US government cracks down on surveillance technology reseller; HMRC remains silent in similar case

News & Analysis
US government cracks down on surveillance technology reseller; HMRC remains silent in similar case

After a successful investigation by the US government into the illegal reselling of over a million dollars worth of surveillance equipment to the Syrian regime, Dubai distribution company Computerlinks FZCO has agreed to pay the maximum civil penalty of $2.8 million.

Computerlinks, in three separate transactions between October 2010 and May 2011, sold $1.4 million worth of devices developed by California-based Blue Coat to the state-run Syrian Telecommunications Establishment, which controls the country's access to the Internet, according to the US Bureau of Industry and and Security, the US agency in charge of export controls. Computerlinks also provided support "to help the end user of the devices to monitor the web activities of individual internet users and prevent users from navigating around censorship controls". 

This isn't the first time Blue Coat technology has been shown to be present and actively used in repressive regimes, though in this instance they claimed no knowledge of their products being used in Syria. A recent report by Citizen Lab has shown that 61 of these Blue Coat appliances are on public or government networks in countries with a history of concerns over human rights, surveillance, and censorship. Additionally, documents in the U.S. case against Computerlinks demonstrated that the Middle Eastern reseller had lied to Bluecoat and said the filtering and surveillance products were being sold in Iraq and Afghanistan. 

U.S. Under Secretary for Industry and Security Eric L. Hirschhorn commented that the settlement with Computerlinks "… reflects the serious consequences that result when companies evade U.S. export controls. It is the result of an aggressive investigation and prosecution by BIS of the unlawful diversion of U.S. technology to Syria", and "[i]t is vital that we keep technology that can repress the Syrian people out of the hands of the Syrian government”.

Uproar ensued in 2011 when researchers first discovered that the Syrian government, known for its violations of human rights and widely condemned crackdown against ongoing domestic opposition, was using American software to censor the internet. U.S. companies that wish to export products to Syria must apply for a license, as sales by U.S. companies to Syria are illegal under sanctions imposed by President George W. Bush in 2004. These sanctions, however, have had unintended consequences, chiefly among them the prevention of exporting personal communication tools to citizens and activists. Additional reforms are needed to lift sanctions against lightweight technology such a social networks, email services, and instant messaging. These types of prohibition have the inverse effect of what the sanctions are designed for -- they actually hurt activists and citizens while enabling repressive regimes.

While we applaud the U.S. government's cracking down on Computerlinks, it just further highlights the lack of action being taken by other governments, and that companies exporting similar surveillance technologies to countries with appalling human rights records are not being taken to task. This case shows that governments, if they choose to, can seek to prevent western technology being used to repress dissent, spy on citizens, and track down activists. 

It is vital that technology that can repress people is kept out of the hands of repressive governments, but in this case, the British government remains silent. On behalf of victims who were targeted by FinFisher, Privacy International has called upon HM Revenue and Customs  (HMRC) - the body responsible for enforcing export regulations in the UK - to investigate the potentially illegal export of surveillance technology by Gamma International. HMRC has thus far refused to inform Privacy International and victim's of Gamma's FinFisher the state of any investigation into potentially illegal exports by Gamma International. While the US government has shown that this type of technology is unacceptable if used to repress citizens, HMRC has remained silent. Privacy International has now taken this matter to court, where we will urge the court to force HMRC to come clean.