POLITICS MARCH 15, 2012
Late last year, as the regime of Bashar Assad was continuing its murderous rampage against the people of Syria, the governments of Iran and Russia offered their diplomatic support. But Bashar also received significant practical assistance from a much more unlikely ally: an Italian surveillance firm by the name of Area SpA. Throughout all of 2011, employees of that company were being flown to Damascus to direct Syrian intelligence officers in the installation of a computer system that would allow the Syrian government to scan and catalog virtually every e-mail that flows through the country. As the violence escalated, so did the regime’s insistence that the project be completed. It was a “race against time to set up monitoring centers,” says Trevor Timm, of the Electronic Frontier Foundation, who recently provided a report to the EU parliament on the subject—a race that Area SpA showed few qualms about participating in.
Indeed, the Italian company has plenty of competition from other Western firms—including Finfisher, Trovicor, and Blue Coat Systems, to name just a few—that are in the same line of work. The provision of high-tech surveillance equipment is a burgeoning business for technology companies in Europe and the United States—currently worth an estimated $5 billion per year and growing 20 percent annually—due in large part to the increased demand from authoritarian regimes across the Middle East and Asia. “They’re profiteering off people’s lives,” Timm says. But the companies have shown little inclination to voluntarily curtail the trade. That’s why a growing number of activists are now trying to increase the pressure on them.
Public shaming has been one of their primary methods. Timm’s report to the EU was unreservedly damning. And then there is Eric King, human rights advisor to Privacy International, who had been investigating the use of surveillance technology by authoritarian regimes for over a year—and who subsequently minced no words when it came to addressing those who furnished the wares, saying that Western companies were going "out of their way" to aid authoritarian regimes. When I recently spoke with him by telephone, King told me of people in post-revolutionary Libya and Egypt who had been sending him pictures of technology that had been acquired by their respective deposed regimes. “There’s barely a week that goes by without an activist sending me a photo of something and saying, ‘What is this and can it spy on me?’,” he says. “And it’s British-made satellite phone surveillance technology.”
The increased attention that activists like Timm and King—together with investigative reports in recent months by reporters at Bloomberg and The Wall Street Journal—have brought to the issue has already convinced a few companies to change course. Area SpA, for example, has pulled out of its Syrian operations due to protest and public outcry. But many more firms still maintain an attitude of “plausible deniability”—as Timm terms it—wherein they claim they had no idea their technology would be used for nefarious purposes. This defense is made possible because the technology itself is not illegal, and is also used by democratic governments to target legitimate cybercrime.
Needless to say, this is a thin, and cynical, defense. After all, leaked files in the form of marketing slideshows by Cisco Systems have already come to light showing the American communications giant touting the capacity of their software to target and eliminate dissent. Further doubt is cast by the overall lack of transparency in this highly guarded industry, where much of the sales happen behind closed doors or at the notoriously journalist-prohibited ISS World Trade Shows. Taken all together, this suggests that at worst these companies are knowingly selling their product to egregious human rights abusers, and at best practicing what Timm calls “willful blindness.”
Activists have responded by taking a tough line, demanding government intervention. Eric King and Privacy International are advocating for Western governments to pass legislation regulating the types of software that can be exported. They want high-tech surveillance equipment to fall under “dual-use export control regimes, meaning that in order for companies to sell them abroad, the national government would need to grant an export license” as King puts it. Furthermore, Privacy International wants companies that violate such regulations—with the result that their technology is sold to known human rights abusers—to face stiff criminal charges.
By contrast, Timm’s organization, EFF, has come up with what he calls a “three-pronged strategy that goes after the customer as the choke point, and not the technology itself,” which, like most new software, is exceedingly hard to regulate. Its first aim is to set up a voluntary “know your customer” program that would remove any factor of deniability for these companies and create a culture of transparency, where public reaction against selling to despots makes it no longer an economically viable option. (King, for his part, believes that there is a problem with the “know your customer” program, namely that companies knowingly trading with repressive countries won't be cowed by the mere threat of exposure.) The EFF also advocates the funding of circumvention technology that can be used by activists to mask their locations and encrypt communications. This last goal would have the greatest immediate effect, but is also the hardest to achieve, as governments are wary of giving funding to technology that could be used to stifle their own cyber security efforts.
Indeed, it will be difficult to pass any legislation at all targeting this powerful industry. King is already having discussions with the Business Minister and Head of Export Control of his native Britain about the prospect of tough legislation, but thus far little has come of it. In the United States, meanwhile, the only legislative action on this issue is a bill by Rep. Chris Smith that is waiting to be heard by the Subcommittee on Capital Markets and Government Sponsored Enterprises. The bill seeks to enact some of the desired export controls on this technology. But currently it has only two cosponsors and there’s little word of it gaining traction any time soon.
However, even without the large-scale legislation in place that is advocated by King and Timm, there have been positive results in recent months. California-based Blue Coat Systems is now under investigation by the Commerce Department to determine whether they had prior knowledge that their technology was being used by Assad's regime. Also facing litigation is Cisco Systems, who will have to answer for the leaked documents that suggest they were fully aware of the intended use for their products. Although these companies represent a tiny fraction of a massively profitable and rapidly growing industry, holding them accountable sets an important precedent for the future.
Still, activists like Timm and King are taking such a tough stand now because they know that not much more progress can be made unless Western governments stick up for their own humanitarian foreign policy objectives. For those living under authoritarian regimes, Western technology is still being used to extract information that leads to activists' arrest and, quite often, torture. Such was the case of Abdul Ghani Al-Khanjar, a 39-year-old school administrator and activist who was seized from his home in Bahrain last year and tortured while being read a series of text messages he sent that lead to his arrest. There have been and—for the immediate future at least—will likely continue to be many more such cases in Syria. As Timm put it, “It’s getting worse and the longer we wait to do something the worse it will get.”
Nick Robins-Early is an intern at The New Republic.