The Iranian government tracked the movements of journalist Isa Saharkhiz using lawful intercept technology purchased from Nokia Siemens. He is currently a prisoner of conscience in an Iranian detention facility.
When Iranian officials raided the house of pro-democracy journalist Isa Saharkhiz in Tehran on June 20th, 2009, they appeared to have come up empty handed. He’d been traveling in the North, and published an article condemning the 2009 Iranian presidential election as well as the Supreme Leader, Ayatollah Sayed ’Ali Khamenei. He learned from his family that the regime was hunting him, and made preparations to leave the country. But while he was in hiding the Iranian government tracked his cell phone, using lawful intercept technology that Nokia Siemens Networks provided. He was eventually captured, and is currently a prisoner of conscience in an Iranian detention facility.
Iranian law stipulates that a defendant can only be detained up to two months while his case is investigated. Saharkhiz has been imprisoned for two and a half years, has reportedly been held in solitary confinement for up to 70 days, and has been beaten and tortured. Among other health problems, Saharkhiz has sustained trauma to three vertebrae in his spine, which could lead to paralysis.
Isa Saharkhiz’ son, Mehdi, has been advocating for his father’s release in the United States. He brought a lawsuit against Nokia for outfitting the Iranian government with the means to suppress free speech. It was rejected. Nokia accurately claimed they had not exported illegal surveillance technology. In a press release the company said, “It is true that all modern mobile communications networks include a lawful interception capability; this capability became a standard feature at the insistence of the United States and European nations.”
Isa Saharkhiz is one of many dissidents who have wound up on the wrong side of lawful intercept technology, a popular venture for tech firms after the PATRIOT Act was passed in 2001. The act required telecommunication companies to cooperate with government requests for information that could be used to track terrorists. It spawned a new industry.
The Arab Spring has illuminated new depths within this industry. While lawful intercept technology purports to fight child pornography and terrorism, it has instead been used to track social media users, bloggers, journalists, and editors who chose to support freedom of speech. As a result, figures such as Isa Saharkhiz have been detained, tortured, or murdered in the widely publicized revolts.
There is a vast conflict surrounding this industry. On one side are those involved in facilitating the production and distribution of lawful intercept technology. On the other side are those who render this technology ineffective in order to prevent oppressive regimes from suppressing free speech. While the Saharkhiz family failed to bring a lawsuit against Nokia Siemens for the imprisonment of Isa Saharkhiz, the PR disaster it created, coupled with increasing government sanctions, has led Nokia to gradually phase out its business in Iran, beginning January 1, 2012.
There are still over one hundred lawful intercept companies from around the world that produce and distribute this technology. While this article is not a comprehensive account of the conflict between those who promote L.I. technology and their counterparts, it does highlight the main characters and clashes of 2011.
Internet Advocate: Telecomix
Logo of cyberactivist group Telecomix
Telecomix is a volunteer organization that has supported free speech and an open Internet in the Middle East. This group has many ways of subverting regimes and rendering their technology ineffective. Telecomix provides dissidents with applications like Tor, TrueCrypt, and other anonymity devices along with channels designed to export protesters’ tweets when the Internet shuts down. When Egypt lost Internet in January, Telecomix convinced a French and Dutch Internet Service Provider to turn their old modems back on to provide dial-up to Egyptian citizens. The organization even communicated with protesters via radio with Morse code.
Ameer, a Syrian blogger and activist who I spoke to in December 2011, has benefited from Telecomix’s efforts. They provided him with an anonymity program that allows him to maintain his English-language blog. Ameer said, “I can’t do anything without the anonymity tools, it’s very dangerous,” and called Telecomix “24/7 technical support” for the Syrian revolution. One of his blog entries reveals how the regime tortured protesters for their Facebook passwords.
Most notably, last year Telecomix revealed evidence of California-made intercept software being used to censor and track Syrian rebels like Ameer. The discovery has led to a federal investigation into the manufacturer, Blue Coat.
Lawful Intercept: Blue Coat
Blue Coat software has been linked with the Syrian regime
Blue Coat, based in Sunnyvale, California, describes itself as a company that offers solutions “to optimize and secure the flow of information to any user, on any network, anywhere.” The firm has been accused of selling one of their solutions to the government of Bashar al-Assad in Syria.
In 2007 Blue Coat delivered a talk at an Intelligence Support Systems for Lawful Interception (ISS) conference in Dubai. The talk was entitled “Practical Examples of Lawful Interception,” and it focused on “blocking pornographic content across the Middle East, Internet Watch Foundation blocking of child pornography in Europe and sites that promote terrorism.” However, Telecomix revealed that the Syrian government was using Blue Coat products to capture political dissidents. The tech firm found itself with a public relations problem and a pending federal investigation. Blue Coat hired McDermott, Will and Emory, a prestigious law firm, to lobby for them after the Syria logs were released.
Blue Coat claimed ignorance of their software’s use in Syria, believing the product had been destined for the Iraqi government, and sold the company that was under investigation to the private equity firm Thoma Bravo and the Ontario Teachers Pension Plan for $1.3 billion, a 48% premium on the stock’s closing price. The use of Blue Coat technology has also been found in Burma, another regime infamous for crimes against human rights.
Internet Advocate: Chris Smith
Chris Smith, Republican congressman from New Jersey
Chris Smith is a Republican representative for New Jersey who contributes to the resistance of the surveillance market. In 2006 he proposed the Global Online Freedom Act, which is “designed to help democratic activists and human rights defenders by creating a new transparency standard for U.S. Internet companies.” The bill also restricts the flow of U.S. technology to repressive regimes. Since 2006 the bill has undergone multiple revisions and is currently in committee.
In his remarks to the House, Smith foregrounded the bill saying, “In the past five or six years the Internet has been transformed from a freedom plaza to dictator’s best friend. Every day we learn of more democratic activists being arrested through the use of a growing array of Internet censorship and surveillance tools that are abused by the governments of China, Belarus, Egypt, Syria and many other countries around the world. The stakes are life and death for online activists and they deserve our support and protection.”
The Global Online Freedom Act will affect not only U.S. tech companies, but all tech companies listed on the U.S. stock exchange, a fact that has flustered the Russian government (expectedly, perhaps, as Russia holds national contests for the development of sophisticated surveillance technology). The bill’s potential to regulate an expanding industry has made it an unpopular one in the States and abroad.
Lawful Intercept: Jerry Lucas
TeleStrategies, led by Jerry Lucas, hosts the international surveillance trade show, ISS World
Jerry Lucas is the president of TeleStrategies–a producer of telecommunications conference events in the United States, and host of the international surveillance trade show, ISS World. In 2002 Lucas launched the first ISS show, termed the “Wiretappers’ Ball,” to a crowd of three-dozen. The most recent event boasted 1,300 attendees, and while it has evolved into the central event for the growing industry, it has maintained secrecy by denying access to the public and media.
The Guardian quoted some of Lucas’ responses to questions concerning the ethics of the industry: “The surveillance that we display in our conferences, and discuss how to use, is available to any country in the world…Do some countries use this technology to suppress political statements? Yes, I would say that’s probably fair to say. But who are the vendors to say that the technology is not being used for good, as well as for what you would consider not so good? [It’s] just not my job to determine who’s a bad country and who’s a good country. That’s not our business, we’re not politicians… We’re a for-profit company. Our business is bringing governments together who want to buy this technology.”
Jerry Lucas suggests that a for-profit company is interested in earning its profit, rather than self-regulating. So what has the government’s role been? In a Fresh Air interview Bloomberg News reporter Ben Elgin, stated that “the U.S. government has been much more a customer on this subject than they have been a regulator.” He cites multiple U.S. agencies in attendance at the Wiretapper’s Ball, from “the FBI to the Fish and Wildlife Service.” As for the existing regulations, the Washington Post reports, “Some products need to be used in combination with other equipment in order to eavesdrop…Daniel Minutillo, a Silicon Valley-based lawyer who advises technology companies, said that in most cases his clients can show that their products have multiple uses, making them exempt from export licensing rules.”
Internet Advocate: Jacob Appelbaum
Jacob Appelbaum, WikiLeaks hacktivist
Jacob Appelbaum is a prolific hacktivist and member of WikiLeaks. He had the audacity to attempt a presentation at the 10th Wiretappers’ Ball this past October. He was intent on discussing Tor Project, an anonymity program he helped develop and Telecomix helped distribute to dissidents in the Arab Spring. Tor lets users evade the same surveillance technology developed by many of the firms attending the ball. He was ejected from the event after a member of one of the surveillance companies complained about his presence. Appelbaum said of the industry: “These people are not unlike mercenaries. The companies don’t care about anything, except what the law says. In this case, if the law’s ambiguous, they’ll do whatever the law doesn’t explicitly deny. It’s all about money for them.”
He went on to address the common argument these firms make—that surveillance is good for us, “This tactical exploitation stuff, where they’re breaking into people’s computers, bugging them … they make these arguments that it’s good, that it saves lives,” he said. “But we have examples that show this is not true. I was just in Tunisia a couple of days ago and I met people who told me that posting on Facebook resulted in death squads showing up in your house.”
Appelbaum has run into some trouble with law enforcement over the last two years, at least in part for his involvement with WikiLeaks. He is a volunteer for the controversial organization and provides Tor to individuals so that they can anonymously submit secret information. He has been detained in two U.S. airports where his computers and phones have been confiscated. The U.S. government obtained a questionable court order, invoking the Electronic Communications Privacy Act from 1986, to gain access to Appelbaum’s Google and Twitter accounts. The court order has led many to call for an update to the legislation, which was conceived before the Internet was fully developed. An update of the bill has been referred to the Senate committee on the Judiciary.
Lawful Intercept: Gamma Group
Gamma Group International, established in 1990, provides technical surveillance to national and state intelligence departments and law enforcement agencies. Gamma describes itself as a European-based company with its headquarters in the United Kingdom and subsidiary offices in Germany, the Middle East, and South East Asia.
Finfisher, part of Gamma Group, has developed a surveillance product called Finspy. WikiLeaks recently revealed a promotional video of theirs that outlines the various intrusion techniques Finspy provides. Perhaps the most startling aspect of Finspy is its ability to send a fake iTunes update to a target user and receive full access to the user’s computer—including the ability to activate the camera and microphone in order to hear and watch from a host computer—once the target has accepted the update. Apple, the company that produces iTunes, said it corrected the software to prevent these attacks on November 14th.
Finspy software can also be installed onto a terminal in an Internet café in order to record all traffic. With Finspy, an agent can sit in a hotel lobby and access the data of anyone connected to the same network. Its users can infect computers with a USB drive or via LAN. They can send a fake update to infect a mobile phone or even track anyone connected to an Internet Service Provider.
Gamma Group is a private company that legally sells its software and hardware to anyone who can afford the price tag. While the company suggests their products are integral for law enforcement agencies, a Gamma Group invoice totaling €287,000 from June 2010 was found in Egypt’s State Security Intelligence compound—a detainment center notorious for torturing protesters.
In an interview with German public radio station NDR, Appelbaum described the real world application of this technology, “I have a friend in Egypt whose personal photos were in the [government’s] files. How did those get there? Well they got there because these people took her phone, or took the contents of her phone, and put it in a file. And she raided their office [along with hundreds of protesters on March 5] to find her own file.”
But why is it so important for the government to access the call logs or social network profiles of political dissidents? According to Appelbaum, “What they were doing was massively intercepting and understanding who was in places at certain times, so they could step up and use physical surveillance and physical intimidation, so they could jail people without a trial, so they could torture people for their passwords…to extract social network information and be able to track down people who were hubs in a graph. If you look at a social network graph there are people who sit in the middle of many other people and if you attack those, the social structures for support fall apart.”
When contacted by the Guardian, Gamma International said in a statement: “Gamma International UK manufactures equipment for dealing with security related threats and it supplies only to governments…Gamma International UK has not supplied any of its Finfisher suite of products or related training etc. to the Egyptian government.” Gamma said it “complies, in all its dealings, with all relevant UK legislation and regulation.” Click here to read the Gamma Group invoice.
Internet Advocate: Julian Assange, WikiLeaks
Julian Assange, WikiLeaks founder
Julian Assange is the editor-in-chief and founder of WikiLeaks. On December 1, 2011, WikiLeaks released 287 files from companies that produce L.I. technology. Among other documents, the “Spy Files” include newsletters, promotional videos and brochures on Gamma Group’s Finspy programs, and a copy of a contract between French-based lawful interceptor Amesys and the Libyan government.
The Spy Files cover the activities of over 90 companies, including Nokia Siemens (GR), Blue Coat (US), and Gamma Group (UK). With the assistance of European news organization Owni, WikiLeaks also constructed an interactive map cataloguing the surveillance companies, their products, and location. According to the map, there are 32 companies in the United States that sell software designed to monitor internet activity, text messages, and phone calls, and allow users to analyze a target’s voice and track them using GPS.
The WikiLeaks report sums the problem up: “International surveillance companies are based in the more technologically sophisticated countries and they sell their technology to every country of the world. This industry is, in practice, unregulated. Intelligence agencies, military forces and police authorities are able to silently, on mass, and secretly intercept calls and take over computers without the help or knowledge of telecommunication providers. Users’ physical locations can be tracked if they are carrying a mobile phone, even if it is only on stand-by.”
Lawful Intercept: Tatiana Lucas
Tatiana Lucas is the World Programs Director for ISS. After WikiLeaks released the Spy Files, the Wall Street Journal ran a story revealing some of the more secretive aspects of the surveillance industry. In response, Tatiana Lucas wrote a letter to the editor arguing that the condemnatory article was hurting American job growth. “Attention of this kind makes U.S. manufacturers gun shy about developing, and eventually exporting, anything that can remotely be used to support government surveillance,” Lucas wrote.
“We expect that most countries outside the U.S. and Western Europe will begin to place intercept mandates on social networks, especially following the Arab Spring.” — Tatiana Lucas, ISS World Programs Director
The letter goes on to say, “Based on our work with customers from around the globe, we expect that most countries outside the U.S. and Western Europe will begin to place intercept mandates on social networks, especially following the Arab Spring.”
That is to say, now that political leaders have seen what a powerful tool social media can be for opposition movements, demand is growing for new technology to penetrate Internet security.
“This would give U.S. companies an opportunity to develop such tools and thus create jobs,” Lucas says. “We are concerned that the article and others like it contribute to an atmosphere where Congress isn’t likely to pass an updated lawful-interception law that would require social-networking companies to deploy special features to support law enforcement. Without the update, the opportunity for U.S. companies to develop and launch intercept products domestically for eventual export will be greatly curtailed.”
