US-based Internet Surveillance Technology Used by Authoritarian Regimes
TUESDAY JANUARY 29, 2013
Less than two months of research, completed by the University of Toronto’s Citizen Lab, confirms that almost 400 American-made Blue Coat Systems appliances, engineered to filter, record and censor information on the Internet, are being used in several countries known for their authoritarian regimes. American-based Blue Coat Systems is a leading provider of appliances such as these.
Ignited by a 2011 discovery that Syria possessed such technologies, Citizen Lab, a research team co-lead by Morgan Marquis-Boire and Jakub Dalek, published a January report this year, entitled “Planet Blue Coat,” highlighting Blue Coat System’s contributions to impeding human rights and repressing potential opposition throughout the Middle East and Asia.
The story broke international news in 2011, when the Swedish hacker group, Telecomix, first discovered a number of Blue Coat Systems’ appliances being used by the Syrian government. By tracing Internet protocol addresses from known Syrian government officials, the hacker group was able to identify some of them as coming from Blue Coat devices
Initially, Blue Coat Systems denied these claims by stating, “Blue Coat does not sell to Syria and neither do we provide any kind of technical support, professional services or software maintenance. To our knowledge, we do not have any customers in Syria.”
But faced with irrefutable evidence, the company eventually acknowledged that 13 of their devices were indeed in the hands of the Syrian government.
“In the case of Syria, all data was gathered remotely and no field research within the country was conducted. Evidence was gathered through network scans of publicly accessible servers in the IP address ranges of the Syrian Telecommunications Establishment,” stated in Citizen Lab’s initial report in 2011. HTTP header data, Blue Coat IP addresses and security certificates all pointed to the presence of Blue Coat devices within the Syrian government’s telecommunications department.
The unwinding story
Though Blue Coat Systems admitted to their mistake of 13 “lost” devices, a research project funded by the University of Toronto’s Citizen Lab, which began in December 2012 and concluded a month later, evidenced a total of 377 Blue Coat devices to be illegally distributed to countries considered embargoed by the U.S. government.
In addition to Syria, the group found Egypt, Kuwait, Qatar, Saudi Arabia and the United Arab Emirates to possess 61 of the company’s ProxySG, while Afghanistan, Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey and Venezuela possess 316 of its PacketShaper appliance; both appliances are means of controlling web traffic.
Citizen Lab concluded the reports by stating that its “findings support the need for national and international scrutiny of Blue Coat implementations in the countries identified, and a closer look at the global proliferation of ‘dual-use’ information and communication technologies.”
The ambiguous nature, or “dual-use”, of these devices presents challenges. Blue Coat technology is described as “world-class protection” that allows users to recover lost data, inspect and validate encrypted traffic, manage bandwidth and capture the highest level of computing power, as stated on the company’s website. With respect to Internet security and protection, Blue Coat technology provides benefits to a digital society; this technology’s ability to provide Internet transparency, security and efficiency reinforces its advantages. However, its capability to be used for otherwise despotic means requires much scrutiny and oversight of its application.
An exploding market
The surveillance technology market has grown into a $5 billion industry over the past decade, according to a 2011 report conducted by Privacy International. Due to a “wholesale failure of governments and regulators to intervene,” industry leaders like Blue Coat Systems, Cisco and McAfee have seen profits skyrocket. It is for this reason that groups like Privacy International work to increase public awareness of the surveillance industry and to secure its transparency and regulation.
Privacy International’s Head of Research, Eric King, highlights one of the industry’s essential characteristics: “When we first compiled the ‘Big Brother Incorporated’ list in partnership with the Bureau of Investigative Journalism back in November, we’d remarked on the significant number of companies based in the United States and the United Kingdom… There were 21 British companies on our list – as many as the Chinese, Russian, Canadian, Indian and Israeli companies combined. The U.S. topped the list with 48 companies, meaning that over a third of the companies we contacted were American, and Germany took third place with 12 companies.” He continued to state that this statistic confirmed suspicions that “repressive regimes tend to buy equipment and software from the U.S. and from certain European countries, where the industry is more sophisticated and prolific, rather than manufacturing it domestically… [meaning] that any action taken by the U.S., UK or German governments to control exports of surveillance technology would have a significant impact in terms of limiting the kinds of equipment repressive regimes would be able to get their hands on.”
Writing for the periodical Canadian Business, Chris MacDonald argues for both social responsibility and accountability on the part of the surveillance technology industry. He writes, “whatever a socially responsible company does, it certainly owes society two things… an attempt to make sure that its presence among us actually does some good-that it’s not just meeting some demand, but actually contributing to human well-being… [and] accountability, a willingness to stand up and explain its own behaviour.” Likewise, MacDonald concludes that “any business that loses sight of that risks undermining the moral justification for its own existence.”
For companies like Blue Coat Systems to accomplish this, they would need to publicly define the function of their products and stand against abuses. When the spread of knowledge relies heavily on the capabilities of the Internet, complete accessibility is paramount.