Index relies entirely on the support of donors and readers to do its work.
Help us keep amplifying censored voices today.
In the summer 2016 issue of Index on Censorship magazine, Spiegel Online’s managing editor Matthias Streitz and Privacy International technologist Richard Tynan go head to head to debate the rise of ad-blockers.
Many publishers have voiced concern that this software – which allows users to block online adverts from their screens – is damaging their revenue streams.
“If you consume our content, you must allow us some means of monetisation,” said Streitz. While Tynan argued that online adverts pose a security risk and ad-blockers allow users to “retain control over who the communicate with, and [minimise] the amount of data companies collect on users’ online patterns”.
Streitz and Tynan explore all the pros and cons at great length in the latest issue, which you can order here, but in the meantime Index on Censorship would like your thoughts on the power of adblockers.
[os-widget path=”/indexoncensorship/are-ad-blockers-killing-the-media” of=”indexoncensorship” comments=”false”]
PEN International and Privacy International led 14 free expression and media freedom organisations, including Index on Censorship, in submitting an intervention today in the case of Azerbaijani journalist, Khadija Ismayilova before the European Court of Human Rights (ECtHR).
The intervention elaborates the freedom of expression and privacy implications of her case.
“The appalling treatment of Khadija Ismayilova by the Azerbaijani authorities is symptomatic of a relentless crackdown on journalists and freedom of expression in the country in recent years”, said Jennifer Clement, President of PEN International. “This important case before the ECtHR is an opportunity to not only redress the injustice in one egregious case but to give wider protection to the media as a whole.”
Ismayilova was sentenced to 7.5 years in prison in September 2015, after being convicted of charges that the members of the coalition believe are retribution for her reports on corruption involving senior government officials.
Before her arrest in December 2014, she had been subjected to a relentless campaign of intimidation and persecution very likely orchestrated by the Azerbaijani authorities to discredit her investigative reporting on corruption amongst the highest levels of society.
“Khadija Ismayilova has suffered a serious invasion of her personal privacy through the installation of hidden cameras and wires in her flat and publication of secretly filmed videos among other incidents. Azerbaijan has a positive obligation to carry out an effective investigation into these violations,’ said Camila Graham-Wood, Legal Officer at Privacy International.
The coalition is represented in this case by barristers Can Yeginsu from 4 New Square Chambers and Miranda Butler from 3 Hare Court.
The full intervention is available here.
Related:
27 May: 40 protests for Khadija Ismayilova’s 40th birthday
Azerbaijan: Sport for Rights coalition condemns sentencing of journalist Khadija Ismayilova
State surveillance has been much publicised of late due to Snowden’s revelations, but allegations against the NSA and GCHQ are only one aspect of the international industry surrounding wholesale surveillance. Another growing concern is the emergence and growth of private sector surveillance firms selling intrusion software to governments and government agencies around the world.
Not restricted by territorial borders and globalised like every other tradable commodity, buyers and sellers pockmark the globe. Whether designed to support law enforcement or anti-terrorism programmes, intrusion software, enabling states to monitor, block, filter or collect online communication, is available for any government willing to spend the capital. Indeed, there is money to be made – according to Privacy International, the “UK market for cyber security is estimated to be worth approximately £2.8 billion.”
The table below, collated from a range of sources including Mother Jones, the Electronic Frontier Foundation, Bloomberg, Human Rights Watch, Citizen Lab, Privacy International and Huffington Post, shows the flow of intrusion software around the world.
Surveillance Company | Country of Origin | Alleged Countries of Use |
VASTech | South Africa | Libya (137) |
Hacking Team | Italy | Azerbaijan (160), Egypt (159), Ethiopia (143), Kazakhstan (161), Malaysia (147), Nigeria (112), Oman (134), Saudi Arabia (164), Sudan (172), Turkey (154), Uzebekistan (166) |
Elbit Systems | Israel | Israel (96) |
Creative Software | UK | Iran (173) |
Gamma TSE | UK | Indonesia (132) |
Narus | USA | Egypt (159), Pakistan (158), Saudi Arabia (164) |
Cisco | USA | China (175) |
Cellusys Ltd | Ireland | Syria (177) |
Adaptive Mobile Security Ltd | Ireland | Syria (177), Iran (173) |
Blue Coat Systems | USA | Syria (177) |
FinFisher GmbH | Germany | Egypt (159), Ethiopia (143) |
Note: The numbers alongside the alleged countries of use are the country’s ranking from 2014 Reporters without Borders World Press Freedom Index 2014.
While by no means complete, this list is indicative of three things. There is a clear divide, in terms of economic development, between the buyer and seller countries; many of the countries allegedly purchasing intrusion software are in the midst of, or emerging from, conflict or internal instability; and, with the exception of Israel, every buyer country ranks in the lower hundred of the latest World Press Freedom Index.
The alleged legitimacy of this software in terms of law enforcement ignores the potential to use these tools for strictly political ends. Human Rights Watch outlined in its recent report the case of Tadesse Kersmo, an Ethiopian dissident living in London. Due to his prominent position in opposition party, Ginbot 7 it was discovered that his personal computer had traces of FinFisher’s intrusion software, FinSpy, jeopardising the anonymity and safety of those in Ethiopia he has been communicating with. There is no official warrant out for his arrest and at the time of writing there is no known reason in terms of law enforcement or anti-terrorism legislation, outside of his prominence in an opposition party, for his surveillance. It is unclear whether this is part of an larger organised campaign against dissidents in both Ethiopia and the diaspora, but similar claims have been filed against the Ethiopian government on behalf of individuals in the US and Norway.
FinFisher GmbH states on its website that “they target individual suspects and can not be used for mass interception.” Without further interrogation into the end-use of its customers, there is nothing available to directly corroborate or question this statement. But to what extent are private firms responsible for the use of its software by its customers and how robustly can they monitor the end-use of its customers?
In the US Electronic Code of Federal Regulations, there is a piece of guidance entitled Know Your Customer. This outlines steps to be undertaken by firms to identify what the end-use of its products is. This is a proactive process, placing the responsibility firmly with the seller to clearly identify and act on abnormal circumstances, or ‘red flags’. The guidance clearly states that the seller has a “duty to check out the suspicious circumstances and inquire about the end-use, end-user, or ultimate country of destination.”
Hacking Team has sold software, most notably the Remote Control System (RCS) to a number of countries around the world (see above). Citizen Lab, based out of the University of Toronto, has identified 21 countries that have potentially used this software, including Egypt and Ethiopia. In its customer policy, Hacking Team outlines in detail the lengths it goes to verify the end-use and end-user of RCS. Mentioning the above guidelines, Hacking Team have put into practice an oversight process involving a board of external engineers and lawyers who can veto sales, research of human rights reports, as well as a process that can disable functionality if abuses come to light after the sale.
However, Hacking Team goes a long way to obscure the identity of countries using RCS. Labelled as untraceable, RCS has established a “Collection Infrastructure” that utilises a chain of proxies around the world that shields the user country from further scrutiny. The low levels of media freedom in the countries purportedly utilising RCS, the lack of transparency in terms of the oversight process including the make-up of the board and its research sources, as well as the reluctance of Hacking Team to identify the countries it has sold RCS to undermines the robustness of such due diligence. In the words of Citizen Lab: “we have encountered a number of cases where bait content and other material are suggestive of targeting for political advantage, rather than legitimate law enforcement operations.”
Many of the firms outline their adherence to the national laws of the country they sell software to when defending their practices. But without international guidelines and alongside the absence of domestic controls and legislation protecting the population against mass surveillance, intrusion software remains a useful, if expensive, tool for governments to realise and cement their control of the media and other fundamental freedoms.
Perhaps the best way of thinking of corporate responsibility in terms of intrusion software comes from Adds Jouejati of the Local Coordination Committees in Syria, “It’s like putting a gun in someone’s hand and saying ‘I can’t help the way the person uses it.’”
This article was posted on 11 April, 2014 at indexoncensorship.org
Index on Censorship had a Google Hangout on how to protect yourself from mass surveillance, and what you can do to demand the right to privacy from your government.
Jim Killock, Executive Director at Open Rights Group, Mike Rispoli, Communications Manager at Privacy International, and Mike Harris, Campaign Director for Don’t Spy On Us share their thoughts on the unfolding fight to restrict mass surveillance.