Trade in surveillance
technology raises worries
By Sari Horwitz, Shyamantha Asokan and Julie Tate, Washington Post,
December 1, 2011
Northern Virginia technology entrepreneur Jerry Lucas hosted his first trade show for makers of surveillance gear at the McLean Hilton in May 2002. Thirty-five people attended.
Nine years later, Lucas holds five events annually across the world,
drawing hundreds of vendors and thousands of potential buyers for an industry
that he estimates sells $5 billion of the latest tracking, monitoring and
eavesdropping technology each year. Along the way these events have earned an
evocative nickname: The Wiretappers’ Ball.
The products of what Lucas calls the “lawful intercept” industry are
developed mainly in Western nations such as the United States but are sold
throughout the world with few restrictions. This burgeoning trade has alarmed
human rights activists and privacy advocates, who call for greater regulation
because the technology has ended up in the hands of repressive governments such
as those of Syria, Iran and China.
“You need two things for a dictatorship to survive—propaganda and secret
police,” said Rep. Christopher H. Smith (R-N.J.), who has proposed bills to
restrict the sale of surveillance technology overseas. “Both of those are
enabled in a huge way by the high-tech companies involved.”
But the overwhelming U.S. government response has been to engage in the
event not as a potential regulator, but as a customer.
The list of attendees for this year’s U.S. Wiretappers’ Ball, held in
October at the North Bethesda Marriott Hotel and Conference Center, included
more than 20 federal agencies, Lucas said. Representatives of 43 countries also
were there, he said, as were many people from state and local law enforcement
agencies. Journalists and members of the public were excluded.
On offer were products that allow users to track hundreds of cell phones
at once, read e-mails by the tens of thousands, even get a computer to snap a
picture of its owner and send the image to police—or anyone else who buys the
software. One product uses phony updates for iTunes and other popular programs
to take control of personal computers.
Industry officials say their products are designed for legitimate
purposes, such as tracking terrorists, investigating crimes and allowing
employers to block pornographic and other restricted Web sites at their
offices.
U.S. law generally requires law enforcement agencies to obtain court
orders when intercepting domestic Internet or phone communications. But such restrictions
do not follow products when they are sold overseas.
“This technology is absolutely vital for civilization,” said Lucas,
president of TeleStrategies, which hosts the events, officially called
Intelligent Support Systems World Conferences. “You can’t have a situation
where bad guys can communicate and you bar interception.”
But the surveillance products themselves make no distinction between bad
guys and good guys, only users and targets. Several years of industry sales
brochures provided to The Washington Post by the anti-secrecy group WikiLeaks,
and released publicly Thursday, reveal that many companies are selling
sophisticated tools capable of going far beyond conventional investigative
techniques.
“People are morally outraged by the traditional arms trade, but they
don’t realize that the sale of software and equipment that allows oppressive
regimes to monitor the movements, communications and Internet activity of
entire populations is just as dangerous,” said Eric King of Privacy International,
a London-based group that seeks to limit government surveillance. Sophisticated
surveillance technology “is facilitating detention, torture and execution,” he
said, “and potentially smothering the flames of another Arab Spring.”
Demand for surveillance tools surged after the Sept. 11, 2001, attacks,
as rising security concerns coincided with the spread of cellphones, Skype,
social media and other technologies that made it easier for people to
communicate—and easier for governments and companies to eavesdrop on a mass
scale.
The surveillance industry conferences are in Prague, Dubai, Brasilia,
the Washington area and Kuala Lumpur, whose event starts Tuesday. The most
popular conference, with about 1,300 attendees, was in Dubai this year. Middle
Eastern governments, for whom the Arab Spring was “a wake-up call,” are the
most avid buyers of surveillance software and equipment, Lucas said. Any
customers who come to the event are free to buy the products there.
“When you’re selling to a government, you lose control of what the
government is going to do with it,” Lucas said. “It’s like selling guns to
people. Some are going to defend themselves. Some are going to commit crimes.”
The brochures collected by WikiLeaks make clear that few forms of
electronic communication are beyond the reach of available surveillance tools.
Although some simple products cost just a few hundred dollars and can be
purchased on eBay or Amazon, the technology sold at the trade shows often costs
hundreds of thousands or millions of dollars. Customization and on-site
training can provide years of revenue for companies.
One German company, DigiTask, offers a suitcase-sized device capable of
monitoring the Web traffic of users at public WiFi hotspots such as cafes,
airports and hotel lobbies. A lawyer representing the company, Winfried
Seibert, declined to elaborate on its products.
The FinFisher program, which creates fake updates for iTunes, Adobe
Acrobat and other programs, was produced by a British company, Gamma
International. The Wall Street Journal reported on this product, and several
other surveillance tools described in sales brochures, in an article last
month. Apple said it altered iTunes to block FinFisher intrusions Nov. 14.
A Gamma spokesman, Peter Lloyd, said that FinFisher is a vital
investigative tool for law enforcement agencies and that the company complies
with British law. “Gamma does not approve or encourage any misuse of its
products and is not aware of any such misuse,” he said.
The WikiLeaks documents, which the group also provided to several
European news organizations and one in India, do not reveal the names of
buyers. But when “Arab Spring” revolutionaries took control of state security
agencies in Tunisia, Egypt and Libya, they found that Western surveillance technology
had been used to monitor political activists.
“We are seeing a growing number of repressive regimes get hold of the
latest, greatest Western technologies and use them to spy on their own citizens
for the purpose of quashing peaceful political dissent or even information that
would allow citizens to know what is happening in their communities,” said
Michael Posner, assistant secretary of state for human rights, in a speech last
month in California.
The spread of such technology is not limited to the Middle East. A
federal lawsuit filed in May accuses Cisco Systems, a Silicon Valley company,
of helping China monitor the Falun Gong spiritual group.
The lawsuit, filed by the U.S.-based Human Rights Law Foundation,
alleges that Cisco helped design and provide equipment for China’s “Golden
Shield,” a firewall that censors the Internet and tracks government opponents.
Cisco has acknowledged that it sells routers, which are standard building
blocks for any Internet connection, to China. But it denies the allegations in
the suit.
A State Department official was pessimistic that government regulation
could curb a fast-changing technology sector. “We’ve lost,” said the official,
who spoke on the condition of anonymity. “If the technology people are selling
at these conferences gets into the hands of bad people, all we can do is raise
the costs. We can’t
completely protect activists or anyone from this.”
