Regulating the Digital Weapons Trade


by Kaleb Warnock

Business is booming for private intelligence companies, especially those who produce surveillance technologies. Many of them are keeping up with government intelligence agencies such as the NSA and GCHQ in their technological capabilities, while some even maintain relationships with otherwise repressive regimes.

Though there has been a significant degree of exposure for the nuclear and conventional arms trade, there has been little regulation regarding the surveillance technologies market and many private companies are selling their products. Many civil society organizations feel that the proliferation of surveillance technology is an affront to human rights and is currently in crisis due to under-regulation.“Their products have been or are being used to commit violations of human rights and freedom of information,” writes Reporters Without Borders (RWB). “If these companies decided to sell to authoritarian regimes, they must have known that their products could be used to spy on journalists, dissidents and netizens.”

This is especially relevant given the role of Internet technologies in recent uprisings in Ukraine and across the Middle East and Asia, and accusations from human rights groups that states are engaging in surveillance and torture of suspected dissidents.

“It is very ironic – and sad – that Western technology also contributes to the oppression of technologies which were to bring freedom,” says Gudrun Harrer, senior editor at Der Standard, lecturer and Middle East expert. She cited the work of new media scholar, Evgeny Morozov, who thinks that by celebrating the so-called Arab Spring as “Facebook” or “Twitter” revolutions that Westerners simply want to highlight their own technical contribution to revolutions in Arab countries.

According to Privacy International, the global surveillance industry is estimated at $5 billion per year. In findings they refer to as “downright scary,” their study Big Brother Inc. indexed more than 1,200 documents detailing 97 different surveillance technologies, and 338 companies based in 36 countries. Many companies explicitly state that they interact only with governments, but some are willing to sell their products to private entities who often act as third-party brokers to transfer the products to embargoed or otherwise unsavory clients.

“Most people in Middle East countries are use to surveillance of all kind – internet surveillance is only the newest of them, said Harrer. “And don’t forget, there was also lots of money to make with these technologies – mainly for the clients of these regimes, of course.” Private surveillance companies sell a variety of different turnkey technologies, generally advertised as undetectable and untraceable by the target. These technologies include everything from mass surveillance software or undersea Internet cable penetration to basic cloak and dagger tools such as hidden cameras and remote recording technologies. They also offer hardware that can record, upload and listen to mobile phone conversations, while there are even snap-n-go transmitters conveniently compatible with Google Maps.

Some even have budget options for spying on the cheap. Other “offensive technologies” provide active monitoring of web traffic and software that targets programs such as Skype, social media, and text messaging. Clients can also purchase invasive technologies such as keystroke loggers and anti-encryption software, all of which can be managed from mobile or stationary command platforms.

According to Bloomberg, the major producers are companies in France, UK, US, Germany, Finland, Sweden, Denmark, Ireland and Italy. The buyers were countries including Syria, Bahrain, Iran and Tunisia – all of which have been cited by Human Rights Watch as having engaged in arbitrary detention, surveillance, or torture of political dissidents and members of civil society. However, some countries are taking steps to curtail the trade of surveillance goods that may be used to violate human rights.

“If their digital surveillance products were sold to an authoritarian regime by an intermediary without their knowledge, their failure to keep track of the exports of their own software means they did not care if their technology was misused and did not care about the vulnerability of those who defend human rights,” according to RWB.

However, there are several regulation regimes in place to monitor and restrict the market of these technologies. For example, the European Parliament approved a resolution that prohibits granting of general EU authorizations to export surveillance technologies to countries such as China, India, Russia and Turkey that could be used to violate human rights or hinder democratic principles and freedom of speech. The Parliament also prohibited exports to countries under arms embargoes imposed by the European Council, OSCE and the UN.

Surveillance technologies are considered “dual-use” technologies by most regulatory standards, which means that they are goods that can be used for both civilian and military applications. For EU countries, the exports of dual-use items are restricted by a system of international EU and national rules that state that sellers must seek authorization from relevant authorities before export. Typically, though, the term “dual-use” is considered to be a nebulous term for technologies that are singularly used for military or intelligence applications.

“Although the base hardware is theoretically capable of performing multiple diverse tasks, the systems themselves are typically built and maintained for one specific purpose: limiting individual human rights,” writes Ben Wagner, a researcher for the Humanist Institute for Co-operation with Developing Countries. “Consequently some of the technologies suggested to be ‘dual use’ are effectively ‘single use’ technologies.”

However, there are other regulatory mechanisms in place as well. The 41 members of the Wassenaar Arrangement, a global multilateral arrangement on reporting exports of conventional weapons and sensitive dual-use goods, met to push for an international solution to unregulated surveillance systems and the cyber security technologies market. Intelligence agencies of the member countries are particularly worried about deep-packet inspection technologies which are communications surveillance tools that monitor the traffic of network data sent over the Internet. This allows systems to manage networks as well as spying and censorship and is being used by other states to conduct espionage or thwart cyber attacks.

According to the Wassenaar website, participating states conducted a regional views exercise to exchange information on risks associated with transfers and dual-use goods focusing on specific geographic regions. In December 2013 the parties of the Arrangement agreed on a number of areas including surveillance, law enforcement and intelligence gathering tools, and internet protocol network surveillance systems of equipment, which they determined may be detrimental to regional security and stability.

However, despite increasing bureaucratic momentum and increasing public scrutiny, these technologies are often trafficked illegally or moved through third party countries to circumvent strict regional regulations through countries with fewer regulations. At present, there is no universal robust regulation regime for these technologies as there are for other defense technologies and for things of this nature, the global regulation regime is only as strong as its weakest link.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s