The campaign group Privacy International alleges the equipment has been used to gather information on activists who are targeted by the repressive regimes. It wants greater restrictions on the export of surveillance products, which are increasingly being used but are increasingly used but have not had the same level of export restrictions as traditional weapons. The group has sent a 186-page report to Revenue and Customs (HMRC) alleging that the unlicensed export of some Gamma International products "would amount to criminal conduct".
"For years, British companies like Gamma International have had carte blanche to sell incredibly powerful surveillance technologies to any government that can afford them, even when they are subsequently used to target human rights defenders. Gamma International is one of the worst culprits; it does business with regimes that most companies would not touch with a bargepole," said Eric King, head of research at Privacy International.
The organisation argues that Gamma – which insists it does comply with export controls – has been exporting its products without licences in place and has called on HMRC to investigate.
Privacy International says the rules in place were insufficient and wants controls on surveillance technology overhauled. "The fact that some controls have been in place for over a decade but appear not to have been enforced suggests the government policy on this kind of technology is patchy at best. We need to ensure all surveillance technology is properly controlled: these are digital arms and need to be treated with the same vigour as traditional weaponry," said King.
The organisation argues that Gamma had a responsibility before it was explicitly informed by the business department to check if it needed an export licence and have the necessary licences in place.
Privacy International's document to the HMRC also alleges that Bahraini pro-democracy activists received emails containing malware that, when analysed by researchers at the Toronto-based Citizen Lab, contained "strong evidence that the malware in question was "FinSpy … distributed by Gamma International". Gamma said: "We have no knowledge of any operation involving those named in the article."