Behind Google and Verizon lies a much more complex landscape of American companies ready to do global business selling surveillance technologies - and stay apathetic to the consequences.
In 2006, tech giant Cisco—along with Google, Microsoft, and Yahoo—faced the House Subcommittee on Africa, Global Human Rights and International Operations. The accusation? Complicity with the Chinese government or, as Rep. Christopher H. Smith called it, a “sickening collaboration" that "[decapitated] the voice of the dissidents" there.
Two years later, Cisco was made to face the music again, this time in the form of a Senate subcommittee. But on the eve of that confrontation, a fortuitous leak occurred: someone inside the company leaked a document to reporters that detailed the extent of Cisco’s collaboration with the Chinese government. The document—an internal company presentation—demonstrated ways in which Cisco could help service China’s censorship system, known as the ‘Great Firewall of China.’ Included in the list was “combat ‘Falun Gong’ evil religion and other hostiles.”
Although Cisco wasn’t directly held accountable for its actions, the series of hearings had two direct outcomes: the proposal of the Global Online Freedom Act—a bill that has yet to pass—and the creation of the Global Network Initiative, a voluntary multistakeholder initiative meant to help tech companies navigate the privacy and free speech challenges that come with doing business globally, and to hold them accountable for transgressions.
While the former remains stalled in Congress, proposed year after year, the latter launched in 2008 with Google, Microsoft, and Yahoo as members, alongside a bevy of human rights groups and academics, later attracting Facebook and other companies as well. Absent from the initiative? Cisco.
In fact, Cisco—as well as the many other American companies capable of and willing to provide censorship and surveillance technologies to foreign governments—has continued its lucrative business without a whiff of accountability or public transparency. Two pending lawsuits against the company serve as reminders of its impunity.
But Cisco is hardly the only American producer of surveillance technology selling to governments with less-than-stellar human rights records. Blue Coat Systems, Inc., based in Sunnyvale, California, came under scrutiny in 2011 after it was alleged that the Syrian government used their devices to censor and surveil domestic traffic. The company acknowledged the location of the devices, but claimed they had been shipped to Dubai en route to Iraq, where they would be used by a government department (a questionable move in itself).
Blue Coat’s situation is different; selling certain technologies to Syria violates US sanctions against that country. And while Blue Coat itself was not charged with any violations, the reseller it used — Computerlinks —was fined for selling tools worth $1.4 million to Syria. Blue Coat ultimately settled with the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) for $2.8 million. Just a few months later, however, the company was once again accused of violating export laws, this time after Canadian researchers at the University of Toronto’s Citizen Lab found evidence of its devices in Sudan and Iran, both under US sanctions.
It is not just the sale of surveillance-enabling devices sold to countries under sanctions that is troubling: earlier research by the same group found Blue Coat devices in Venezuela, China, Singapore, Egypt, and a handful of other repressive countries. While there is no penalty for sale to most countries, the implications of electronic surveillance in many of these countries should make companies think twice.
When Egypt shut down the Internet two days into massive protests in 2011, the media was shocked by that government’s audacity (though perhaps they shouldn’t have been; Egypt by far isn’t the first country to do so, having been preceded by the Maldives, Nepal, and Burma). But Egypt had long oppressed its media, professional and citizen alike. And it did so with the help of another American company.
Narus, a subsidiary of Boeing, is perhaps best known in the US for the claim that one of its devices, the Narus STA 6400, was “used particularly by government agencies because of its ability to sift through large amounts of data looking for preprogrammed targets.” Those “government agencies” include The National Security Agency (NSA). In 2006, AT&T technician Mark Klein blew the whistle on AT&T’s collaboration with the NSA, pointing in an affidavit to a secret room in which the Narus STA 6400 was being housed. Klein’s claims match those made by Narus on its website, where it touted AT&T as a customer.
Narus was also open about the fact that it provided Deep Packet Inspection (DPI) equipment to Egypt Telecom, as well as to telecoms in Saudi Arabia, Pakistan, and other countries with questionable human rights practices. DPI technology is commonly used for routine network management (such as the handling of spam), but has the capability to analyze all layers of data packets sent across the Internet; in other words, it is a dual-use technology that can be utilized for both banal and nefarious purposes.
That it is the same technology companies providing surveillance technologies to authorities in the United States and foreign countries isn’t surprising; the demand often starts in the west, with American, Canadian, and European suppliers happy to rise to the occasion. Such companies are often agnostic to claims that their technologies are being used for political repression, stating the dual-use purposes of the tech. Or as the CEO of Hewlett-Packard claimed in 2011 after accusations that his company’s technology was being used for surveillance in China: “We take them at their word as to the usage. It's not my job to really understand what they're going to use it for.”
As other markets catch up, companies are ready and waiting, eager to increase their revenue even if it means selling to a government willing to use the technology to violate human rights. And nothing is stopping them; many of the governments to which Blue Coat and Narus have sold equipment are US allies (regardless of their treatment of their own citizens), and those that aren’t are for the most part unrestricted by export controls or sanction. Even when sanctions apply, companies (including Blue Coat) have denied their role in the sale and have continued their work with impunity.
To say nothing of the US government itself: the revelations over the past few months have shown the United States’ brazen and illegal surveillance of its own citizens as well as other individuals all over the world. It is undeniably the demand coming from the US and its western allies that has led to the proliferation of surveillance technologies and the global demand for them.
It is not just those companies producing hardware that have been accused of bad behavior. The same social media companies that in 2006 faced that House Subcommittee now face allegations of participating in the NSA’s PRISM program. The extent of their participation remains to be seen, but what is known—quite well-known, in fact, thanks to transparency reporting—is the extent to which many American companies hand over user data to governments.
Using Google’s Transparency Report on user data requests, India, for example, shows that of 2,431 requests for data during a six-month period, Google complied with 66 percent. Now, India is a robust democracy, but a quick look at Singapore—which Freedom House notes is “partly free”, but which places extreme restrictions on the press—shows similar statistics. Of course, the US itself is among the top governments in terms of demands for data, and until recently, Google’s reporting excluded data requests stemming from National Security Letters.
Google, Microsoft, and other companies that have produced transparency reports certainly should get credit for doing so; and yet, in the wake of the PRISM revelations, they’ve made clear that their data for the United States was incomplete, bereft of FISA requests. Given that information, what’s to say that an American company faced with similar laws in another jurisdiction wouldn’t be forced into secrecy there as well?
Beyond the technological enablers, the American government’s surveillance tactics are clearly having influence elsewhere. The New York Times has reported that Russian parliamentarians have cited the NSA in a push to add greater controls to the Internet, while in India attempts to conduct widespread surveillance have been underway for some time.
Surveillance is, of course, no new thing. Governments with the desire to surveil will always find ways to do so, but when one government that imagines itself the leader of the free world takes such bold steps toward becoming Big Brother, others are sure to follow.