German
firms are reportedly selling spyware to Middle Eastern dictatorships, and
Foreign Minister Guido Westerwelle has called for an EU-wide ban. But another
ministry refuses to limit the lucrative trade, say critics.
As many
have pointed out, not least Chancellor Angela Merkel in her weekly internet
broadcast, the wheels of the Arab Spring have been oiled by social networks and
the availability of cheap mobile phones with video cameras.
But
repressive governments such as those in Bahrain, Syria, and Turkmenistan have
not been slow to use digital weapons to fight back. Pro-democracy activists
have come to expect propaganda campaigns undermining their work, as Husain
Abdulla, director of Americans for Democracy and Human Rights in Bahrain
(ADHRB), told Deutsche Welle recently, but few were expecting to be targeted by
software that could come from a James Bond movie.
A number of
software security firms have developed Trojan malware with the ability to
remotely grab images from computer screens, intercept and record Skype calls,
secretly turn on web cameras and microphones, and record keystrokes. Mobile
versions of the spyware exist too, which can turn a smartphone into a tracking
device by enabling the phone's GPS system.
 |
| Bahraini activists have been targetted by malware |
The most
recent case was revealed by the Munk School of Global Affairs' Citizen Lab at
the University of Toronto, which analyzed spyware sent to Bahraini activists,
including Abdulla, traced it to government-controlled servers in Bahrain, and
identified the malware as made by German company FinFisher, a subsidiary of the
UK-based Gamma Group.
Virus trade
Typically,
according to Abdulla's account, the malware is attached to a legitimate email
intercepted by government agents. If the attachment is then opened on the
target computer, the virus copies itself into a system folder. When the
computer is then re-started, it adds a new code into the system processes. This
can hide the Trojan's network communication within a web browser and so avoid
firewalls.
Andre
Meister, internet activist at the German website netzpolitik.org, believes the
software is very sophisticated. "From what I understand, it is very
professionally put together," he told Deutsche Welle
.
German
media reports have already named and shamed a number of German companies -
Elaman, Trovicor, Utimaco - said to be involved in the business of selling
malware to countries like Turkmenistan and Syria.
 |
| The software can turn a smartphone into a tracking device |
But they
are notoriously secretive. None of the above firms responded to DW requests for
interviews, and even their promotional literature is kept under wraps, shown
only to potential clients. One Elaman "German Security Solutions"
brochure, obtained and released by Wikileaks, revealed that the company was
helpfully pointing out that its technology could be used to "identify
political opponents."
Dual-use
Though the
German public and political class insist on stringent data protection laws at
home, only opposition parties like the Greens and the socialist Left party have
raised concerns about the sale of this software abroad.
"German
politicians are maybe a bit critical of American corporations like Google and
Facebook, but that doesn't mean that they would prevent the export of
malware," said Meister. "After all, Germany is the third biggest
weapons exporter in the world. But up until now, the export of this software is
not limited in any way."
The legal
difficulty, of course, is that this technology is "dual-use" - in
other words, it can be used for both legitimate and illegitimate reasons -
catching criminals or catching democracy activists.
Speaking to
DW earlier this month, Gamma's International Managing Director Martin J. Muench
used this as a convenient justification for their business. "We use the
Export Controls Authorities (ECA) in the UK, Germany and USA to determine to
whom we can sell our products. They in effect act as our 'moral compass,'"
he said. "Given that a can of fizzy drink or a car battery can be abused
and used as an implement of torture, it is of no surprise to anyone if our
products can be abused too."
That sounds
reasonable enough - except that there are no export guidelines that cover
malware, so there is little that the ECAs can do. "There is no obligation
to register where they are exporting to, and the companies don't say,"
said Meister. "That's the problem - it's all a business secret."
 |
| Westerwelle called for an EU-wide ban on malware exports |
Pressure
increasing
Germany's
socialist Left party and the Green Party have both brought up the issue with
the government. "We've started initiatives in parliament against the
export of dual-use technologies," said Annette Groth, human rights
spokeswoman for the socialist Left party. "The Left party has been calling
for this for some time."
"We've
been pointing out the problem for over a year and a half, ever since the
Economy Ministry explicitly supported the export of this software," said
the Green Party's internet policy spokesman Konstantin von Notz. "Anyway,
everyone has really known about the problem for a long time."
And the
pressure seems to be paying off. Speaking at an Internet and Human Rights
conference, hosted by the German Foreign Ministry in Berlin last week, Foreign
Minister Guido Westerwelle called for a EU-wide ban on the export of
surveillance software to totalitarian states.
"These
regimes should not get the technical instruments to spy on their own
citizens," Westerwelle said. It was a good start, though he failed to give
details on what technologies he meant, or by when a ban should be implemented.
For von
Notz, it's very clear about where the blame lies. "We know the Foreign
Ministry has got this problem in its in-tray too," he said. "But up
till now the Economy Ministry has always got its way, and said, 'we can't limit
German exports.' Of course they won't say anything about it, but from their
practical actions it seems clear that human rights don't matter much to
them."
The Economy
Ministry would not acknowledge any split in the government. "The German
government takes the view that the export of surveillance technologies which
can be used to suppress freedom of speech or the press in the Internet is to be
limited by the appropriate sanctions," ministry spokeswoman Felicitas Hoch
told DW in an emailed statement, before adding that the EU was actively working
on introducing extra export controls for surveillance technology for
"Syria and Iran."
The
statement did not mention Bahrain or Turkmenistan or any of the other
dictatorships accused of importing malware. Hoch merely added, "The
government is also participating in discussions on a possible extension of
export controls for surveillance technology on an international level."
But when
this extension might be introduced was left open.
No comments:
Post a Comment