As activists take to the streets in Syria, using the power of Facebook and Twitter and other social services to organize one of the many revolutions across the Middle East, other American technologies are propping up the very regime these protesters hope to topple.
According to recent reports from Bloomberg, hardware equipment from the Palo Alto, California-based computer giant HP and the Sunnyvale-based storage outfit NetApp underpins a surveillance system the Syrian government is building to monitor citizen e-mail and internet use amid the ongoing protests against the regime of President Bashar al-Assad. Citing documents describing the deals and a source familiar with the matter, Bloomberg says an Italian surveillance company known as Area SpA bought the American equipment from resellers in Italy.
Since March, more than 3,500 people have died as Syrian troops moved to suppress the protests, and the U.S. government has banned U.S. companies from sending anything but food and medicine to Syria — though it will make exceptions in certain cases.
HP told Wired that complying with U.S. and international trade laws is of the “highest priority” to the company. And though NetApp did not respond to a request for comment, the company told Bloomberg it was unaware any of its products had been sold into Syria. But in today’s world, hardware suppliers must be more careful than ever to prevent their equipment from falling into the wrong hands. The internet can fuel revolutions, but it can also aid repressive regimes. And it can easily expose companies suppling gear to those regimes — whether supplying it inadvertently or not.
“Its less and less likely these days that the world won’t find out,” says Alan Paller a public policy adviser and director of research at SANS, an outfit that hosts advanced security training for government organizations. In today’s hyper-connected world, it’s rarely a matter of “if” and more of “when” news outlets will uncover information about the use of American equipment by countries for repressive purposes.
As reported by The Wall Street Journal, another Sunnyvale, California-based company, Blue Coat Systems, has seen its internet security devices fall into the hands of the Syrian government. The company shipped its ProxySG appliances to Dubai late last year, intending them for a department in the Iraqi government, but it now says that 13 of 14 devices are now being used to censor information on the Syrian internet.
Blue Coat became aware of the appliances’ role in the Syrian system after reading online posts from a Scandinavian hacktivist group that contained logs of internet usage that appeared to be generated by its hardware. According to the Journal, Blue Coat Systems is now under investigation by the U.S. State Department and the Department of Commerce.
The company said in a statement that it doesn’t want its “products to be used by the government of Syria or any other country embargoed by the United States.”
The U.S. government may not have the means to completely enforce those trade embargoes, and Meg Roggensack, a senior advisor at Human Rights First, has called on American businesses to better police themselves. “Companies should be doing risk assessments of whether their devices are being used in the repressive regimes, and at a minimum, these companies should be much more mindful of their sales,” she told Wired.
This doesn’t mean monitoring the sale of every single product to every single customer, Roggensack said. But when selling in large quantities, especially abroad, tech companies should have internal red flags that, when raised, drive an immediate review of customers, she said.
Arvind Ganesan, the UN Human Rights director of business in human rights notes that U.S. businesses can and should be building clauses into their contracts with international customers that levy heavy fines if the customer redistributes or uses the products in a way that violates human rights. The New York Convention — adopted in 1958 — requires judicial systems in contracting states to honor agreements between two companies from different countries, arbitrate them, and enforce awards. Ganesan says American businesses must always hold international intermediaries accountable, but he also believes a license system is needed to keep companies in line.
“Once technologies end up in a country, there needs to be some measure to be sure it’s not being used in an inappropriate purpose,” he argues.
Right now, he says, when selling abroad, companies selling technologies such as servers and desktops computers aren’t under regulations based on the devices effects on human rights. Only when the government levies sanctions, as the U.S. government did with Syria in 2004, are U.S. companies prevented from selling to these nations. Ganesan believes the Commerce Department is headed toward more strict regulations in light of the American technologies that are turning up in foreign countries under a trade embargo.
But there are counter-arguments from some American businesses standing in its way. This argument usually amounts to: “If we don’t, the Chinese or someone else will.” For Ganesan, this is like saying: “If you don’t let me steal your wallet, someone else will.” Cisco made headlines in 2008 when documents were leaked showing that some within the company thought of China’s rigid Internet censorship program as an “opportunity” to do more business with the country.
But not all businesses work that same way. Earlier this month, Websense, a web security firm, shut off its filtering software in Yemen when it learned the government was using it for monitoring citizens. Continuing business with the Yemeni government “would have been 100% legal for Websense to pursue; yet we took the moral and ethical stand to cede that business to the competition,” read a blog post from the company’s general counsel Michael Newman.
Photo: Tens of thousands of Syrians wave Syrian flags and posters of Syrian President Bashar Assad during a protest held at Sabe Bahrat square in downtown Damascus, Syria. Photo: Youssef Badawi/epa/Corbis.