Traversing Planet Blue Coat
Our trusted friends, the researchers at Citizen Lab recently published Planet Blue Coat, a report detailing the extent to which U.S.-manufactured network surveillance and content filtering technologies are used to facilitate repression against journalists, human rights activists, and other pro-democracy groups.
This is not a new problem. Software developed by Western countries to filter web-hosted content or otherwise obtain data from internet users without their knowledge and consent has been a serious issue for over a decade. It first emerged in China where Cisco Systems sought lucrative business opportunities with China's Golden Shield project, more commonly known as the Great Firewall of China. In recent years, similar technologies have emerged in repressive regimes throughout the Middle East, such as censoring and monitoring technologies in pre-revolutionary Tunisia and in Syria, as well as in closed societies such as Burma.
The Citizen Lab report does an excellent job in detailing how widespread the technologies developed by Blue Coat, a US-based company that sells firewall and web filtering software, among other products, are implemented in other countries. In October 2011, Blue Coat products were found in Syria where the company's products were used to restrict internet access. Telecomix, an hacktivist group of computer programmers and others released log data alleged to have been taken from Blue Coat web gateway appliances showing that search terms including "Israel" and "proxy" were blocked in the country.
The report outlines where Blue Coat products have ended up, despite sanctions and severe restrictions against specific products in certain countries, as well as other countries where internet censorship and surveillance is pervasive. These countries include: Afghanistan, Bahrain, China, Egypt, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey, Qatar, the UAE, and Venezuela. Should they so choose, the users of these surveillance technologies (both governments and private actors) can more easily intercept the online activities conducted by activist groups and thus target these groups for arrest and detention.
As the report explains:
The geographic spread of Blue Coat Systems technology outlined above, including within countries that have presented significant human rights concerns, highlights the importance of addressing at a number of levels the expanding dual-use ICT sector. ... Accordingly, the role of Western companies in providing dual-use technologies is a crucial subject for discussion among governments and policy makers, civil society, and the private sector. Such discussion is currently under way in a variety of fora, raising complex questions to which there are no simple solutions.
Indeed, this issue is incredibly complex. The State Department has clarified its guidelines on sanctions for “sensitive technologies” to Iran, and European Parliament member Marietje Schaake, a leader in the intersection of technology and human rights, has called for stricter export control of these technologies. However, there is no legislation that fully bans the export of these technologies to all countries currently under sanction, and especially not to internet-restrictive countries who are not currently under a sanctions regime.
It is important to note that Blue Coat is not the only company whose products have ended up in repressive regimes. Products from other countries in the EU and the UK have also been sent to countries with weak records in protecting freedom of speech and human rights, often through third party channels and sometimes with the implicit knowledge of Western software vendors.
While it has been important to raise awareness of how pervasive these technologies are in repressive countries and to enact updated regulations and moe detailed sactions to prevent their continued spread, there has been no discussion of how to realistically reverse the impact of these tools once they've been deployed in a given country. The report does touch on Blue Coat's efforts to disable access to their services once they were discovered in Syria, but at this time there does not seem to be similar actions taken by Blue Coat in these other countries, or by other manufacturers.
Here at NDI, we look forward to more information on surveillance and censorship technologies, which will help counteract their spread, provide more concrete ideas for actionable responses, and maintain an open internet for all users.