7 Dec 2012 | Volume 41.04 Winter 2012
Between February 2011 and June 2012, I attended nine surveillance technology trade shows around the world. At these events, vendors, developers and government agencies meet, mingle and do business. They’re usually held at anonymous corporate hotels and are strictly invite-only. Yet the atmosphere is usually one of pervasive paranoia and attendees often conceal their real names and governmental affiliations. The sales representatives, by contrast, can be extremely frank, particularly when discussing the ethical implications of their trade. During one presentation, delegates from a password forensics company projected an image of a metal interrogation chair draped with chains and joked that their equipment could be used in conjunction with ‘other methods’. Another vendor told me that he was sure his company could come to ‘some arrangement’ with a (hypothetical) North Korean customer. Fat profit margins are top of the agenda; ethics and social responsibility rarely even come into it.
Twenty years ago, the value of the global surveillance industry was negligible – today it is estimated to be worth around $3bn. The fall of the Berlin Wall in 1989 left hundreds of Stasi officers out of a job and the rash of new surveillance companies that sprang up in the early 1990s in Germany suggests that many found lucrative new employment in the private sector. Privacy International published a report in 1995, highlighting this increased flow of surveillance tools from developed countries like the UK, the US, Germany and Israel to repressive regimes in Africa and South Asia, where they were then used as instruments of political control and internal repression. But not a single Western government has felt it necessary to impose export controls on surveillance technologies, and so this unethical trade has therefore continued unimpeded.
After 9/11, governments around the world ramped up their surveillance operations and private companies competed to develop and supply cheaper and more invasive tools. The business of surveillance was no longer the preserve of large military and arms manufacturers like BAE Systems; small technology enterprises and larger Silicon Valley companies quickly flooded the market. Privacy International’s recent research has identified around 250 vendors of surveillance technology based in 33 countries around the world and there are probably dozens more that have managed to remain under the radar. Unfortunately, these new actors seem to conduct themselves with even less integrity than their predecessors – exports to Africa and the Middle East are significant and companies now offer bespoke solutions and training to their clients.
One would think this would make it difficult to plead ignorance when companies get caught doing business with dictatorships and repressive regimes. Yet this is still the most common defence: companies claim that they had no knowledge of the uses to which their products were being put.
They deny complicity in resulting human rights abuses – censorship, torture, extrajudicial detention and executions – because they say that technology is neutral, that it’s not their responsibility to vet their clients, that they can’t control how equipment is used once sold. Let us be clear: in the majority of situations, this is simply not the case. These companies are not staffed by idealistic young software developers creating socially useful tools that their wicked clients are then misusing and perverting. In fact, most of the time they are working with their customers on a close and long-term basis, carefully tailoring surveillance systems to specific needs.
Milan-based Area SpA last year furnished Privacy International with a disturbing example of just how committed to customer service these companies can be. While President Bashar al Assad’s forces were engaged in brutal attempts to crush dissent in Syria, killing and injuring hundreds of unarmed protesters, Area secretly installed a nationwide mass surveillance system. Dozens of the company’s Italian employees were flown out to Syria to install hardware and software that would allow Syrian security agents to follow targets on flat-screen workstations displaying communications and web use in near-real time, alongside graphics that mapped citizens’ networks of electronic contacts. The €13m (US$16.7m) contract also specified that Area employees would supply training to Syrian security agents, teaching them how to monitor vast swathes of the population. Fortunately, after a Bloomberg report exposed the project and protesters gathered outside Area’s offices, the company quietly pulled the plug on the project.
The effect of a surveillance system of this sophistication and magnitude on political dissent, public debate, the rule of law – in fact, on all of the processes fundamental to participatory democracy – is devastating. When people see their friends and colleagues arrested and tortured because of a text message, a Facebook chat or a phone call, they think twice about complaining about government abuses. They may cut off all phone and email contact with those people, afraid that just being part of the wrong networks will bring the secret police to their own doors in the middle of the night. Arranging face-to-face meetings becomes practically difficult, and even speaking in person isn’t secure – governments can target individual mobile phones with malware that allows them to remotely control the device’s microphone and camera and thereby see and hear everything happening around it.
Organising political demonstrations is equally challenging. Blogs containing anti-government sentiments are identified and blocked almost as quickly as they can be written, preventing citizens from expressing their dissatisfactions to a wider audience. Surveillance technology is therefore one of the most powerful weapons in the dictator’s arsenal; it destroys political opposition and subdues populations far more effectively than guns or grenades.
Privacy International doesn’t think it’s right that companies based in Europe and the United States – where governments publicly condemn the kind of human rights abuses described above – should make vast sums of money by facilitating these same abuses. We also believe that this notoriously murky and elusive industry needs to be much more transparent about which products are being sold to which regimes, particularly in Africa and the Middle East. We embarked on the Surveillance Industry Index – a publicly-accessible online catalogue of surveillance companies, products and marketing materials – because we felt that putting the hard facts in the public domain would hopefully stop companies obfuscating their involvement with repressive governments and make them more accountable. We also hoped that it would add to the evidence base for proper export licensing systems in Europe and the US. In particular, the excerpts from the marketing material we’ve presented provide direct insight into the ethical vacuum at the heart of the industry and demonstrate the terrifying scope and power of some of the technologies that are now readily available.
For example, UK-headquartered Gamma Group describes one of their products as permitting ‘black hat hacking [illegal and malicious] tactics to enable intelligence services to gather information from target systems that would be otherwise extremely difficult to obtain legally’. South African VASTech sells a mass surveillance product that can intercept ‘more than 100,000 simultaneous voice channels, allowing it to capture up to one billion intercepts per day and storing in excess of 5,000 Terabytes of information’. Madrid-based Agnitio is even more explicit, stating that their product is ‘designed for mass voice interception and voice mining’. Mass surveillance has been ruled illegal in most democratic countries as, by its very nature, it can never be considered a proportionate or necessary tactic.
Over the past few years, Gamma International’s FinFisher suite, a range of spyware that covertly takes remote control of a computer or mobile device, copying files, intercepting Skype calls and logging every keystroke, has appeared all over the world. Recent reports by computer security company Rapid7 have placed FinFisher command and control servers in Australia, the Czech Republic, Dubai, Ethiopia, Estonia, Indonesia, Latvia, Mongolia, Qatar and the US. A separate investigation in August by CitizenLab, an interdisciplinary project based at the Munk Centre for International Studies at the University of Toronto, identified potential FinFisher command and control servers in Bahrain, Brunei, the Czech Republic, Ethiopia, Indonesia, Mongolia, Singapore, the Netherlands, Turkmenistan and the United Arab Emirates.
Gamma International’s Managing Director, Martin J Muench, has refuted this research – the latest in a long line of denials and excuses from the company. In April 2011, the Guardian reported that two Egyptian human rights activists had found a proposal from Gamma to supply President Mubarak’s regime with FinFisher products inside the ransacked headquarters of the State Security Investigations service. The company said the offer was for a free trial version and that ‘Gamma International UK Limited has not supplied any of its FinFisher suite of products or related training etc to the Egyptian government’. When it was reported that five Bahraini human rights activists had been sent emails containing FinFisher trojans, Gamma suggested that the malware in question was a ‘copy of an old FinSpy demo version’ that ‘may have been stolen’. Muench also tried to point the finger at organisations that had been investigating Gamma’s practices: ‘It’s been suggested that the information was stolen on behalf of a pressure group to disrupt our business but I have no evidence yet to support that claim.’
Yet Muench’s ultimate defence is that Gamma always complies with British, American and German export regulations, recently stating that ‘Export Control Authorities … act as our moral compass’. This would be all well and good – if such export regulations existed anywhere in the world. In fact, exports of surveillance technologies remain almost entirely unlicensed and thus uncontrolled. It should also be noted that, although Gamma has been using the above justification since April 2011, the company only bothered to submit a technical information about FinFisher to the Department for Business Innovation and Skills (BIS) in June 2012. BIS, which is responsible for licensing exports in the UK, has now decided that exports of FinFisher should in fact be licensed, on the basis that the product contains cryptography.
However, the British government has thus far refused to include other surveillance tools in the export-licensing regime, apparently buying into the industry’s claims that these products are all sold for legitimate purposes. Yet BIS controls exports of hundreds of ‘dual-use’ products (products that can be used illegally or dangerously as well as having a legitimate or civilian purpose) and the industry has thus far demonstrated a woeful inability to self-regulate. Unless surveillance exports are effectively controlled by law, the action the UK has taken on Gamma’s FinFisher will be just a sticking plaster on a bullet wound. Though the European Parliament passed a resolution calling for stricter oversight of surveillance technology exports and President Obama announced an executive order to prevent such exports to Syria and Iran, there has not been any clear, decisive action as of yet. And, for dissidents and ordinary citizens alike, the space for speaking out about human rights violations and ensuring this information gets out to the wider world is narrowing all the time.
©Eric King
41(4): 81/86
DOI: 10.1177/0306422012465540
This article appears in Digital Frontiers, the winter 2012 edition of Index on Censorship magazine.
3 Dec 2012 | Digital Freedom, News and features, Volume 41.04 Winter 2012
WCIT 12: Milton Mueller asks if governments are turning their backs on the global internet? A push to change the business model that delivers online content could stifle innovation and make the net an instrument of sovereignty, stuck behind national walled gardens
At the end of the 20th century, an incredible revolution took place. Barriers to the free flow of information were knocked down and a powerful cycle of technological innovation was set in motion, transforming the economy, first in the United States and then around the world.
No, I am not talking about the internet.
I am referring to the liberalisation of the telecommunications industry, which led to a huge economic revolution in the 1980s and 1990s. It started with a big bang: the breakup of the AT&T monopoly. As early as the mid- 1960s, policy-makers knew they didn’t want the emerging information services industry to be dominated and stifled by an enormous monopoly. The US Federal Communications Commission created a regulatory distinction between ‘basic’ and ‘enhanced’ services, ‘enhanced’ being defined as any transmission that included ‘information processing’. Information services would be unregulated and the market left wide open. This process began in the US and was followed by the largest economies in Europe and Asia. Technical standards escaped from the control of national governments and a huge number of new competitors entered the market. With global free trade agreements in place for IT equipment and telecommunication services, in 1995 and 1997 respectively, economic liberalisation of the industry was complete.
Deregulation had profound consequences. The same infrastructure was used for both the transmission of information services (such as early emails, and data-sharing) and telephone calls, but businesses delivering information services were exempt from the entry restrictions and gatekeeping regulations levied on telephone companies. In the late 1980s, the US pried open space for what was then a largely experimental market, pushing for trade rules to internationalise these reforms. In that pre-internet period, countries such as Japan, the UK and Hong Kong saw no harm in opening up what was a tiny market. Little did those early negotiators know that they were clearing a path for the spread of the internet. Considered an ‘information service’ because it was essentially software run by computers, the internet spread over global telecommunications networks like wildfire. After 20 years, it would swallow up the massive telephone market and transform newspapers, television, radio, publishing and practically every other mode of communication.
The economic roots of internet freedom
Much of the freedom and openness we associate with the internet is not a product of its technology. Many respected scholars have promoted the notion that there is something about the internet’s ‘architecture’ or ‘design’ that magically makes information free. True, the internet’s design made it cheaper and easier to interconnect thousands of different networks and devices. But its technical potential could never have been realised without an open, liberal industry. Without the deregulation of information services, without the market economy in telecommunications, without diversity and competition among providers and free trade agreements that enable content and investment from anywhere in the world, there would be no internet freedom. Internet technology – TCP/IP protocols – can be installed in computers in North Korea, but it won’t make communications in that country free. If a repressive government owns and operates the telecommunications infrastructure, blocks trade in computer and telecom equipment, does not allow a free market for access, devices or services to develop, censors or jails dissident publishers and forces new online businesses to obtain permission to trade online, it’s easy to contain and control the internet.
A counter-revolution in the making?
The internet now dominates our communications environment. But older communication laws, regulations and policies have begun to haunt it. There is a tendency to try to make the internet like the old media, so that governments and interest groups can recreate the kinds of controls they once had. In particular, there are widespread attempts to reassert nation-state authority. In December 2012, the World Conference on International Telecommunications (WCIT) will take place in Dubai. The UN meeting will revise the International Telecommunication Union’s International Telecommunication Regulations (ITRs), a binding treaty intended to ‘facilitat[e] global interconnection and interoperability of telecommunications facilities’. The ITRs were established in 1988 – years before the internet had become a mainstream medium and just as telecommunications liberalisation was in full swing.
The world has changed dramatically in the 25 years since the current ITRs were drafted. Since 1988, the internet’s technical standards community has used open working groups to develop or revise hundreds of new standards and make them available online for free. The ITU’s telecommunication standards development activities, in contrast, have shrunk and its revenue model, based on high membership fees granting exclusive access to official standards documents, has become unpopular. New private sector institutions, such as the Internet Corporation for Assigned Names and Numbers (ICANN) and regional internet registries, allow open public participation and set policy for infrastructure. In the ITU, in contrast, decisions are based on a one-country, one-vote calculus and ordinary internet users, digital rights advocates and civil society are not well represented. The
Dubai conference represents a crossroads for the future of telecommunications: the ITU must update its treaty to take account of the internet or risk slipping into historical irrelevance. It’s as if the internet is now being visited by the ghosts of telecommunications past.
Some alarmists have claimed that proposed revisions to the treaty threaten internet freedom, presenting it as a ‘takeover’ plot by authoritarian governments in the ITU, a premeditated attempt to subjugate the internet to states once and for all. Although these fears have gained an enormous amount of publicity, they are largely unfounded. Aside from polarising the dialogue, they tend to divert attention from the real issues.
The ITU is in no position to assert control over the internet’s domain name or addressing systems or its open standard-setting processes. The ITRs cannot really impose global content regulation. The ITU has no enforcement or policing capabilities; it relies entirely on member states to apply and enforce its rules. No democratic governments will agree to impose Chinese-style censorship on their local internet users simply because of an ITU regulation or guideline. Besides, as the case of China makes clear, national governments already have the authority to censor and regulate internet users if they want to.
The potential dangers emerging from WCIT negotiations are more subtle. Decisions taken during the conference could undermine the economic liberalism of the communications sector. One of the most progressive and important parts of the 1988 regulations was Article 9, a short annex entitled ‘Special Arrangements’. It allowed companies to privately negotiate how ‘special telecommunication networks, systems, and services’ operate. Most agreements concerning internet connections are made possible under this provision. Revised regulations could pull web interconnections into a more burdensome regulatory regime. Some governments and telecom companies (many of which are still monopolies and/or state-owned) want to turn national telecom operators into gatekeepers of internet services, applications and content, which could lead to fragmentation of the internet. Some telephone companies are trying to apply old charging models to internet traffic, as if requesting a web page or video was like making an international telephone call. This could make the internet more expensive for users or stifle business models based on different charging models. It could open the door to charging schemes designed to subsidise national operators at the expense of service providers that rely on the telecommunications infrastructure but do not own it, such as YouTube or Skype.
A more progressive approach would emphasise the gains of liberalisation. Countries should be encouraged to permit multiple, competing service providers and allow them to freely negotiate traffic exchange and content distribution deals. New regulations should affirm the basic principles underlying the World Trade Organisation’s free trade agreements and eliminate all forms of protectionism and national filtering of legitimate information services.
Cyberspace and national security
The Dubai conference will also consider proposals to include cybersecurity in the ITRs. Of course, security problems online are real and do need to be addressed. But it’s questionable whether effective solutions can be included in the new regulations and whether the ITU is the best authority to come up with them.
At best, proposals to address security concerns are unfocused and a bit naïve. Member states are asked to ‘stop spam’, ‘protect data and network integrity’, ‘ensure internet security and stability’ or ‘supervise enterprises operating in their territory’. These proposals reveal the basic disconnect between the security problems of the internet and the ITRs. Cybercrime, spam, and cybersecurity issues involve not just network operations and standards but a complex interaction of hardware standards, software engineering, content and human behaviour. Cybersecurity also relates, of course, to the military, so problems relating to it go far beyond the ITU’s remit and capabilities. Attempts to regulate cybersecurity would vastly expand the scope of the ITU and erase the boundary between information services and telecommunications – with very little likelihood of being effective.
At worst, proposals to deal with cybersecurity reveal nostalgia for the nationally-controlled telecommunications of the pre-internet era. Some proposals would try to prevent international communications that ‘interfere in [states’] internal affairs’ or that undermine ‘sovereignty, national security or territorial integrity’. These proposals have little support, and even if passed could not really shield states from ‘subversive content’ as long as the current liberal information services regime holds in most of the world. But underlying these proposals is an apparent belief that the borderless information flow of the internet is inconsistent with traditional approaches to national sovereignty and security. Even in the US, where the WCIT delegation defends the internet model, the increasingly popular notions of ‘critical infrastructure protection’ and the pursuit of superior cyber warfare capabilities threaten to militarise the internet and push communications back into national walled gardens.
The internet flourished precisely because it was allowed to develop outside a state-dominated political environment where information and communications were seen as instruments of sovereignty, surveillance and power. The new communications and information sector was an instrument of global commerce, free trade, innovation and open culture. Internet freedom advocates must understand and support the economic institutions that made the internet revolution possible. The most important negotiations at WCIT will not be about censoring content or taking over domain registration. They will be about whether the telecommunications revolution will be allowed to continue, or whether it will be pushed in the opposite direction.
©Milton Mueller
Milton Mueller is professor at Syracuse University School of Information Studies and the author of Networks and States: The Global Politics of Internet Governance (MIT Press) revolution in crisis
What can you do?
Index and many other civil society organisations that fight for free speech and internet freedom oppose moves to give the ITU authority over the internet. Join more than 33,000 other citizens from 166 nations and sign here to ask your nation’s leaders to protect global internet freedom
If you are an academic or work for a civil society organisation — join us by signing on here and send the letter to government officials who are participating in the ITU process
7 Nov 2012 | Uncategorized
There are clearly parallels between investigative journalists and artists who reveal uncomfortable truths. But when controversy breaks, artists are much more exposed because they use their own personal language to tell the story, and bring their own experience and imagination into the narrative.
To cater for their needs, Artsfex, the first international civil society network dedicated to promoting free expression for artists, has recently been created.
“When the international community places emphasis on the protection of freedom of speech, it generally focuses on the freedom of media and literature,” says Ole Reitov, Programme Manager at Freemuse and one of Artsfex’s promoters.
International human rights organisations include repression of media and media professionals in their annual and country reports on freedom of expression. However, they rarely document repression of artists or cultural workers.
Reitov adds:
But artistic expression is under pressure from many sides and it is frequently in the centre of conflicts between different interest groups. This is where Artsfex comes in. We hope to be able to not only document violations but support artists at risk.
Artsfex has been designed to join up pockets of campaigning that are often ignited in the wake of controversy, to amplify, reinforce and add weight to the artists’ voice when they stand up to authorities. It aims to facilitate exchange between artists and address that sense of isolation, by bringing people who have been through the fire together with those that are in the thick of it.
The network, which will recruit campaigning organisations and artists networks from around the world, aims to form an executive body that will call governments to account. Index on Censorship is part of this network, which connects, according to Reitov, “a bit over 1,200 organisations all over the world”.
“We have the ambition to analyse the mechanisms and effects of arts censorship,” says Reitov. “Several Artsfex members will take part in a UN meeting on artistic freedom in Geneva in December this year. The UN Special Rapporteur on culture (Farida Shaheed) has decided to make a report on artistic freedom, and all UN member states are now receiving a questionnaire on how they regulate the arts and protect artistic freedom. Our hope is that in the future Artsfex will help keeping governments accountable to their treatment of artists.”
The launch of Artsfex took place against the backdrop All that is banned is desired — the first ever international conference on artistic freedom of expression in Oslo last month.
The conference organisers, Freemuse and Fritt Ord, had decided to turn the platform over exclusively to the stories of practicing artists who had experienced censorship. Over two days, 25 artists from Burma, North Korea, Egypt, Cuba, Russia, Zimbabwe, South Africa, Palestine, Syria, Tunisia, China, Turkey, Tibet and Mali gave their accounts or performed.
Each story told how a play, an album, a painting, an installation, an image or an idea had unleashed extraordinary levels of violence, hostility, threats, and prejudice towards the artist. The aggressors took all forms from corporate community, government or religious groups. Each artist’s decision not to capitulate, to stand up for their right to express themselves brought them into situations of extreme personal danger and harm, risking their life and health, liberty, career, family and community relations.
A man is in solitary confinement, in a tiny, windowless cell. By straining through the bars of his cell, he can just see the edges of moonlight. He paces restlessly and in a moment of inspiration, takes the plastic bowl — the only concession to comfort in his cell — places it carefully just outside the bars and pees into it. As the pee settles, the ripples and bubbles subside, the reflected image of the full moon comes into sharp focus. The prisoner smiles at the moon.
This is the synopsis one of the short films shown at the opening presentation of the conference. The film was made by Burmese comedian, film maker and activist Zarganar, who, with fellow film-maker Min Htin Ko Ko Gyi, told of the power of art and the imagination to withstand brutal treatment by the military junta in Burma.
Bringing these artists together for the first time was an achievement, the result of four years of research and planning. The shared ground between them gave rise to countless connections, forging plans and future collaborations. Four of the participating artists will join an artist roundtable discussion Index has organised in the lead up to our Taking the Offensive conference in London on 29 January 2013 at the Southbank Centre, to defend artistic freedom of expression.
In nearly all cases the artists acknowledged a deep sense of isolation while the media storms, community conflicts and lawsuits raged around and because of them. Despite the support from family, friends, other artists, the theatre or the gallery and in some cases the general public, each artist had to find an extraordinary level of personal courage that was needed to keep going day after day, to stand by the integrity and importance of what they wanted to say.
“Freemuse has already documented more than hundred incidents of arts censorship in the past six months…. My feeling is that this is unfortunately only the tip of the iceberg,” concludes Reitov.
Julia Farrington is Head of Arts at Index on Censorship
1 Aug 2012 | Magazine, News and features
Gore Vidal, who died this week, was often scathing in his attacks on US foreign policy. In April 2002, Index on Censorship magazine was the first English-language publication to feature this essay, written after 9/11
(more…)
