U.S. Web-monitoring devices in Iran, Sudan

Use by despotic states would be a violation of sales embargo

by Ellen Nakashima

The Washington Post

American-made devices used for Internet monitoring have been detected on government and commercial computer networks in Iran and Sudan, in apparent violation of U.S. sanctions that ban the sale of goods, services or technology to the autocratic states, according to new research.

Several of the devices, manufactured by California-based Blue Coat Systems, were also discovered in Syria. Although Blue Coat tools have been identified in Syria in the past, the new research indicates that the government of President Bashar Assad has more of the monitoring devices than previously known.

Experts say that in Syria, Blue Coat’s tools have been used to censor websites and monitor the communications of dissidents, activists and journalists. In Iran and Sudan, it remains unclear exactly how the technologies are being used, but experts say the tools could empower repressive governments to spy on opponents.

“These devices are turning up in places they’re not supposed to be,” said Morgan Marquis-Boire, a project leader at the University of Toronto’s Citizen Lab. “The human rights implications of finding these surveillance technologies in these countries are extremely worrying. It’s a systemic problem.”

Blue Coat promotes itself as a leading provider of Web security and management. According to its website, it has 15,000 government and corporate customers worldwide. Its products, including high-end computer systems, are used for myriad purposes, including filtering for computer viruses and child pornography.

Some technology experts, however, have argued that because Blue Coat’s tools have various uses, they fall into regulatory gaps and are thus not subject to certain export restrictions.

“The only thing stopping the export of human-rights-abusing equipment to a country like Sudan is the blanket restriction on exports under the sanctions program,” said Collin Anderson, an independent consultant on the Blue Coat report. “There are no controls in place right now on equipment that can also be used to violate human rights.”

David Murphy, Blue Coat’s chief operating officer and president, said the company takes reports about its products in countries under U.S. trade embargoes very seriously. The firm, he noted, is cooperating with a U.S. investigation into how a reseller managed to get the devices into Syria on a few occasions in 2010 and 2011.

“Blue Coat has never permitted the sale of our products to countries embargoed by the U.S.,” Murphy said. “We do not design our products, or condone their use, to suppress human rights. . . . Our products are not intended for surveillance purposes.”

Blue Coat is not the only U.S. company that has prompted concerns or allegations that its technology has been used by governments linked to human rights abuses. In 2011, activists raised concerns that technology made by California-based Narus, now owned by Boeing, might have been used by the Egyptian government to track activists during the Arab Spring protests there. The firm has not commented on the allegations. In 2011, the Falun Gong movement filed a federal lawsuit alleging that Cisco Systems, which makes Internet routers, sold surveillance technology to the Chinese government for use in tracking members of the movement. Cisco has denied the allegations.

Still, Blue Coat has attracted particular scrutiny from the Citizen Lab, whose latest report marks the third time it has found the firm’s technology in countries with governments linked to human rights abuses. In its investigation, the Citizen Lab focused on two Blue Coat devices: ProxySG and PacketShaper. The tools can be used for Web filtering and traffic analysis and can help users view certain types of encrypted traffic, capabilities that are useful both to network security technicians and spy agencies.

Researchers uncovered the tools by analyzing a massive database of 1.3 billion Internet protocol addresses compiled anonymously by someone who apparently used a network of hacked computers to generate the data — in itself a controversial technique. The Citizen Lab, which said it was satisfied that using the Internet database for research was not illegal or unethical, said it verified the results independently by manually connecting to the devices on these countries’ networks.

The Citizen Lab, based at the Munk School of Global Affairs, found six devices in Iran, three in Sudan and four in Syria, including on networks operated by the state-owned Syrian Telecommunications Establishment. Each device, Marquis-Boire said, probably can monitor the traffic of thousands of individual users.

Blue Coat’s filtering tools were first discovered in Syria in 2011 by a “hacktivist” group, prompting a Commerce Department probe and, in April, a $2.8 million civil fine for one of the firm’s distributors in Dubai.

The department’s Bureau of Industry and Security, which enforces export rules, said the distributor falsely told Blue Coat that the products were being shipped to Iraq and Afghanistan.

“It is vital that we keep technology that can repress the Syrian people out of the hands of the Syrian government,” the Commerce Department’s undersecretary for industry and security, Eric Hirschhorn, said in April when the bureau announced the fine imposed on the Blue Coat distributor, Computerlinks FZCO.

Blue Coat said it cannot track who is using its devices or how they are being used but said it is able to block its devices from receiving updates from its websites. Researchers said that blocking ability suggests the company can identify the location of its tools; Blue Coat declined to comment.

Large numbers of opposition members, Assad political opponents and journalists have been subject to arbitrary detention and torture in Syria since the outbreak of violence in that country in 2011. Activists say security forces often target the computer activity of opponents.

“When they arrest you, the first question is, ‘Where is your laptop and what is your password?’ ” said Bassam al-Ahmed, a Syrian human rights activist who was arrested last year and escaped to Istanbul. “Unfortunately, it’s so easy for the regime forces to know everything,” he said. “In most cases, they do.”

Iran, which uses sophisticated tools to censor the Internet and crack down on dissidents, is also facing tough economic sanctions imposed by Western countries seeking to curb its nuclear advances. Still, the Citizen Lab said it detected the presence of Blue Coat’s devices on several networks, including one belonging to the Information Technology Co., which is partially owned by Iran’s Revolutionary Guard Corps. The elite unit is believed to be heavily involved in Iran’s censorship of the Internet.