'Dark trade' in Web-censoring tools exposed by Pakistan plan

A plan by Pakistan for a Web-filtering project prompts U.S. firms to take a stance on selling software to be used for government censorship.

For years, Silicon Valley companies have quietly conducted a lucrative trade selling software and equipment to countries that restrict dissent over the Internet. But the recent dust-up involving an Internet filtering plan by Pakistan has turned the spotlight on a controversial business that may have a difficult time remaining secret much longer.

Broad public backlash appears to have prompted Pakistan officials to back off plans this week to build a system that will enable them to easily filter and block Internet content seen by the more than 170 million people living in the country. But Pakistan isn't the first country to want to control what online material its citizens can see and it won't be the last.

While the U.S. government has export restrictions on the sale of technology to certain countries including Iran, Syria, and North Korea, U.S. firms are at liberty to export censorship and even surveillance-enabling technologies to many other countries that have similarly poor records on human rights and freedom of expression even though they have not been hit with trade sanctions. For instance, Saudi Arabia, the United Arab Emirates, Kuwait, Bahrain, Oman, and Tunisia have used SmartFilter products now owned by Intel's McAfee unit, according to a report from the OpenNet Initiative.

Usually, those contracts aren't publicized. Clandestine deals are made between western companies and non-western governments at events like the Intelligent Support Systems World Conferences, better known as the "Wiretapper's Ball," according to a recent Washington Post report. Jerry Lucas, who has been hosting the trade shows for surveillance equipment makers ad buyers, estimates the market to be about $5 billion annually, he told the newspaper.

In other cases, U.S.-made software can wind up in the hands of repressive regimes via resellers, as Blue Coat claims was the case when its Web filtering software was found to be in use in Syria last year.

But when Pakistan published its proposal for a national-level URL filtering and blocking project, it put a spotlight on the issue and forced companies to take a public stance. Websense, McAfee, and Cisco said publicly that they would not put in bids, and Blue Coat told CNET that it, too, would not bid on the project.

It was a rare moment of candor about a pattern of trade that activist groups say only hints at its scope.

"This is the tip of the iceberg," said Brett Solomon, executive director of Access Now, an activist group dedicated to an open Internet and free speech. He added that the publicity about the so-called "dark trade" of censorship technologies will ultimately force companies to be more accountable about the impact on human rights from the sale of their products and services.

"It has publicly exposed the role of companies selling this technology," he said. "And it's incumbent on those companies to look at the human rights records of those governments."

Pakistan officials probably had no idea how strong the public reaction, inside and outside the country, would be to their plan. That unwelcome publicity likely was a factor in Pakistan's second thoughts about going ahead with the project--at least for now.

Even companies that might have been in the running for the project distanced themselves from it. Websense not only said it wouldn't participate, but also called on other companies to refuse to submit a bid to Pakistan. "Broad government censorship of citizen access to the Internet is morally wrong. We further believe that any company whose products are currently being used for government-imposed censorship should remove their technology so that it is not used in this way by oppressive governments," the company said in a statement. "Websense will work with the GNI (Global Network Initiative) and other interested parties to continue to pressure our peers to not only refuse this RFP, but to adopt general policies so that they will also refuse to support government-imposed censorship of the internet in the future."

It's unclear if that call will be heeded. Blue Coat and McAfee declined to comment when asked if they were selling technology to regimes that were using it for censorship and if they would continue to do so. Meanwhile, the Department of Commerce is investigating how Blue Coat software wound up in Syria. Other U.S. companies have come under fire too, including NetApp, whose e-mail interception technology was allegedly being used in Syria, and Cisco, which has been accused of assisting the Chinese government on censorship with its "Golden Shield" Internet firewall. Cisco has denied the allegations.

Knowingly selling technology to countries on the U.S. trade sanction list is illegal, but selling to other countries that use the products for censorship or surveillance in violation of human rights isn't. A report released last December from the Humanist Institute for Cooperation with Developing Countries said Tunisia was using McAfee SmartFilter technology and deep packet filtering technology from Blue Coat and NetApp and that Egypt and Libya used surveillance technology from Narus, a Boeing subsidiary.

"A lot of these companies would prefer to fly under the radar," said Timothy Karr, senior director of strategy at the nonprofit group Free Press. "But it is a sizable business that is growing fairly rapidly."

The Department of Commerce needs to update its list of export controls to include new technologies and include countries on the export restriction list that have a track record of human rights abuses, even if they are diplomatic allies with the U.S., said Karr.

Even when companies try to do the right thing, the technology can make it into the wrong hands. Websense has gone on record opposing the use of its filtering software for government censorship, however its technology was still being used by Yemen's government-run ISP to filter political and social content, the Open Net Initiative report said.

Part of the problem also is that some of the technologies are marketed as legitimate content-filtering tools for parents, for instance, but they can be used for broader censorship or surveillance by expanding the types of categories and terms that are detected or blocked.

"A lot of these technologies are multipurpose," said Jim Harper, director of information policy studies at the Cato Institute. "Deep packet inspection can be used for searching for child pornography or for searching for government criticism. Social network monitoring you could use equally well to search for disease outbreak as you could for inchoate revolution, so it's hard to say it is emphatically wrong to sell these technologies to foreign governments. But if the technology is used by the government wrongly I don't think it's wrong for the company that sold it to them to get grief."

If nothing else, the brouhaha over the Pakistan project, now reported to be on the verge of getting dropped, may serve to spur action in Congress. "We are optimistic of the Global Online Freedom Act advancing this year," Jeff Sagnip, public policy director for U.S. Rep. Chris Smith (R-N.J.) said of a bill that has been introduced three times but failed to be passed. "It is expected to go to the House Subcommittee on Africa, Global Health and Human Rights on March 27."

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
The best tech products of 2014
Does this Wi-Fi-enabled doorbell Ring true? (pictures)
Seven tips for securing your Facebook account
The best 3D-printing projects of 2014 (pictures)
15 crazy old phones from a Korean museum (pictures)
10 gloriously geeky highlights from 2014 (pictures)