Syrian Surveillance Project Raises Concerns About Effectiveness of Export Controls
Over the past few weeks, numerous stories have emerged documenting just how pervasively the Syrian regime patronizes American companies. First it was Blue Coat, the company that first denied the use of their tools in Syria, which then later backtracked, admitting that thirteen of their appliances were “phoning home” to Blue Coat headquarters.
Later a Bloomberg investigative report found that Italian company Area SpA had contracted with Syrian intelligence agents to develop a surveillance system “with the power to intercept, scan and catalog virtually every e-mail that flows through the country,” to the alleged price tag of 13 million euros. The system included components made by Sunnyvale-based company NetApp Inc., as well as by German company Utimaco Safeware AG. Just a few days later, Bloomberg found that Hewlett-Packard equipment was also part of the system built by Area SpA.
Then, just as we thought the story couldn’t possibly get any more complex, researchers at the University of Toronto’s Citizen Lab found that Syrian Addounia TV–under sanctions by both Canada and the EU for inciting violence against Syrian citizens–uses Canada-based servers to host its website. The researchers also found that Al-Manar, the official television station of Hezbollah banned by Canada and EU, and on the United States’ Specially Designated Nationals List, hosts its website on US and Canadian servers as well.
Putting the icing on the cake, the Wall Street Journal on Saturday released a treasure trove of documents obtained from a surveillance trade show in Washington, DC. The documents show how a multitude of companies market their wares to foreign governments and other entities.
Officials from the Department of Commerce have said that Blue Coat is under investigation to determine whether the company had prior knowledge of its appliances being sold to Syria. A group of three senators has called upon the State and Commerce Departments to investigate companies whose technology has been used to “monitor activities of Syrian citizens.” Representative James McGovern (D-MA) has expressed intent to follow up with the agencies to investigate whether NetApp is in violation of export controls.
Syria is unique in that the export of technology to the country falls under several different sanctions regimes in the United States alone. There is an Executive Order dating back to August that blocks the export, re-export, sale or supply, directly or indirectly, from the United States or by any US person (with considerable exceptions noted in a general license for online communications technologies). There are also Department of Commerce restrictions dating back to 2004 that require licenses for the export of most technology (including that excepted in the aforementioned general license). Canada has enacted similar controls, but also allows for exceptions through special licenses granted by the Minister of Foreign Affairs. EU sanctions are more specific, targeting mainly individuals and companies. They continue to be expanded, most recently to targeting two members of the Syrian Electronic Army.
Ironically, the same export controls meant to prevent the Syrian regime from accessing the aforementioned technology also frequently prevents Syrian citizens from getting their hands on technology that they need. EFF has detailed how export regulations prevent Syrians from downloading popular tools like Google Chrome and Google Earth, and from using Skype to call their families abroad (Syrians can use Skype, but they can’t add credit to their accounts and are therefore limited to Skype-to-Skype calling). EFF has also noted the ways in which the Commerce Department’s regulations cause companies to enact overbroad restrictions, resulting in Syrians being prevented from using tools to which they should otherwise have legal access.
At the same time, the export restrictions are clearly failing to serve the purpose for which they were intended: preventing the Syrian regime from doing more harm to its citizens. To that end, we are wary of calls for new export regulations for surveillance tools in the US and have proposed a simple framework for companies to audit their current and potential customers for human rights abuses. We have also called upon the Obama Administration to remove the license requirements and restrictions on tools used by democracy activists in Syria, Iran, and other affected countries.
Our framework extends the concern for human rights beyond sanctioned countries, to include any country using technology to commit human rights abuses. Companies should not simply be concerned with criminal penalties (as Blue Coat seems to be) but the gross potential harm their technologies inflict on their citizens. We’ve seen a dozen countries or more, from China to Bahrain, Tunisia to Vietnam, utilize Western-built technology for such purposes. This alarming trend must stop.