Digital Technology, International Affairs

The Surveillance Arms Race

There is a new arms race emerging between people who want to communicate freely and securely and governments that want to monitor and limit this communication. In democratic countries, this government interference ranges from the mass monitoring of telecoms to flirtations with cutting off social media flows and shutting down cell towers in protest areas. When autocratic countries face crisis and conflict, however, the battle for control over communication is more troublesome and the risks are more acute.

Linking the interference being run by governments in democratic and autocratic countries is the technologies being deployed by both. And therein lies a paradox: The tools that enable autocratic governments to monitor and control their citizens are produced by western technology companies.

Much like the arms trade, this often creates an awkward scenario in which western countries end up supporting opposition movements that are fighting against technology bought from western countries. Sometimes this collusion backfires in provocative and potentially controversial ways. For example, in Syria, American journalist Marie Colvin and French photographer Rémi Ochlik were killed by a mortar attack that was most likely carried out by targeting their satellite phones. It is widely held that this technology was provided by western companies.

There are many recent examples of this phenomenon, especially within the context of the Arab Spring. High profile technology companies such as Gamma (UK) and FinSpy offered surveillance services to regimes in Egypt, Tunisia, Libya, Bahrain, and Syria. Google Engineers discovered contract proposals between Gamma and the Mubarak regime – €250,000 worth of spy technology  that would “enable them [Egypt] to intercept dissidents’ emails, record audio and video chats, and take copies of computer hard drives.”  The SpyFiles operation by Wikileaks and Privacy International further revealed 287 documents indicating that these surveillance companies such French arms dealer, Amesys, sold both spyware and malware technologies (including Trojans) to the Gaddafi regime.

The Citizen Lab at the University of Toronto has uncovered a wide range of examples of complicity between western companies and authoritarian regimes. Most recently, it showed that devices manufactured by Blue Coat Systems, a California-based hardware company, were in use by 61 countries, with histories of human rights abuses. In 2011, it detailed how Syria used Blue Coat software to both censor the Internet and root out particular activities linked to pro-democracy activists.

Western governments use this same type of commercial filtering and monitoring technology to monitor and restrict the online behaviour of their employees. This means that western governments could very well be implicitly supporting private companies that develop technologies that assist the oppressive regimes the oppose.

Indeed, if one were to attend a trade show for such technologies, as a Washington Post journalist recently did, one would find more than 35 United States federal agencies buying the very same technologies as the autocrats. As reported in the Atlantic, Jerry Lucas, who runs a trade show called ISS world, which is known as the “Wiretapper’s Ball”  was asked by the Guardian whether he would be comfortable with Zimbabwe and North Korea buying technology at his trade shows.  He responded, “That’s just not my job to determine who’s a bad country and who’s a good country. ”That’s not our business, we’re not politicians … we’re a for-profit company. Our business is bringing governments together who want to buy this technology.”

The U.S. State Department, which has spent $70 million promoting internet freedom abroad, is part of a government that has few regulations on the trade of the technology that prevents such freedom. A bill has been before the United States Congress to prevent the sale of this technology to “Internet-restricting countries” since 2006, but the bill faces implementation challenges, as the list of countries in question now includes most nation states.  And there are other real limits to what western governments can do, due to both the scale of the industry, estimated at $5 billion a year globally, and the limits of contemporary international law.

There have been some positive steps: Last year a U.S. congressional subcommittee passed the Global Online Freedom Act (GOFA), “creating a new transparency standard for Internet companies listed on U.S. stock exchanges and operating in countries that substantially censor or control the Internet.”  The GOFA would force U.S. companies listed on the U.S. Stock exchange to release information on their human rights due diligence.

Of course, these technologies have the potential to be used for both positive and negative impact (they are dual-use). This poses a particular challenge to governments trying to use these technologies for good. For example, the U.S. government is funding Commotion Wireless, a sophisticated hacking project that seeks to enable activists by undermining internet censorship in countries such as Syria and Iran, however the FBI recently warned that these same anonymizing and encryption tools might be “indicators of terrorist activities.”

The question for policymakers, then, is whether anything beyond challenging regulatory measures can be done to overcome the dual-use dilemma, or whether it is simply a fact of life in a radically open operating environment. Whatever the reply, a relatively simple place to start would be to support the development of technologies that empower individuals, rather than enabling the production and trade of tools used for surveillance and oppression.

For example, a Swedish research team recently developed a new tool that allows Tor communication (a tool that anonymizes internet use) to be cloaked within services like Skype in order to circumvent recent changes to the Chinese “firewall” that had compromised those who used those services. Similarly, a team at Columbia University’s Graduate School of Journalism, in partnership with Stanford Computer Science, has built an app called Dispatch that allows for secure communication between journalists and their sources in areas of conflict. Another app, Silent Circle, allows users to send encrypted files of up to 60 megabytes via text message. These are tools that our governments should support. One can even imagine a virtual embassy incentivizing such projects. Too often, however, these surveillance-evading tools ruffle the feathers of autocratic and democratic governments alike.

What we are ultimately seeing is an arms race between oppressive governments and their citizens. It is high time that our democratically elected governments cease supporting, either tacitly or explicitly, the technologies enabling government surveillance.

Crossposted on OpenCanada.org