To track and surveil citizens online, repressive regimes in the Middle East and North Africa have relied on Western technology for years. US company BlueCoat has been accused for months of providing the Assads with products for online crackdown, and the firm finally acknowledged that the Syrian regime has been using its products, although without its direct consent. It is not the only Western company providing these services. Italian firm Area S.p.A, a surveillance company based outside Milan, is installing a system that will allow the Syrian government “to dip into virtually any corner of the Internet in the country”, and into mobile phones, fixed lines and vehicles. Area uses equipment from U.S. company NetApp Inc., France’s Qosmos SA and Germany’s Utimaco Safeware AG.
Surveillance technology and embargo trades
There are fundamental differences between the implications of selling this technology for firms like BlueCoat and for European companies like Area or Utimaco. Sales to Syria are not authorised as a result of US trade embargoes since 2004, which include exports to Syria other than food or medicine. BlueCoat, which sells security devices that can also be used to intercept traffic, would be seriously compromised if they were in violation of the trade agreements, and the firm has repeatedly denied selling its products to the Syrian regime. According to Tor researcher Jacob Applebaum, “Bluecoat is lying to everyone about Syria. They know exactly where serial numbers are being used because of a phone home process” (which prevents BlueCoat devices to be in operation without the firm knowing about it.)
Area's products are specifically designed for lawful interception. The firm defines itself as “the Italian leading provider of technology solutions to support Law Enforcement Agencies in interception activities”. Its agreement with the Syrian government will help agents track and analyze data on mobile phones, fixed telephone lines, telephone switchboards, Internet access and vehicles. It also includes training for government agents. However, Area, Utimaco and Qosmos face no legal questioning for providing these services to the Syrian government. The EU has imposed a series of sanctions against Syria since May, including a ban on arms sales, but these do not include surveillance technology. Human rights activists wonder why, since there is a direct relationship between filtering and surveillance technology and the tracking, arrest, torture and killing of potential opponents in Syria.
Is the current agreement on export controls enough?
The Electronic Frontier Foundation has worked on a proposal for companies to audit their customers for human rights abuses. The framework includes affirmative investigation of “who´s your customer” before and during sale, and refraining from participating in transactions where investigations reveal evidence or credible concerns that the technologies provided by the company will be used to facilitate human rights violations. However, events like the Intelligence Support Systems World Americas conference celebrated in October, where surveillance firms shared tips on the latest “lawful interception” techniques used to spy on citizens, show how little concern companies show for how their products can be abused around the world. According to Rebecca McKinnon, the problem of “amoral technology being used for immoral purposes has been exacerbated in the Internet age. As long as engineers and companies claim to have no responsibility for the political context in which their inventions and products are used, the problem is going to grow worse.” So what if companies don't act on their own? According to EFF Director for International Freedom of Expression Jillian York,” if companies don´t act on their own some regulatory approach seems inevitable.”
The Wassenaar Agreement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies may be the closest we have come to regulating such services being provided to repressive regimes. This multilateral export control regime includes 40 participating states that accept that certain restrictions should be applied to arm exports, and also to technologies that can be classified as dual-use (technologies normally used for civilian purposes but which may have military applications). It briefly mentions surveillance and monitoring technology:
“ML11.A.: Electronic systems or equipmente, designed either for surveillance and monitoring of the electro-magnetic spectrum for military intelligence or security puroposes or for counteracting such surveillance and monitoring.”
However, the guidelines for entering such category and the restrictions are not properly defined. What kind of electronic surveillance systems fall under this category? And what should be done if a technology does fall under this category? The lack of definition makes it easy for firms to modify their product specifications to bypass the restrictions and makes legal actions against them very difficult.
Supporting citizen struggle for freedom
Since surveillance technology is as necessary for repressive regimes in order to continue their crackdown against citizens as the weapons they import, would it make sense to see surveillance products and services included in the import bans? Should there be a policy similar to that on weapons that specifies what kind of devices can or cannot be exported, and in what terms? According to researcher and hacker Arturo Filastò, “giving these countries the ability to track and analyze data on mobile phones and other devices seems like a bad idea, and policy makers should meet up and figure out what is the best way to regulate this. A number of options could be discussed: technologies that allow remote deactivation in case they get used wrongly, limiting their use… Discussing this is urgent, since there is currently no law to regulate it.”
On a conference that took place on October 28 in Barcelona, “Mediterranean: Cultural Dialogue after the Arab Spring”, activists from the Middle East and North Africa and members of the European Parliament discussed which stand Europe should take in order to support freedom and citizen demands on the south of the Mediterranean. We all agreed that Arab citizens had a hard time trusting the pronouncements of European governments after being confronted with the fact that Europe has supported repressive regimes in different ways for years, and still does. Providing dictatorships with technology to track and censor citizens was one way to do so, and it could boycott all attempts to promote freedom, justice and stability in the region. Within this context, figuring out ways to regulate this does seem urgent.