Surveillance companies ditch Switzerland, but further action needed

News & Analysis
Surveillance companies ditch Switzerland, but further action needed

Facing intense scrutiny from a Swiss government inquiry into the human rights impact of the commercial surveillance trade, companies have packed up and are no longer attempting to export their spying technology from Switzerland.

Speaking with St. Galler Tagblatt, one of Switzerland’s largest German-language daily newspapers, government spokeswoman Marie Avet confirmed that the companies have cancelled export applications for surveillance technology - including all applications for the export of trojans and technologies for internet monitoring. This latest news is a significant development in ongoing efforts to curb the export of dangerous surveillance technologies to authoritarian governments.

The review - initiated after Privacy International wrote to Swiss authorities last year- put a hold on any decisions related to the export of surveillance technologies. It appears as though some companies have now given up waiting and have cancelled their applications. It should be noted, however, that several outstanding requests for mobile phone monitoring equipment remain pending. As Privacy International has stated previously, it is imperative that they reject any applications that represent a risk to human rights.

While this news is clearly welcomed, it also means that companies will now look for another country from which to export. Tackling this problem forms part of a bigger challenge: regulating companies operating international supply chains across multiple jurisdictions. In order to begin addressing this, we need strong, international commitments by states to make sure that companies aren’t able to skirt export rules by simply moving to more favourable jurisdictions.

Gamma: Fishing for approval

Industry sources confirmed to Tagblatt that one of the companies that had applied for permission to export from Switzerland was Gamma. Gamma Group is best known for having developed the FinFisher suite of trojans – a spyware package that allows its user to take complete control of a mobile device or computer, allowing them access to all the data and even to take control of the microphone and camera. FinFisher has reportedly been found in a range of authoritarian countries across the world and has been used against political activists in Bahrain.

Using a Freedom of Information request, we learned that Gamma had originally asked the UK government in June 2012 whether or not it needed a license to export FinFisher from the UK, and was told that it did. We subsequently called for an investigation by HM Revenue and Customs into the potential breach of export control laws which will go to court this month. Since then, the UK government has confirmed to Privacy International that Gamma have not submitted any requests for approval to export FinFisher from the UK.

We then learned in September 2013 that Gamma had applied for licenses to export from Switzerland, after which we issued letters to over 70 Swiss lawmakersurging them to reject any applications where human rights concerns exist. Given that the Swiss authorities have yet to make a formal decision related to their review several months later, it appears as though some companies have given up waiting. While it's not known if it was the FinFisher suite that was being exported, the fact that Taglbatt reports that "trojans" were included within the applications is worrying.

But Gamma isn’t the only surveillance company with a presence in Switzerland. Others include Dreamlab, which appear on documents showing they were involved in a prospective joint project with Gamma in Turkmenistan; Neosoft, which specialises in tactical telecommunications interception equipment, and Elaman, a large distributor of multiple surveillance products.

That's why today we wrote to the agency in charge of export controls in Switzerland, the State Secretariat for Economic Affairs (SECO), asking for further official clarification. In light of the fact that the applications have been withdrawn, it is important that SECO confirm exactly what was to be exported and to where. Export control agencies understandably need to remain discreet when it comes to revealing sensitive commercial information, but they also need to share as much information as possible when it comes to any high risk applications in order to ensure that companies can't simply export from elsewhere.

Global supply chains, national rules

While the news coming out of Switzerland is significant, regulating any international phenomena requires an international response.

Gamma is a good example of this. Although based in the UK, their ownership and operational structure make it unclear as to what level some of their activities are actually subject to UK taxation and regulation, if at all. One of Gamma’s nominee directors for example, Lutheon Nelson, registered a ‘Gamma Group International Ltd’ as an offshore entity in the British Virgin Islands, the purpose of which remains hidden. Gamma has several subsidiaries, and several “technical and sales offices based in Europe, Asia, the Middle East and Africa". It is difficult to establish whether or not these offices are anything more than brass-plate companies. Locations in which Gamma appear to have offices registered include Lebanon, UAE, and Singapore. The company also has a sales office registered in Bern, Switzerland, while Gamma‘s German-based subsidiary was closed last year and reincorporated as “FinFisher GmbH”. While FinFisher’s legal status appears to now be held by an entirely separate entity from Gamma, we identified them at an arms fair in Paris last year exhibiting using a shared platform.

Using different territories with different laws to your advantage in such a way is a staple of today’s profit-seeking entities. Outside of fact that the offshore economy in places such as the British Virgin Islands is thought to cost the global economy some 5 per cent of its annual total GDP ($1.3 trillion dollars per year), these practices have a particularly undermining effect on regulations that are designed to control the trade in arms and other strategic goods. Through the use of foreign-based subsidiaries or brass-plate companies, entities can agree and broker deals that would otherwise be banned or subject to regulation in the country where their parent company is based.

A company can choose where to source and export its goods from. If it were worried that the company wouldn’t get approval to export from one country, they can simply do it from another. In this way, the global supply chain facilitates a global race to the bottom when it comes to controlling global trade. Currently, aside from a few specific instances, UK law on the export of dual-use goods such as FinFisher does not control brokering activities or the trade in such goods by subsidiaries of UK-based companies.

After Switzerland, where next?

By taking action to review the high risk to human rights presented by surveillance technologies, Switzerland has taken an important step and one that should make it an example to other countries. The Swiss government now needs to actively develop a policy of rejecting any licenses where there exists substantial human rights concerns, and share any information on denied applications it has with EU member states and others.

Ensuring that surveillance companies don’t use Switzerland to peddle goods that can be used to facilitate human rights abuses is important, but no jurisdiction should be made available to them. It is imperative that international action be agreed to control multinational companies engaged in international trade.