The digital arms trade

While targeting online repression in Syria and Iran, democracy in the US may be stepping backwards by adopting CISPA.

To match Feature IRAN-INTERNET/
Obama's recent executive order does not go far enough - it only targets Iran and Syria [REUTERS]

San Francisco, CA –
For months, journalists and activists alike have been highlighting the dangers to online safety and freedom posed to authoritarian regimes by the sale of certain technologies – roughly referred to as “spyware”. In Syria, Iran, Bahrain, and elsewhere around the world, such technologies have been used to entrap activists and bloggers, and, in some cases, it has led to their arrest and torture.

On Monday, news came that President Barack Obama had signed an executive order targeting people and companies facilitating human rights abuses through such technologies. While seemingly solid in word and letter, the order focuses only on Iran and Syria, leaving behind some of the countries in which grave human rights abuses have been committed with the aid of technology. At the same time, existing restrictions in the US already block the export of US-made technology to those two countries.

On the surface, there’s nothing wrong with the new order. As sanctions go, this one is smart, targeted, aimed on the one hand at known entities and individuals engaged in human rights abuses and on the other at the companies that can act as “repression’s little helper”. Unlike existing regulations from the US Department of Commerce, the order is not overreaching and would not create the same collateral damage as those regulations which prevent Google, among other companies, from exporting “good” technology to ordinary citizens.

The Stream – The online conundrum:
Protect speech or society?

Also included in Obama’s announcement – made Monday at the Holocaust Memorial Museum in Washington, DC – was a plan for a set of “challenge grants” that would fund companies to help create new technologies for the purpose of warning citizens in countries where mass killings may occur. Such a plan could prove fruitful, if established companies were willing to get involved and bring their expertise to the table. At the same time, it is imperative that the Obama administration focus some attention on the aforementioned Commerce regulations, which continue to prevent vital tools such as Google Earth from reaching the Syrian and Iranian people.

But is the move too little, too late? As Syrian and Iranian activists and observers are pointing out on social media, this measure – while important – comes more than six months after news of US-built BlueCoat technology reaching Syria first emerged. This necessitates criticism that the Obama administration has been slow to act on this issue, just as they have been with others related to Syria. Additionally, in respect to US companies, the order simply reiterates existing regulations borne of the Treasury and Commerce Departments on both Iran and China.

Furthermore, the focus on Iran and Syria – no doubt heavy repressors of the internet – is at the expense of countries such as Bahrain, which has utilised technology built by German company Trovicor to spy on dissidents. Indeed, the narrow focus also excludes long-term offenders, such as China.

Moving forward

What then, is the solution to what seems to be an ever-growing problem, with companies from the United States, Canada, Sweden, and elsewhere all implicated? The Electronic Frontier Foundation – where I work – has advocated a set of standards that, when adopted, would require companies to perform due diligence when selling to foreign governments, ensuring that they know their customer, its intentions, and the capabilities [of the technology being sold] for human rights abuses. It would also push companies to refrain from participation in respect to regimes known for committing such abuses.

The Obama administration’s executive order excels in defining network surveillance and disruption as human rights abuses, but the administration hasn’t yet gone far enough in stopping companies from being complicit in such abuses – nor can it. Although a bill currently under consideration – the Global Online Freedom Act (GOFA) – seeks to go further in restricting such sales, it too is flawed in that it would affect sales only to countries deemed to be “internet restricting”, a designation that would be up to the secretary of state to make and would surely not hit, say, Saudi Arabia or Bahrain (both of which heavily censor the internet).

The Stream – Policing Online Dissent &
Fighting Dirty Oil with Social Media

Indeed, while these measures were developed with the right intentions, they are simply too narrow and may be too difficult to enforce. Instead, perhaps what is needed is a scenario in which the social costs for companies willing to sell spygear to human rights-abusing regimes are too high – but that requires a degree of public awareness that doesn’t currently exist.

The obvious, and perhaps sometimes preferable, alternative to regulation is activism. Naming and shaming has a powerful history – and if it worked for the clothing manufacturing industry, there are indications it could work here too; the Global Network Initiative, for example, successfully recruited Websense, a company that builds internet censorship technology, after the company was dismayed to see their software being used in Yemen. But at the same time, many of the products sold to governments have no basic end user; they are high-tech gear for high-profile clients, not items sold at retail. Cisco might be a household name, but Narus certainly isn’t. 

We must, then, raise awareness of these issues, and not just as they apply to authoritarian countries, but to democratic ones as well. Surveillance exists, and is increasing, in the United States (where the NSA has been spying on communications since at least 2001 and where the Cyber Intelligence Sharing & Protections Act, or CISPA, threatens to invade our privacy even more), in Europe, in India, and in other democracies. And yet, Facebook’s recent update to Timeline garnered more headlines – and more protest – than the news that American democracy might soon take one more step backward with the adoption of CISPA.

It is high time that we started paying attention to all of these threats – before it’s too late.

Jillian C York is director for International Freedom of Expression at the Electronic Frontier Foundation in San Francisco. She writes a regular column for Al Jazeera focusing on free expression and Internet freedom. She also writes for and is on the Board of Directors of Global Voices Online.

Follow her on Twitter: @jilliancyork