Monday

27th Jun 2022

EU companies banned from selling spyware to repressive regimes

  • The European Parliament wants to clamp down on exports of surveillance technology (Photo: Helena Spongenberg)

European companies selling online surveillance technology have come under increasing criticism from NGOs and the European Parliament after it emerged their products had helped regimes in Iran, Egypt and Libya to clamp down on protesters.

"We need to ask for more transparency from companies before they actually sell these technologies. It's not about sanctions and trade restrictions, it's about making sure the new technologies are not systematically used to repress citizens," Dutch Liberal MEP Marietje Schaake told this website after the European Parliament last month approved banning spyware exports to repressive regimes.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

Following the democratic uprisings in the Arab world, several European companies found themselves under fire from NGOs and the media for being careless about where their technology ends up. French and US technology, for example, had been used extensively by Libya's dictator Moammar Gaddafi for spying on the online activities of opposition activists.

An investigation by the Wall Street Journal into the deserted compound of Gaddafi's secret police in Tripoli found a monitoring centre "lined with posters and English-language training manuals stamped with the name Amesys, a unit of French technology firm Bull SA."

Amesys admits it equipped the monitoring centre in 2008, but insists that it did nothing illegal and points to the rapprochement between Western powers and the Libyan dictator at the time.

"The contract was related to the making available of analysis hardware concerning a small fraction of the Internet lines installed at that time (a few thousand). This did not include either Internet communications via satellite (as used in Internet cafes), encrypted data such as Skype-type communications, or filtering of Web sites. In addition, the hardware used did not allow for the monitoring of either fixed or mobile telephone lines," a statement from the French company reads.

But according to the Wall Street Journal, Amesys "equipped the centre with 'deep packet inspection' technology, one of the most intrusive techniques for snooping on people's online activities." One file seen by the US paper, dating back to February, the early stage of the anti-Gaddafi protests, includes a 16-minute Yahoo chat between a man and a woman, in which he worries that he has become a target as "the Gaddafi forces are writing lists of names." He tells her he will go into hiding and phone her from a new number.

Amesys was also singled out in a recent report by Freedom House, an international NGO promoting freedom on the internet. Italian and British firms are also accused of having sold online spying software to Middle Eastern and North African countries.

"Britain’s Gamma International provided its product FinSpy to Egypt’s security service, which used the product to monitor dissidents’ online activities.  This spyware infects the computers of dissidents and allows the security service to capture key strokes and intercept audio streams, even when the dissidents are using encrypted email or voice communications such as Skype. The Italian company HackingTeam has sold software to security agencies in the Middle East and North Africa that bypasses Skype’s encryption and captures audio streams from a computer’s memory," the paper reads.

HackingTeam's only product is the Remote Control System, which according to its brochure "bypasses protection systems such as antivirus, antispyware and personal firewalls" and tracks emails, SMS-es, online activity and can even record skype calls or regular cellphone calls. The software is designed for police and intelligence services engaged in "digital investigations."

"We only sell RCS to 'authorized' countries, that is, we take into full account international recommendations about embargoes, civil liberties violations, treaties," David Vincenzetti from HackingTeam told this website. He refused to name the countries HackingTeam is selling its product to, citing "confidentiality". Vincenzetti said that they have some 30 customers in 20 countries "without any geographical concentration."

But this kind of response is exactly what MEPs are trying to avoid in the future.

"They always say it's confidential and act under the radar, so we can't share information about the situation on the ground. Currently reporting on dual use technology - which can be used both for tracking down wrong-doers and to repress citizens - is done after the export has taken place. And it depends on member states or companies to report if something went wrong," Schaake notes.

Instead, the European Parliament wants a more "pro-active system" so that when private companies are pressed to reveal private data or if their programmes are misused for surveillance and censorship of citizens, the EU could provide "political support", Schaake says.

"We have to increase the level of knowledge among politicians. There are standard lists of military technology banned for export during an embargo on a country. But this is not updated to include online weapons," she added.

EU commission defends telecoms surveillance law

A controversial EU data retention law is 'necessary' and will not be scrapped, the responsible commissioner said Monday. EU citizens have gained nothing from it, but lost their privacy, NGOs claimed while a group of member states are now facing multi-million euro fines for not implementing the rules.

Pegasus spyware makers grilled by MEPs

"We will not continue to work with a customer that is targeting a journalist illegally," Chaim Gelfand, chief compliance officer of NSO Group told MEPs — but shed little light on EU governments' use of its Pegasus spyware.

IT bugs haunt work of EU fraud busters

EU efforts to fight fraud have been hampered by bugs and delays in an €29m IT system meant to help manage investigations more efficiently.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

Stakeholder

The CPDP conference wants multidisciplinary digital future

During the Computers, Privacy and Data Protection (CPDP) conference, many high-level discussions will touch upon the dynamics of decision-making in the design of new technologies, including the importance of inclusion, diversity, and ethics perspectives within these processes.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

News in Brief

  1. Lithuania abusing migrants, says Amnesty
  2. Anti-Nato protest ahead of Madrid summit
  3. Poles and Ukrainians hold gay pride march in Warsaw
  4. Possible terror attack halts gay pride in Norway
  5. Belgian PM: Gas shortage requires joint response
  6. Bulgarian MPs set conditions for lifting enlargement veto
  7. Latvia: We need a brigade-size Nato force to 'feel safe'
  8. Deal reached on controversial energy treaty reform

Stakeholders' Highlights

  1. Nordic Council of MinistersEmerging journalists from the Nordics and Canada report the facts of the climate crisis
  2. Council of the EUEU: new rules on corporate sustainability reporting
  3. Nordic Council of MinistersNordic ministers for culture: Protect Ukraine’s cultural heritage!
  4. Reuters InstituteDigital News Report 2022
  5. EFBWW – EFBH – FETBBHow price increases affect construction workers
  6. Nordic Council of MinistersNew Nordic think tank examines influence of tech giants

Latest News

  1. EU summit's uncertainty in the face of economic war
  2. Next winter's gas looms large at EU summer summit
  3. Ukraine becomes EU candidate after 120 days of war
  4. How to enhance EU cybersecurity
  5. Competing options for EU enlargement
  6. MEPs demand to exit 'ecocide treaty' after reforms 'fail'
  7. Finland optimistic in Turkey talks over Nato
  8. Hungary's global-tax veto seen as 'blackmail'

Join EUobserver

Support quality EU news

Join us