The European Union (EU) has cracked down on the sale of surveillance technology to Syria that would enable the Syrian government to intercept text messages and peruse e-mail content of any of its citizens. Syria has been in the grips of severe crisis since mid-2011 after President Bashar al-Assad launched a bloody crackdown in response to pro-reform protests, and the EU fears Syrian authorities could use technology transfers to intensify abuse or to provide evidence for prosecutions.
In the EU regulation No. 36/2012, dated 18 January 2012, the ban on surveillance technology covers the “sale, maintenance and updates of systems for ‘deep-packet inspection’ of e-mail contents, remote infection of computers, speaker recognition, ‘tactical’ interception of text messages,” and many more technologies.
The regulation is meant to stop human rights violations “during a crackdown that’s killed more than 5,000 people.”
The EU regulation states: “In view of the continued brutal repression and violation of human rights by the Government of Syria, Council Decision 2011/782/CFSP provides for additional measures, namely a prohibition on the export of telecommunications monitoring equipment for use by the Syrian regime, a prohibition on the participation in certain infrastructure projects and investment in such projects, and additional restrictions on the transfers of funds and the provision of financial services.”
In Chapter II of the EU regulation, Article 4 for export and import restrictions, paragraph 3, prohibitions include the “equipment, technology or software which may be used for the monitoring or interception of internet or telephone communications.”
It was reported in early November by Bloomberg News that Italian company Area SpA built a “surveillance system that would have given Syrian President Bashar al-Assad’s regime the power to intercept, scan and catalog virtually every e-mail” that traversed cyberspace in Syria. After the report aired, Area SpA exited the deal and said that the system, which was slated to include components originating from German, French and American companies, would not be completed.
Member states will have “authority to permit exceptions to export” equipment, but if it would be used by the “Syrian government for monitoring or intercepting communications,” they would be banned from doing so. The regulation states that member states have to inform the EU of exceptions within four weeks of granting them.
Some companies have already encountered stakeholder resistance to their business dealings with Syria.
According to online activist group Telecomix, Blue Coat Systems, Inc. (BCSI), a US company, filtered websites inside Syria in early 2011. In December 2011, BCSI stated on its website that it reviewed its data and agreed that the potential for some of its’ appliances could be in Syria, thereby prompting the company to perform an internal review of shipments to see if they were illegally diverted to the country. BCSI provided the US Department of Commerce’s Bureau of Industry and Security (BIS) with the information for review. BIS announced that the appliances were “transshipped” and “have been the subject of recent press reporting related to their potential use by the Syrian government to block pro-democracy websites and identify pro-democracy activists as part of Syria’s brutal crackdown.”
“Blue Coat is lying to everyone about Syria,” said Jacob Applebaum, a Tor researcher. “They know exactly where serial numbers are being used because of a phone home process.” The process doesn’t allow Blue Coat devices to be in use without the company’s knowledge.
Blue Coat has stated that it will continue is “cooperation with appropriate government agencies to develop evidence on the unlawful diversion of any” of its products.
Area SpA defines itself as the leading Italian provider of “technology solutions to support Law Enforcement Agencies in interception activities.” The Italian firm reportedly has an agreement with the Syrian government to help the Syrians track and analyze data on mobile phones, traditional landline telephones and the Internet as well as providing training for government agents. Concerns that the company’s activities may be contributing to human rights abuses have yet to result in any serious legal questioning. Area SpA uses equipment from Germany’s Utimaco Safeware AG and France’s Qosmos SA, as well as NetApp, Inc., a US company.
This is not the first time sales of technology to repressive governments have drawn the ire of human rights stakeholders. When post-election protests erupted in Iran during the summer of 2009 and authorities were able to monitor calls and text messages, and again in 2011 when Bahraini authorities reportedly used information gleaned via technology purchased from Western companies to coerce confessions from pro-reform demonstrators, human rights stakeholders cried foul.
The issue, according to Rebecca McKinnon, is one of “amoral technology being used for immoral purposes has been exacerbated in the Internet age. As long as engineers and companies claim to have no responsibility for the political context in which their inventions and products are used, the problem is going to grow worse.”