Exporting lethal surveillance tech: UK asked to investigate spyware firm

27 Dec, 2012 12:34 / Updated 12 years ago

Privacy rights activists are calling on HM Revenue and Customs (HMRC) to investigate spyware firm Gamma International and its exports of surveillance software to repressive regimes, such as Bahrain, calling the transactions “criminal” and “illegal”.

The campaign group Privacy International (PI) confirmed in a press release that Gamma International is selling surveillance technology to regimes with horrific human rights records without a proper license. The software being sold is powerful enough to intercept text messages, phone and Skype calls, remotely turn on cameras and microphones, log keystrokes and copy files, The Guardian reported.The activist group sent a 186-page report to HMRC, saying that that technology sold is being used to spy on activists, who are later targeted by repressive regimes and "amounts to criminal conduct".In April 2011, Egyptian protesters found documents from Gamma International inside Egypt’s secret police office. One of the documents contained an offer dated June 29, 2010, which said to provide ‘FinSpy’ software, hardware, installation and training for 287,000 euro. Gamma International denied supplying software to Egypt, but did confirm that it has demonstrated such products to the government. Bahraini prodemocracy activists also were subjected to Gamma International’s surveillance products. In spring and summer of 2012 activists received emails containing malware. After the University of Toronto’s CitizenLab investigated the case, it found evidence connecting the malware to FinSpy, which is part of the commercial FinFisher intrusion kit. Citizen Lab managed to extract ‘digital DNA’, from the infected emails that matched that of FinFisher and published the results.Activist and writer in Bahrain Ala'a Shehabi, 30, was one of the victims targeted by FinSpy malware emails. She claims to have received the total of four emails from what looked like authentic email accounts. She later forwarded them to her colleague Bill Marczak, a computer science doctoral candidate at the University of California, Berkeley, who then connected the malware in the email to an internet address in Manama, Bahrain's capital, which triggered the rest of the investigation. Shebani told The Guardian that situation in Bahrain at the time was “very charged”."I was banned from traveling and forced to stop work," she added. "I essentially worked on the assumption that everything I did or said was being watched."Facebook and Twitter accounts started disappearing, forcing the opposition to go underground. Gamma International, on the other hand, stated that it had no knowledge of this. Bahrain’s human rights situation remains “critical in the wake of the brutal crackdown on pro-democracy protesters that erupted in February 2011,” reports Human Rights Watch. Police regularly use violence to disperse crowds of protesters, while Bahrainis, led by the country's Shiite Muslim majority, are continuing to protest, demanding greater rights and freedoms from the ruling Sunni minority. More than 80 people have died in the unrest since the pro-democracy protests begun. Gamma International’s spy software was also discovered being used in Ethiopia and Turkmenistan, PI reported. Export deals require disclosurePI is calling for greater restrictions on export of UK’s surveillance software, arguing that it is not guarded by the same export laws as traditional weapons. "For years, British companies like Gamma International have had carte blanche to sell incredibly powerful surveillance technologies to any government that can afford them, even when they are subsequently used to target human rights defenders,” head of research at Privacy International, Eric King, told The Guardian.Gamma International is a British company that offers "world-class offensive techniques for information gathering," such as FinFisher – a spyware product that can take control of target computers and capture even encrypted data and communications. The company markets its products in several languages including Arabic, German, English, Portuguese, French and Russian. Gamma International has stated that it complies with export controls and denied reports of selling to oppressive regimes. Due to PI’s efforts, the UK’s Department for Business, Innovation and Skills advised Gamma International that the FinSpy products have been controlled by EU legislation since 2000 and “require a license” in order to export outside the EU. This means that the tech firm would have to disclose the names of suppliers is exports to.In an email revealed by The Guardian, Gamma International executive Martin Muench stated that the company will not provide any details of export licenses for confidentiality and security reasons, repeating that it only exports to legitimate governments and is cooperating with UK, US and Germany’s export controls. The company also submitted a control list classification inquiry asking which products required a license, but has not applied for any of them. PI is calling for more government control of surveillance technology.