Software allows repressive governments to track and monitor the movements of dissidents.
As protesters in the Middle East use social media to organize and communicate, the regimes they're battling are using sophisticated technology to intercept their emails, text messages and cellphone calls.
On Wednesday's Fresh Air, journalist Ben Elgin talks about a Bloomberg News series, "Wired for Repression," which details how Western companies are selling surveillance technology to regimes including Iran, Syria, Bahrain and Tunisia.
Those regimes have then used the information obtained from those technologies to torture protesters and dissidents, Elgin tells Fresh Air contributor Dave Davies.
"[One Iranian engineer] became caught up in the protest movements after the election of 2009 and he was arrested. He was beaten and put into prison and interrogated 14 times over 50 days," Elgin says. "During these interrogations, not only was he presented with [his] text message transcripts; he was presented with a very sophisticated diagram of who he had called, and then who those people had called. And he was interrogated on every connection within his network of contacts."
The engineer had worked for Ericsson AB, where he had helped install the systems that would later be used in his interrogations.
"The damage that can be done was suddenly very clear to him," Elgin says. "And that led him to want him to talk [to me]. [He] has since fled [Iran], which has made it easier for him."
Monitoring All Movement And Communication
Some of the surveillance technology installed allows governments to monitor all movements and mobile communication made by protesters, many of whom communicate by text messages and cellphone calls.
"Some of these regimes are utilizing very sophisticated text message analysis systems," Elgin says. "So basically [they can read] all text messages sent. And text messages are far more ubiquitous in places like Iran and Syria than Internet access. All text messages being sent are being archived and stored in an enormous archive system. And authorities can then come in later and search — by recipient, by sender, by content. ... And all these text messages will come back."
Elgin and his colleague Vernon Silver discovered that Western companies have supplied much of the technology used by repressive regimes.
"These are very secretive deals," he says. "Companies do not want to be known as the supplier of message filtering and monitoring software to the Assad regime in Syria or the Iran government authorities. But what we've really focused on is trying to follow this technology and figure out who exactly supplied this technology to these regimes, how did it get there, and how has it been used against these activists. And what we found are a number of European and U.S. companies have supplied very important pieces of this technology."
In Syria, government officials recently tested an Internet surveillance system to monitor email and traffic online. The system was primarily developed by an Italian firm but also had key components from an American company called NetApp Inc., based in Sunnyvale, Calif.
"They provide storage and the archival system which is usually important, particularly for an Internet surveillance system," Elgin says. "Basically, this system is copying the emails — scanning across the network — and they put them in a searchable database, so authorities can then come and do searches of this at a later date."
According to the documents Elgin saw, the NetApp component in the surveillance system was priced at 2.75 million euros, which is close to $4 million.
"This was a significant deal," Elgin says. "NetApp, for their part, said, 'Look, we have no idea how that got into Syria. We just don't understand how this happened and we're willing to cooperate with government authorities.' It was a very terse and short statement that they made and they since haven't followed up and were unwilling to tell us, for instance, who the supposed customer was here, and who, in fact, is the customer on the software license or the warranty. But it's a pretty common explanation that we've heard from U.S. companies. They say, 'We just don't know. We don't know how our stuff got into Syria or Iran.' "
It's perfectly legal for American companies to sell components to Italian firms. But it's illegal for American companies to sell their components to Syria.
"So basically they're saying, 'We sold it to Point B. We have no idea how it got to Point C,' " Elgin says.
A Booming Industry
The surveillance industry is booming, Elgin says, with some analysts estimating that the sector brings in between $3 billion and $5 billion a year. A recent surveillance trade show — which is not open to the public — was attended by 1,300 people, with representatives from 35 U.S. federal agencies.
"Some of the sessions at these shows are just remarkable," Elgin says. "They do publish the agenda online so you can see the types of things that they talk about. In an upcoming show in Dubai in February, there's a session on government IT hacking, on how governments can essentially penetrate the computers or cellphones of would-be targets — their citizens. ... There was another panel on social network analysis. I think governments are really wary of Facebook and social networking sites. They want to be able to tape in and analyze and mine this data and figure out who the key players are, and how to make sense of this mishmash of connections."
He says authorities from around the globe are also troubled by Skype because it's an encrypted way to communicate.
"If you're sitting out on the network, it's very difficult to determine what is being said during a Skype conversation," he says. "So one way around that is to put some intrusion technology on the target's computer. So basically you're seeing all the keystrokes and hearing all the conversation before it becomes encrypted. There are some technologies that boast about their abilities to do this."
Elgin mentions a U.K. company called Gamma Group which has created a piece of software called FinFisher, which can get on computers through fake iTunes updates.
"So somebody thinks they're downloading a piece of software off the Internet but instead they're downloading this piece of spyware and now the government has full access to everything they type [and] everything they say," he says. "[And] not only is this piece of code on a computer logging every keystroke and everything being said, but they also boast about their ability to activate the webcam or activate the computer's microphone without the target knowing about it."
FinFisher, which is distributed by a German partner, was tested in Egypt.
"This type of technology is showing up in a lot of places," Elgin says. "In the case of Iran, laws are being implemented — one in 2010 would bar [U.S.] technology that is primarily used for these repressive purposes. So these laws are there, but there isn't much oversight, there isn't much going on. ... There have been no companies identified for selling this stuff, and the U.S. [Government] Accountability Office was charged with trying to research who is supplying this stuff to Iran and basically said, 'We can't identify anybody and there's no way for us to identify this.' "
Elgin says human-rights groups and online activists have increased pressure on Western governments to try to stop surveillance companies from developing relationships with oppressive regimes.
"The E.U. just adopted some new legislation earlier this month which basically prohibits the sale or export of surveillance or monitoring technology into Syria," he says. "So we're seeing the rules evolve and get a little bit stronger, inch by inch."