Spy Tech Companies & Their Authoritarian Customers, Part II: Trovicor and Area SpA
This is the second part in an EFF series. Part I, on UK-based FinFisher and France-based Amesys, can be read here.
On Sunday, CNN reported that dozens of activists in Syria have had their computers infected with malware that allows supporters of dictator Bashar al-Assad to spy on their every move. The virus, according to CNN, “passes information it robs from computers to a server at a government-owned telecommunications company.” Meanwhile in Iran, the government has cut off most encrypted web traffic flowing through the country, meaning ordinary Iranians have lost the ability to safely use many popular communications tools like Gmail, Twitter, and Facebook.
Unfortunately, these stories are just the latest examples of authoritarian governments stifling Internet freedom, as many governments in the Middle East have a long history of using technology to censor, track, and arrest dissidents. Critically, though, these governments would not have these capabilities without the help of American and E.U. companies that sell this state-of-the-art spying equipment. Two of the worst purveyors of this technology, Trovicor and Area SpA, are profiled here:
Area SpA—based outside Milan, Italy
In 2011, at the same time that news of Syria’s violent crackdown on democratic protests graced the pages of the world’s newspapers, an Italian company called Area SpA was busy helping the Syrian’s dictator Bashar al-Assad electronically track the dissidents his army was firing upon in the streets. Area SpA had begun installing “monitoring centers” that would give the Syrian government the ability “to intercept, scan and catalog virtually every e-mail that flows through the country” as well as “follow targets on flat-screen workstations that display communications and Web use in near-real time alongside graphics that map citizens’ networks of electronic contacts.”
Worse, as the violence in Syria escalated in mid-2011, “Area employees [were] flown into Damascus in shifts” in the government’s push to finish the project, according to a report from Bloomberg News.
Fortunately, following the Bloomberg investigation, local papers picked up the story and protests sprung up outside Area SpA’s Italian office. Area SpA announced at the end of November it would not complete the contract and released a statement saying the company is “against all forms of repression and disapproves of any use of technology for violating human rights.” Yet Syria’s violent crackdown was well underway in March while Area SpA was actively moving equipment into the country. “With the gear in Syria, deployment of [Area SpA’s surveillance technology] unfolded in parallel with Assad’s escalating crackdown,” Bloomberg reported.
By the time Area SpA claimed it would exit the country in November, the civilian death toll in Syria already stood at more than 3,000.
According to Bloomberg, Area SpA has stated “it was exploring legal options for the release of proprietary materials, without identifying any parties.” Italian authorities should take them up on their offer and force them to answer questions about their business in Syria and any other country where human rights are routinely violated.
Trovicor, owned by Perusa Partners Fund 1 LP—based in Germany
Trovicor is perhaps the most prolific of the mass surveillance companies, having sold spy technology to a dozen countries in the Middle East and North Africa.
The company first made headlines two years ago when they were still a subsidiary of Nokia Siemens for reportedly supplying technology to Iran in the wake of the 2009 post-election uprising. Protests over the sale eventually forced Nokia Siemens to divest from Trovicor, but the company lives on under its new owners, Perusa Partners Fund, and is still actively helping dictators spy on their citizens.
In Bahrain, Trovicor helped install and still maintains sophisticated “monitoring centers” used to surveil democratic activists’ emails, text messages and phone calls despite ample evidence of human rights violations. Almost two-dozen former political prisoners recently testified to the England and Wales lawyers association that they were beaten and subsequently interrogated while being shown transcripts of emails and text messages. There have been at least 140 documented allegations of torture in Bahrain in the past last year.
In Tunisia, Trovicor was also one of many companies selling equipment to former president Ben Ali, whose system was so advanced, it prompted the new head of the Tunisian Internet Agency Moez Chakchouk to say, "I had a group of international experts from a group here lately, who looked at the equipment and said: 'The Chinese could come here and learn from you.'"
Here’s how Bloomberg describes Trovicor’s dangerous capabilities:
[Trovicor’s] toolbox allows more than the interception of phone calls, e-mails, text messages and Voice Over Internet Protocol calls such as those made using Skype. Some products can also secretly activate laptop webcams or microphones on mobile devices. They can change the contents of written communications in mid-transmission, use voice recognition to scan phone networks, and pinpoint people’s locations through their mobile phones. The monitoring systems can scan communications for key words or recognize voices and then feed the data and recordings to operators at government agencies.
Dutch member of the EU parliament Marietje Schaake has called on the EU Commission to investigate Trovicor and other companies that have sold surveillance equipment to Bahrain, along with Tunisia, Egypt, Syria, and Iran. EFF echoes MEP Schaake’s call for an investigation, as transparency about who these companies are selling to and what the technology is being used for is the first step towards solving the problem.
In addition, EFF has recommended the EU and US push companies to adopt “know your customer” standards that would prevent them from selling surveillance technology to governments known for violating human rights. The EU and US can easily induce companies to adopt such policy by tying it to government contracts. This could help prevent these types of sales from happening again, as many companies, including Area SpA and Trovicor, also sell equipment to the Western government for legitimate lawful purposes.
As long as these companies believe that it is okay to sell this technology to dictators, democracy activists, human rights activists, bloggers, and journalists around the world will continue to suffer.
Recent DeepLinks Posts
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
Feb 22, 2017
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- UK Investigatory Powers Bill
- Know Your Rights
- Trade Agreements and Digital Rights
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- Video Games