Selling Big Brother technology to governments is big business

Watchdog Privacy International spent four years building the Surveillance Industry Index, an online database of close to 400 firms that sell systems that allow governments to hack into Internet cables responsible for carrying e-mail and phone traffic

By Nick Hopkins and Matthew Taylor  /  The Guardian, LONDON

Fri, Nov 22, 2013 - Page 9

Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that “off-the-shelf” equipment will allow them to covertly snoop on millions of e-mails, text messages and telephone calls, according to a cache of documents published on Monday.

The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East, the kind of powerful capabilities that are usually associated with government agencies such as the UK’s Government Communications Headquarters (GCHQ) and its US counterpart, the National Security Agency (NSA).

The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.

“The government agrees that further regulation is necessary,” a spokesman for the UK’s Department for Business, Innovation and Skills said. “These products have legitimate uses … but we recognize that they may also be used to conduct espionage.”

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent the past four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts had to go undercover to gain access to the private fairs by posing as potential buyers.

The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into Internet cables carrying e-mail and phone traffic.

Overall, the index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies which cover a vast spectrum.

One firm says its “massive passive monitoring” equipment can “capture up to 1bn intercepts a day.”

Others offer the latest James Bond-style paraphernalia, including cameras hidden in soda cans, bricks, children’s car seats and boxes of tissues. One manufacturer customizes cars or vans, turning them into state-of-the art mobile surveillance control centers.

There is nothing illegal about selling such equipment and the companies say the new technologies are there to help governments defeat terrorism and combat crime.

However, human rights and privacy campaigners have become increasingly alarmed at the sophistication of the systems, and worry that unscrupulous regimes could use them as tools to spy on dissidents and critics.

Former Libyan leader Muammar Qaddafi is known to have used off-the-shelf surveillance equipment to clamp down on opposition leaders before his downfall.

Privacy International believes UK firms should now be subject to the same strict export licenses rules faced by arms manufacturers.

“There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there on the sale of conventional weapons,” Privacy International research consultant Matthew Rice said. “This market profits off the suffering of people around the world, yet it lacks any sort of effective oversight or accountability.”

“This lack of regulation has allowed companies to export surveillance technology to countries that use their newly acquired surveillance capability to spy on human rights activists, journalists and political movements,” he said. “We desperately need export regulations placed on these surveillance technologies, and the public needs to pressure politicians and governments to act now.”

Privacy International hopes the Surveillance Industry Index will give academics, politicians and campaigners a chance to look at the type of surveillance technologies now available in the hope of sparking a debate about improved regulation.

The documents include a brochure from a company called Advanced Middle East Systems (AMES), which is based in Dubai.

It has been offering a device called Cerebro, which is a DIY system similar to the Tempora program run by GCHQ — which taps information from fiber-optic cables carrying Internet traffic.

AMES describes Cerebro as a “core technology designed to monitor and analyze in real time communications … including SMS [texting], GSM [mobile calls], billing data, e-mails, conversations, Web mail, chat sessions and social networks.”

The company brochure makes clear this is done by attaching probes to Internet cables.

“No cooperation with the providers is required,” it adds.

“Cerebro is designed to store several billions of records — metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria [e-mail addresses, phone numbers, key words].”

AMES refused to comment after being contacted by the Guardian, other than to say it followed similar protocols to other surveillance companies.

“We don’t want to interact with the press,” a spokesman said.

Another firm selling similar high-tech equipment is VAStech, based in South Africa, which has a system called Zebra.

Potential buyers are told it has been designed to help “government security agencies face huge challenges in their combat against crime and terrorism.”

VAStech says Zebra offers “access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation.”

It has been designed to “intercept all content and metadata of voice, SMS, e-mail and fax communications on the connected network, creating a rich repository of information,” the firm says.

“VASTech produces products for governmental law enforcement agencies. These products have the primary goal of reducing specifically cross-border crimes such as child pornography, human trafficking, drug smuggling, weapon smuggling, money laundering, corruption and terrorist activities. We compete internationally and openly against several suppliers of similar systems,” a company spokesman said.

“We only supply legal governments, which are not subjected to international sanctions. Should their status change in this regard, we hold the right to withdraw our supplies and support unilaterally,” he said.

Ann McKechin, a Labour member of the British House of Common’s Arms Export Control Committee, said: “Obviously we are concerned about how our government provides licenses, given these new types of technology.”

“Software technology is now becoming a very large component of our total exports and how we police it before it gets out of country will become an increasingly difficult question and I think the government has to review its processes to consider whether they are fit for the task,” she said.

She said the Department for Business, Innovation and Skills, which has responsibility for granting export licenses, had to ensure it has the skills and knowledge to assess new technologies, particularly if they were being sold to “countries of concern.”

“The knowledge of staff which maybe more geared to more traditional types of weaponry,” she added.

A department spokesperson said: “The government agrees that further regulation is necessary. These products have legitimate uses in defending networks and tracking and disrupting criminals but we recognize that they may also be used to conduct espionage.”

“Given the international nature of this problem we believe that an internationally agreed solution will be the most effective response. That is why the UK is leading international efforts to agree export controls on specific technologies of concern. We expect to be able to announce real progress in this area in early December,” the spokesman said.

Rice said surveillance companies were “developing, marketing, and selling some of the most powerful, invasive and dangerous technologies in the world that are keeping pace with the capabilities of the NSA and GCHQ.”

“The borderless nature of the Internet and digital communications puts everyone’s phone calls, text messages, e-mails, internet activity, and our most private communications are at risk. Mass surveillance is neither necessary nor proportionate,” he said.