What has long been an EFF issue is once again making headlines. In recent days, the world is seeing damning reports of authoritarian regimes spying on their citizens using American- and European-made surveillance technologies, with new evidence emerging from Bahrain, Libya, Syria, and Thailand.
Last week, Bloomberg reported on Bahrain’s use of Nokia-Siemens surveillance software to intercept messages and gather information on human rights activists, resulting in their arrest and torture. A Wall Street Journal article published this week alleges the use of products in Libya created by the French company Amesys and the South African firm VASTech SA Pty Ltd. New evidence uncovered by hacktivists suggests that American-made Bluecoat technologies have been used for deep packet inspection by Syrian authorities, and a report from Reporters Without Borders alleges that Canadian web hosting company Netfirms, Inc., which also has offices in the United States, turned over sensitive information about a US citizen of Thai origin that resulted in his arrest upon entering Thailand.
In the past, EFF has documented the sale of surveillance equipment by several companies, including Cisco and Nortel, to China. Two ongoing cases allege that surveillance technology sold to China by Cisco enabled human rights violations.
What's chillingly clear is that significant portions of the worldwide Internet are under surveillance using invasive technologies produced by American and European companies, who are in large part free to export technology that could be used for censorship or surveillance. The general lack of meaningful controls means that the privacy and safety of individuals has been left to corporations, through the promotion of the "corporate social responsibility" concept, and also through the rule of law. But clearly, important questions remain about the kind of pressure that it takes for corporate social responsibility to be meaningful, as well as the validity in relying on the rule of law in countries where it is weak or non-existent.
In 2010, we applauded the stance of Secretary of State Hillary Clinton in calling on American companies to take a principled stand and urging U.S. companies to take “a proactive role in challenging foreign governments’ demands for censorship and surveillance”. We also noted her endorsement of the Global Network Initiative, which brings together companies like Google, Yahoo and Microsoft and organizations like EFF, the Committee to Protect Journalists, and Human Rights Watch to address issues of privacy and free expression.
But despite progress on these issues from social networking sites, we have seen few changes in respect to the sale of surveillance and filtering tools to authoritarian regimes by companies based in the United States and other democratic countries. Leading companies like Cisco are in the process of developing policies to help guide their business choices, but even those policies feel flat when the end result is still censorship and surveillance. And that's just Cisco – there's little public evidence of smaller technology companies incorporating human rights into the decision-making process.
Or as researcher Evgeny Morozov asks in a New York Times op-ed published today, “Left uncontrolled, Western surveillance tools could undermine the “Internet freedom” agenda in the same way arms exports undermine Western-led peace initiatives. How many activists, finding themselves confronted with information collected using Western technology, would trust the pronouncements of Western governments again?”