Surveillance software and your government #privacy

This week’s blog post is divided into two parts: one, the article itself, and two, the slant of the article.

Firstly, let’s talk about “Researchers Find 25 Countries Using Surveillance Software“, a blog post from the New York Times. I got to this post from Bruce Schneier’s excellent blog, Schneier on Security. Two researchers, Bill Marczak and Morgan Marquis-Boire, found evidence of surveillance software being used by governments to spy on their own citizens. To quote, “The list of countries with servers running FinSpy is”:

  • Australia
  • Bahrain
  • Bangladesh
  • Britain
  • Brunei
  • Canada
  • Czech Republic
  • Estonia
  • Ethiopia
  • Germany
  • India
  • Indonesia
  • Japan
  • Latvia
  • Malaysia
  • Mexico
  • Mongolia
  • Netherlands
  • Qatar
  • Serbia
  • Singapore
  • Turkmenistan
  • United Arab Emirates
  • United States of America
  • Vietnam

The software, FinSpy, is a British product that is sold “solely for criminal investigations”. FinSpy is owned by a company called Gamma Group and Martin J Muench, Gamma Group’s MD, said that the software is used

against pedophiles, terrorists, organized crime, kidnapping and human trafficking

The problem is, like the use of RICO legislation in the USA that has been expanded to catch criminals not usually involved in racketeering, FinSpy can also be used, not merely to monitor possible organised crime but, as researcher Marquis-Boire puts it, “for politically motivated surveillance”.

(I have to say that Gamma Group is quite open about its services, ranging from jamming solutions, fully customised surveillance vans, wireless audio survelliance recorders, “covert methods of entry”, vehicle tracking systems, passive detection, to SMS interception, “speech identifying tools”, satellite monitoring and “passive monitoring of telephone lines”, and if I was making an “Enemy of the State II”, I’d certainly consult with them. However, they appear to be less forthcoming about their “FinFisher IT Intrusion” product, of which I can only assume FinSpy is a part. One thing that does seem to stand out clearly, however, is that FinFisher is aimed directly at government agencies; specifically, the “intelligence community”.)

How does it work? In the case of FinSpy, there appear to be multiple options available to the Concerned Government. Quoting from the NY Times blog, Marquis-Boire and Marczak found, in one specific case:

e-mails lured targets to click on pictures of members of Ginbot 7, an Ethiopian opposition group. When they clicked on the pictures, FinSpy downloaded to their machines and their computers began communicating with a local server in Ethiopia.

But what exactly is being communicated?

e-mails contained surveillance software that could grab images off computer screens, record Skype chats, turn on cameras and microphones and log keystrokes

That’s the first troubling point. The second is this: the article made a point of singling out particular countries, such as Ethiopia, as mentioned above. Also mentioned is Turkmenistan where the “server running the software belonged to a range of I.P. addresses specifically assigned to the ministry of communications. Turkmenistan is the first clear-cut case of a government running the spyware off its own computer system.” Also mentioned is Vietnam, which “introduced censorship laws that prohibit bloggers from speaking out against the country’s ruling Communist party” and where the researchers found “one Android phone infected with FinSpy that was sending text messages back to a Vietnamese telephone number.”

My point is made obvious by what isn’t mentioned. No mention of the so-called “Western democracies” using FinSpy, such as Australia, Germany, the Netherlands, Britain and the United States. And while Germany’s foreign minister, Guido Westerwelle “called for an Europe-­wide ban on the export of surveillance technology to repressive regimes”, you can bet your last currywurst that he didn’t mean those regimes of utter transparency and liberalism, such as Germany, Britain, Australia, the Netherlands and, er, the United States. None of those are repressive regimes at all, are they? Hmmmmm. Which begs the next question, if they are all such stalwarts of Western values (you known, freedom, privacy, rights of the individual, yadda yadda), why would they need software like FinSpy in the first place? Don’t liberal governments have massive infrastructure that can carry out investigations without the need for spyware? What possible justification could there possibly be for a government to download, by stealth and deception, a key-logger to the computer of one of its own citizens?

Even Marquis-Boire falls for this blindness of the superior Westerner:

I’m just not for commercial companies selling them to nondemocratic regimes with questionable human rights records. [my emphasis]

So then it’s okay to sell to democratic regimes with “good” human rights records because they are so transparent and law-abiding? We all know that modern democracy is not all its cracked up to be, particularly in those “democratic” countries where only two main political parties exist. Regardless of the Western country we live in, we’ve seen troubling circumstances where supposed political enemies have joined forces to push through unpopular or repressive legislation. The average citizen has no option but to ask herself the value of her voice and vote in such cases. If the citizens didn’t want more punitive measures against freedom of speech, their country to be involved in wars, money being given to external, repressive regimes, why does such legislation continue to get passed? Is this really democracy?

By not taking into account any of this, but merely making a blithe assumption about the superiority of “democratic” regimes with alleged “good human rights records”, I’m not sure whether Marquis-Boire is being foolish or naive. Maybe both.

Comments are closed.