Cybercensorship Wars

Facilitator: Gamma Group

Gamma Group International, established in 1990, provides technical surveillance to national and state intelligence departments and law enforcement agencies. Gamma describes itself as a European-based company with its headquarters in the United Kingdom and subsidiary offices in Germany, the Middle East, and South East Asia.

Finfisher, part of Gamma Group, has developed a surveillance product called Finspy. Wikileaks recently released a promotional video that outlines the various intrusion techniques Finspy provides. Perhaps the most startling aspect of Finspy is its ability to send a fake iTunes update to a target user and receive full access to the user’s computer—including the ability to activate the camera and microphone in order to hear and watch from a host computer—once the target has accepted the update. Apple, the company that produces iTunes, said it corrected the software to prevent these attacks on November 14th.

Finspy software can also be installed onto a terminal in an Internet café in order to record all traffic. With Finspy, an agent can sit in a hotel lobby and access the data of anyone connected to the same network. Its users can infect computers with a USB drive or via LAN. They can send a fake update to infect a mobile phone or even track anyone connected to an Internet Service Provider.

Gamma Group is a private company that legally sells its software and hardware to anyone who can afford the price tag. While the company suggests their products are integral for law enforcement agencies, a Gamma Group invoice totaling €287,000 from June 2010 was found in Egypt’s State Security Intelligence compound —a detainment center notorious for crimes against humanity.

In an interview with German public radio station NDR, Appelbaum described the horrifying capabilities of this technology, “I have a friend in Egypt whose personal photos were in the [government’s] files. How did those get there? Well they got there because these people took her phone, or took the contents of her phone, and put it in a file. And she raided their office [along with hundreds of protesters on March 5] to find her own file.”

But why is it so important for the government to access the call logs or social network profiles of political dissidents? According to Appelbaum, “What they were doing was massively intercepting and understanding who was in places at certain times, so they could step up and use physical surveillance and physical intimidation, so they could jail people without a trial, so they could torture people for their passwords…to extract social network information and be able to track down people who were hubs in a graph. If you look at a social network graph there are people who sit in the middle of many other people and if you attack those, the social structures for support fall apart.”

When contacted by the Guardian, Gamma International said in a statement: “Gamma International UK manufactures equipment for dealing with security related threats and it supplies only to governments…Gamma International UK has not supplied any of its Finfisher suite of products or related training etc. to the Egyptian government.” Gamma said it “complies, in all its dealings, with all relevant UK legislation and regulation.” Click here to read the Gamma Group invoice.

Fighter: Julian Assange, Wikileaks

Julian Assange, WikiLeaks founder

Julian Assange is is the editor-in-chief and founder of WikiLeaks. On December 1, 2011 Wikileaks released 287 classified files from companies that produce lawful intercept technology. Among other documents, the “Spy Files” include newsletters, promotional videos and brochures on the Gamma group’s Finspy programs, and a copy of a contract between French-based lawful interceptor Amesys and the Libyan government.

The Spy Files cover the activities of over 90 companies, including Nokia Siemens (GR), Blue Coat (US), and the Gamma group (UK). With the assistance of European news organization Owni, Wikileaks also constructed an interactive map cataloguing the surveillance companies, their products, and location. According to the map, there are 32 companies in the United States that sell software designed to monitor internet activity, text messages, and phone calls, and allow users to analyze a target’s voice and track them using GPS.

The Wikileaks report sums the problem up: “International surveillance companies are based in the more technologically sophisticated countries and they sell their technology to every country of the world. This industry is, in practice, unregulated. Intelligence agencies, military forces and police authorities are able to silently, on mass, and secretly intercept calls and take over computers without the help or knowledge of telecommunication providers. Users’ physical locations can be tracked if they are carrying a mobile phone, even if it is only on stand-by.”

Facilitator: Tatiana Lucas

Tatiana Lucas is World Programs Director for Intelligence Support Systems for Lawful Interception. After Wikileaks released the Spy Files, the Wall Street Journal ran a story revealing some of the more secretive aspects of the surveillance industry. In response, Lucas wrote a letter to the editor arguing that the condemnatory article was hurting American job growth. “Attention of this kind makes U.S. manufacturers gun shy about developing, and eventually exporting, anything that can remotely be used to support government surveillance,” Lucas wrote.

“We expect that most countries outside the U.S. and Western Europe will begin to place intercept mandates on social networks, especially following the Arab Spring.” — Tatiana Lucas, ISS World Programs Director

The letter goes on to say, “Based on our work with customers from around the globe, we expect that most countries outside the U.S. and Western Europe will begin to place intercept mandates on social networks, especially following the Arab Spring.”

That is to say, now that political leaders have seen what a powerful tool social media can be for opposition movements, demand is growing for new technology to penetrate Internet security.

“This would give U.S. companies an opportunity to develop such tools and thus create jobs,” Lucas says. “We are concerned that the article and others like it contribute to an atmosphere where Congress isn’t likely to pass an updated lawful-interception law that would require social-networking companies to deploy special features to support law enforcement. Without the update, the opportunity for U.S. companies to develop and launch intercept products domestically for eventual export will be greatly curtailed.”