New Report on Ethiopia Examines the Off-the-Shelf Surveillance State
Rumors of the extent of Ethiopia’s digital surveillance and censorship state have echoed around the information security community for years. Journalists such as Eskinder Nega have spoken of being shown text messages, printouts of emails, and recordings of their own telephone conversations by the Ethiopian security services. From within the country, commentators connected growing telecommunications surveillance to the increasing presence of Chinese telecommunications company ZTE. Externally, analysis of the targeted surveillance of exiled Ethiopians have turned up surveillance software built and sold by Western companies, such as FinFisher and Hacking Team. Observers of the country’s national Internet censorship have reported keyword filtering of websites and blocking of Tor nodes that reveal a sophisticated national firewall conducting deep packet inspection. It has taken Human Rights Watch’s excellent in-country research, however, to bring flesh to the bones of this speculation in their new, comprehensive 145-page report, “‘They Know Everything We Do’: Telecom and Internet Surveillance in Ethiopia”, led by Felix Horne and Cynthia Wong.
Collecting credible evidence from exiled activists (including EFF’s pseudonymous client, Mr. Kidane, who is suing the Ethiopian government for covertly installing spyware on his computer in the United States, surveilling his Skype conversations and Google searches), detailed descriptions and screenshots of internal Ethiopian Telecommunications wiretapping software, and testimony from Ethiopia’s own whistleblowers from within their security service, the report paints a picture of a regime just beginning to flex its digital surveillance muscles.
The sophistication of this surveillance seems unlikely for a nation in the bottom twenty of countries by GDP per capita. But just as the country’s leaders have, for two decades, pursued a rapid economic development policy in an attempt to accelerate out of the poverty, so they have also thrown equal effort into creating a speedily expanding, state-of-the-art surveillance state -- and with the tacit Western acceptance that being one of the United States’ regional allies in the war against terrorism brings.
Ethiopia’s position as an American ally gives it the opportunity to purchase technology made in the West to carry out its campaigns of censorship and surveillance. The report singles out Hacking Team (based in Italy) and Gamma/FinFisher (based in the UK and Germany) whose command and control servers have been discovered running in Ethiopia and whose surveillance software has been found infecting computers belonging to opposition figures, which may have been targeted using Ethiopia’s broad and much-abused anti-terrorism laws. Ethiopia has also bolstered its surveillance capabilities with drones built by Israeli company Bluebird Systems. This research, conducted mostly by Citizen Lab, is not new, but presented in its entirety, it shows a growing body of evidence linking surveillance products built in the West to human rights violations in Ethiopia.
And as if the West is not enough, there’s always China. HRW presents compelling evidence that shows that China’s ZTE has provided telecommunications equipment and software that gives the Ethiopian authorities one-click-wiretapping of any of its phone users. Screenshots of extra fields on ZTE’s ZSmart customer relations management tool appear to show that Ethiopia’s telco administrators can check customers against a “blacklist,” and digitally record calls with the press of a single button.
Ethiopia’s censorship system has always shown similarities to China’s own great firewall: connections are dropped after keywords in a similar fashion to China’s blockade. Soon after Tor was detected by its unique protocol signature in China, Ethiopia joined it in being able to block the anonymising software. These features could simply be a result of Ethiopia’s censorship teamquickly adopting new techniques — or it could mean that Ethiopia is one of the few countries that benefits from the direct export of Great Firewall technology.
No matter where the skills and technologies originate from, Human Rights Watch’s report demonstrates, for the first time to this level of detail, that pervasive surveillance and censorship is no longer constrained by either cost nor local technological development. We live in a world where both the richest countries in the world and the poorest are exploring the limits of mass, pervasive, digital surveillance. In both cases - and for slightly different meanings of the phrase - money is no object. Only the global enforcement of individual privacy rights and the aggressive funding and development of defensive technology will stop every country from demanding and procuring their own ubiquitous surveillance state. And being a global citizen will mean not just weighing convenience against your desire for privacy from the prying eyes of the NSA, but prying eyes of every other government with a few hundred thousand dollars to spend.