rights, tells techPresident. "As Greens, and given the consequences that European exports have had on human rights defenders and journalists worldwide, we take a precautionary approach: All relevant software and hardware elements that could facilitate human rights abuses need to be included in a new control regime –- particularly technologies used for mass surveillance, monitoring, intrusion, tracking, tracing and censoring.”
There could be various options where such regulation could be enforced. For instance, the European Commission announced that at the end of this year, they will renew the regulations of dual-use software and technology products, which was created to prohibit the development of weapons of mass destruction.
“It is totally unclear, however, whether and to what extent surveillance technology will be included in this process,” Lochbihler explains. “This is one aim of our campaign: convince the Commission to grasp the chance of a dual-use review to finally also regulate surveillance technology exports.”
In December 2013, the Wassenaar Arrangement –- an association of 41 of the world’s largest arms exporters –- took a step in the right direction when it developed guidelines to include surveillance technology in its control lists. However, the anti-surveillance campaigners argue, the control lists are not enough, and many spying and tracking technologies are not covered by the definitions contained in the proposed lists.
“Imagine you are planning a peaceful protest to confront the current regime in your country. Without your knowledge the dictator has installed the latest tracking and tracing technology in order to block your efforts...The moment you want to raise your voice, you are arrested, humiliated and tortured. All fundamental human rights are violated. The technology used to violate your human rights was delivered by European Companies."
This is the scenario given by the Stop Digital Arms Trade campaign on their website, which also provides a number of real-life examples from European tech companies and the products they have provided to authoritarian regimes like Syria, Iran and Egypt.
“The EU at least needs to update its dual-use regulation to include surveillance and intrusive technologies," Dutch MEP Marietje Schaake tells techPresident. She is a long-time critic of surveillance technologies and industries and initiated the Stop Digital Arms Trade campaign.
"In addition, we need licensing requirements to make sure that we control the appropriate technologies and the relevant transactions," says Schaake. "Furthermore, the fragmentation of the export controls –- since Member States are responsible for the implementation of export controls, in effect, there are 28 exporting authorities -- should be addressed by giving more responsibilities to the Commission in the enforcement. This will increase effectiveness, efficiency, accountability and will help to retain a level playing field.”
With the NSA scandal not yet concluded, the global debate about surveillance technologies is expanding. And now the EU -- with the European elections scheduled in May -- can lend at least one positive conclusion to this debate. "Europe now has the space cut out for it," says Schaake, "to take a position of leadership in defending digital freedoms.”
Carola Frediani is an Italian journalist and co-founder of the media agency, Effecinque.org. She writes on new technology, digital culture and hacking for a variety of Italian publications, including L’Espresso, Wired.it, Corriere della Sera, Sky.it. She is the author of Inside Anonymous: A Journey into the World of Cyberactivism.
Correction (April 9, 2014): The article misstated that MEP Marietje Schaake was a supporter of the Stop Digital Arms Trade campaign. She initiated the campaign.
Personal Democracy Media is grateful to the Omidyar Network and the UN Foundation for their generous support of techPresident's WeGov section.