Sunday

19th Feb 2017

Focus

EU companies banned from selling spyware to repressive regimes

  • The European Parliament wants to clamp down on exports of surveillance technology (Photo: Helena Spongenberg)

European companies selling online surveillance technology have come under increasing criticism from NGOs and the European Parliament after it emerged their products had helped regimes in Iran, Egypt and Libya to clamp down on protesters.

"We need to ask for more transparency from companies before they actually sell these technologies. It's not about sanctions and trade restrictions, it's about making sure the new technologies are not systematically used to repress citizens," Dutch Liberal MEP Marietje Schaake told this website after the European Parliament last month approved banning spyware exports to repressive regimes.

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

Following the democratic uprisings in the Arab world, several European companies found themselves under fire from NGOs and the media for being careless about where their technology ends up. French and US technology, for example, had been used extensively by Libya's dictator Moammar Gaddafi for spying on the online activities of opposition activists.

An investigation by the Wall Street Journal into the deserted compound of Gaddafi's secret police in Tripoli found a monitoring centre "lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA."

Amesys admits it equipped the monitoring centre in 2008, but insists that it did nothing illegal and points to the rapprochement between Western powers and the Libyan dictator at the time.

"The contract was related to the making available of analysis hardware concerning a small fraction of the Internet lines installed at that time (a few thousand). This did not include either Internet communications via satellite (as used in Internet cafes), encrypted data such as Skype-type communications, or filtering of Web sites. In addition, the hardware used did not allow for the monitoring of either fixed or mobile telephone lines," a statement from the French company reads.

But according to the Wall Street Journal, Amesys "equipped the centre with 'deep packet inspection' technology, one of the most intrusive techniques for snooping on people's online activities." One file seen by the US paper, dating back to February, the early stage of the anti-Gaddafi protests, includes a 16-minute Yahoo chat between a man and a woman, in which he worries that he has become a target as "the Gaddafi forces are writing lists of names." He tells her he will go into hiding and phone her from a new number.

Amesys was also singled out in a recent report by Freedom House, an international NGO promoting freedom on the internet. Italian and British firms are also accused of having sold online spying software to Middle Eastern and North African countries.

"Britain’s Gamma International provided its product FinSpy to Egypt’s security service, which used the product to monitor dissidents’ online activities.  This spyware infects the computers of dissidents and allows the security service to capture key strokes and intercept audio streams, even when the dissidents are using encrypted email or voice communications such as Skype. The Italian company HackingTeam has sold software to security agencies in the Middle East and North Africa that bypasses Skype’s encryption and captures audio streams from a computer’s memory," the paper reads.

HackingTeam's only product is the Remote Control System, which according to its brochure "bypasses protection systems such as antivirus, antispyware and personal firewalls" and tracks emails, SMS-es, online activity and can even record skype calls or regular cellphone calls. The software is designed for police and intelligence services engaged in "digital investigations."

"We only sell RCS to 'authorized' countries, that is, we take into full account international recommendations about embargoes, civil liberties violations, treaties," David Vincenzetti from HackingTeam told this website. He refused to name the countries HackingTeam is selling its product to, citing "confidentiality". Vincenzetti said that they have some 30 customers in 20 countries "without any geographical concentration."

But this kind of response is exactly what MEPs are trying to avoid in the future.

"They always say it's confidential and act under the radar, so we can't share information about the situation on the ground. Currently reporting on dual use technology - which can be used both for tracking down wrong-doers and to repress citizens - is done after the export has taken place. And it depends on member states or companies to report if something went wrong," Schaake notes.

Instead, the European Parliament wants a more "pro-active system" so that when private companies are pressed to reveal private data or if their programmes are misused for surveillance and censorship of citizens, the EU could provide "political support", Schaake says.

"We have to increase the level of knowledge among politicians. There are standard lists of military technology banned for export during an embargo on a country. But this is not updated to include online weapons," she added.

EU commission defends telecoms surveillance law

A controversial EU data retention law is 'necessary' and will not be scrapped, the responsible commissioner said Monday. EU citizens have gained nothing from it, but lost their privacy, NGOs claimed while a group of member states are now facing multi-million euro fines for not implementing the rules.

Europol wants to host EU cyber crime centre

The EU's joint policy body, Europol, is angling to host a new European cyber crime centre, with the European Commission due next year to decide where to put its new defence against online threats.

EU struggling to fight cyber crime

Faced with increasing cyber attacks, the EU is looking at a new law criminalising the use of 'zombie' computers and is setting up a 'cyber crime' agency and special teams of IT firefighters. But specialists and data privacy defenders remain unconvinced.

The EU and cyber security

Cloud computing, smartphones, viruses attacking nuclear plants. In the October Focus, the EUobserver turns its attention to cyber security and EU's attempts to set up rules for safer navigation on the internet.

'There's a computer worm in your nuclear centrifuge'

With the discovery of Stuxnet, a computer worm believed to have been developed by the US government to shut down a nuclear plant in Iran, European companies like Siemens are coming under increased pressure to secure software operating 'critical infrastructure' such as power plants or water treatment facilities.

News in Brief

  1. Migrants storm Spanish enclave of Ceuta
  2. Spain's princess fined for tax fraud, husband sentenced
  3. EU to invest millions in energy infrastructure
  4. Dutch data watchdog forces online vote aides to up security
  5. EU allows Lithuania to ban Russian tv channel
  6. Finland announces increase in defence spending
  7. Ex-PM Blair says Brits should 'rise up' against Brexit
  8. Nato chief says facts to prevail over fake news

Stakeholders' Highlights

  1. Malta EU 2017End of Roaming Fees: Council Reaches Agreement on Wholesale Caps
  2. Nordic Council of MinistersNordic Innovation House Opens in New York to Help Startups Access US Market
  3. Centre Maurits CoppietersMinorities and Migrations
  4. Salzburg Global SeminarThe Child in the City: Health, Parks and Play
  5. UNICEFNumber of Ukrainian Children Needing Aid Nearly Doubles to 1 Million Over the Past Year
  6. Centre Maurits CoppietersThe Situation of Refugee Women in Europe
  7. Salzburg Global SeminarToward a Shared Culture of Health: Charting the Patient-Clinician Relationship
  8. European Free AllianceAustria Should Preserve & Promote Bilingual and Multinational Carinthia
  9. Martens CentreShow Your Love for Democracy! Take Part in Our Contest: "If It's Broken, Let's Fix It"
  10. CISPECloud Computing Leaders Establish Data Protection Standards to Protect Customer Data
  11. Malta EU 2017Landmark Deal Reached With European Parliament on Portability of Online Content
  12. Belgrade Security ForumBSF 2017: Building a Common Future in the Age of Uncertainty

Stakeholders' Highlights

  1. CESIEU Not to Revise the Working Time Directive
  2. International Partnership for Human RightsAzerbaijan: 76 NGOs Urge the EU to Use President's Visit to Insist on Human Rights Reforms
  3. UNICEFDeadliest Winter for Migrant Children Crossing the Central Mediterranean
  4. World VisionGaza Staff Member Pleads Not Guilty
  5. Nordic Council of MinistersNordic Region First to Consider Complete Ban on Microplastics in Cosmetics
  6. Dialogue PlatformWhy the West 'Failed to Understand' Turkey
  7. European Jewish CongressInternational Holocaust Remembrance Day Ceremony
  8. European Free AllianceCatalan Independence Referendum: A Matter of Democracy
  9. International Partnership for Human RightsKyrgyzstan: No Justice for Human Rights Defender Azimjan Askarov
  10. Dialogue PlatformThe Influence of Turkish Politics in Europe After the Coup Attempt
  11. World VisionEU Urged to Do Better Ahead of Helsinki Conference on Syria
  12. Caritas EuropaEU States to Join Pope Francis’s Appeal to Care for Migrant Children