The Privacy & Security
Research Paper Series
Implications of
Deep Packet
Inspection (DPI)
Internet
Surveillance for
Society
issue #1
The Privacy & Security - Research Paper Series
Edited by Centre for Science, Society & Citizenship
Co-edited by Uppsala University - Department of Informatics and Media
ISSN 2279-7467
Implications of Deep Packet Inspection (DPI) Internet Surveillance
for Society
Authors:
Christian Fuchs
Research Paper Number #1
Date of Publication: July 2012
Acknowledgement: The research presented in this paper was conducted in the
project “PACT – Public Perception of Security and Privacy: Assessing
Knowledge, Collecting Evidence, Translating Research into Action”, funded by
EU FP7 SECURITY, grant agreement no. 285635
All rights reserved.
No part of this publication may be reproduced, distributed or utilized in any
form or by any means, electronic, mechanical, or otherwise, without the prior
permission in writing from the Centre for Science, Society and Citizenship.
Download and print of the electronic edition for non commercial teaching or
research use is permitted on fair use grounds. Each copy should include the
notice of copyright.
Source should be acknowledged.
© 2013 PACT
http://www. projectpact.eu
1
The Privacy & Security Research Paper Series, Issue # 1
Implications of Deep Packet Inspection (DPI) Internet Surveillance for Society
Christian Fuchs
Abstract:
ThisresearchpaperanalysessocietalimplicationsofDeepPacketInspection(DPI)technologies.
Deep Packet Inspection (DPI) surveillance technologies are communications surveillance tools that are
abletomonitorthetrafficofnetworkdatathatissentovertheInternetatallsevenlayersoftheOSIRef‐
erenceModelofInternetcommunication,whichincludesthesurveillanceofcontentdata.
Theanalysispresentedinthispaperisbasedonproductsheets,self‐descriptions,andproductpresenta‐
tions by 20 European security technology companies that produce and sell DPI technologies. For each
company,wehaveconductedadocumentanalysisoftheavailablefiles.Itfocusedonthefourfollowing
aspects:
1)DescriptionanduseoftheInternetsurveillancetechnologiesthatareproducedandsold.
2)Theself‐descriptionofthecompany.
3)TheexplanationoftherelevanceofInternetsurveillance,i.e.whythecompanythinksitisimportant
thatitproducesandsellssuchtechnologies.
4) A documentation of what the company says about opportunities and problems that can arise in the
contextofInternetsurveillance.
TheassessmentofsocietalimplicationsofDPIisbasedonopinionsofsecurityindustryrepresentatives,
scholars,andprivacyadvocatesthatwerevoicedinwhitepapers,techreports,researchreports,onweb‐
sites,inpressreleases,andinnewsmedia.Theresultscanbesummarizedintheformofseveralimpact
dimensions:
1.PotentialadvantagesofDPI
2.Netneutrality
3.ThepowerofInternetServiceProviders(ISPs)forunderminingusers’trust
4.PotentialfunctioncreepofDPIsurveillance
5.Targetedadvertising
6.Thesurveillanceoffilesharers
7.Politicalrepressionandsocialdiscrimination
TheconductedanalysisofDeepPacketInspection(DPI)technologiesshowsthatthereisavarietyofpo‐
tentialimpactsofthistechnologyonsociety.Ageneralconclusionisthatforunderstandingnewsurveil‐
lance technologies, we do not only need privacy and data protection assessments, but broader societal
andethicalimpactassessments.
Keywords: surveillance, DPI, Deep Packet Inspection, Internet surveillance, societal implications, tech‐
nologyassessment,society,informationsociety,InternetStudies
Shortbiographyoftheauthor/s:ChristianFuchsholdsthechairprofessorshipinMediaandCom‐
munication Studies at Uppsala University’s Department of Informatics and Media. He is chair of the
EuropeanSociologicalAssociation’sResearchNetwork18–SociologyofCommunicationsandMedia
Researchandco‐ordinatoroftheresearchproject“Socialnetworkingsitesinthesurveillancesociety”
(fundedbytheAustrianScienceFundFWF).Heisco‐ordinatorofUppsalaUniversity’sinvolvementin
theEUFP7projects“PACT–PublicPerceptionofSecurityandPrivacy:AssessingKnowledge,Collect‐
The Privacy & Security Research Paper Series, Issue # 1
ing Evidence, Translating Research into Action” and “RESPECT – Rules, Expectations & Security
throughPrivacy‐EnhancedConvenientTechnologies”
The Privacy & Security Research Paper Series, Issue # 1
1. Introduction
TheWallStreetJournalwroteinAugust2011thattheFrenchcompanyAmesys,a
unit of the firm Bull SA, sold deep packet inspection technologies to Libya, where
Gaddafi’sregimeusedtheminanInternetspyingcentreinTripolitomonitortheIn‐
ternet usage of Libyan citizens and political opponents (Wall Street Journal Online,
Firms aided Libyan spies. First look inside security unit shows how citizens were
tracked. August 30, 2011). The International Federation for Human Rights and the
Ligue des Droits de l'Homme et du Citoyen filed criminal charges against Amesys
(FIDH,FIDHandLDHFileaComplaintConcerningtheResponsibilityoftheCompany
AMESYSinRelationtoActsofTorture.October19,2011).Similarly,itwasreported
thattheBritishfirmGammaInternationalsolditsFinSpysoftwaretoEgyptiansecuri‐
ty authorities and the Italian firm HackingTeam surveillance software to security
agenciesinNorthAfricaandtheMiddleEast(EUobserver.com,EUCompaniesBanned
From Selling Spyware to Repressive Regimes. October 11, 2011). The Dutch MEP
Marietje Schaake commentedthat the EU must make “the new technologies are not
systematicallyusedtorepresscitizens.[…]Therearestandardlistsofmilitarytech‐
nologybannedforexportduringanembargoonacountry.Butthisisnotupdatedto
include online weapons” (EUobserver.com, EU Companies Banned from Selling Spy‐
ware to Repressive Regimes. October 11, 2011). In September 2011, the EU Parlia‐
mentpassedaresolutionsuggestedby theAustrianMEPJörg Leichtfried “with567
votesinfavour,89against,and12abstentions”EuropeanParliamentNews,Control‐
lingdual‐useexports,September27th,2011thatbanstheexportofITsystemsthat
canbeused"inconnectionwithaviolationofhumanrights,democraticprinciplesor
freedom of speech [...] by using interception technologies and digital data transfer
devicesformonitoringmobilephonesandtextmessagesandtargetedsurveillanceof
Internet use (e.g. via Monitoring Centres and Lawful Interception Gateways)" (EU
regulationno.1232/2011,EuropeanUnionGeneralExportAuthorisationNoEU005,
annexIIe)fromEuropetocertaincountries.Theexportregulationwaspassedinthe
formoftheEUGeneralExportAuthorisationNo.EU005thatconcernstelecommuni‐
cations. The regulation banned the export of IT surveillance systems to Argentina,
China (including Hong Kong and Macao), Croatia, India, Russia, South Africa, South
Korea,Turkey,andtheUkraine.
Thisreportwillfocusontheanalysisofthesocietalimplicationsoftheproduction
andsellingofInternetsurveillancetechnologiesusingDeepPacketInspection(DPI)
byEuropeancompanies.
There has been an increase and intensification of surveillance after 9/11 (Lyon
2003b, 2007). “Data mining, a technique for deriving usable intelligence from the
analysisofmassiveamountsofcomputer‐accessibleinformation,becameincreasing‐
ly attractive to the government as a resource in the war on terrorism, although its
strategicusewithinbusinessformarketingandriskassessmenthadlongbeenestab‐
lished”(Gandy2009,136).
The Privacy & Security Research Paper Series, Issue # 1
AlsointheEuropeanUnionthebeliefthatsecurity,understoodas“theprotection
of the individual, but also of the collective self, the nation state”, “is a core value
threatenedby‘globalterrorism’hasspread”after9/11(Bigo2010,263).TheEUFP6
CHALLENGEresearchproject(TheChangingLandscapeofEuropeanLibertyandSe‐
curity) concluded that after 9/11 “the framings of the relationship between liberty
andsecurity”hasbeenredefined“infavourofcontrol,surveillance,policing,andwar”
(Bigo, Guild and Walker 2010, 12). European security politics have therefore “been
mainly oriented towards the right for governments to strengthen coercive and sur‐
veillancesecuritymeasures”(Bigo2010,265f).Atthesametime,thefocusonsecuri‐
tyandsurveillancepolicieshavebroughtaboutconcernsaboutthepowerconstituted
bytheemploymentofnewsurveillancetechnologiesandtheimplicationsforprivacy,
data protection, human rights, freedom and equality these technologies have (Ball
and Webster 2003; Bigo 2010; Gandy 2009, Jewkes 2011; Lyon 2003a, 2003b; Mo‐
nahan 2010, Webb 2007). We live in times of heightened attention to surveillance,
privacyanddataprotection.Thissituationisthecontextforthestudyofnewsurveil‐
lancetechnologies.
2. Deep Packet Inspection Internet Surveillance and the European Security
Industry 2.1. Introduction In2011,71%oftheindividualsaged16‐74livingintheEU27countriesaccessed
theInternet(withina3monthperiod;datasource:Eurostat.Internetusebyindivid‐
uals).ThisshowsthatInternetusehasbecomeaneverydayactivityforthemajority
ofEuropeans.ThetopicofInternetsurveillancemattersbecauseitmuchaffectsthe
livesofhumansincontemporarysocieties.
Scholarsinsurveillance studiesand information societystudieshavestressedthe
importanceofcomputingforconductingsurveillancesincemorethan20years.This
hasresultedinanumberofcategoriesthatdescribetheinterconnectionofcomputing
and surveillance, such as the new surveillance (Marx 1988, 2002), dataveillance
(Clarke 1988), the electronic (super)panopticon (Poster 1990), electronic surveil‐
lance(Lyon1994),digitalsurveillance(GrahamandWood2007),ortheworldwide
webofsurveillance(Lyon1998).
The Internet processes a huge amount of personal data (see the contributions in
Fuchs, Boersma, Albrechtslund and Sandoval 2012). Therefore analysing surveil‐
lance‐implicationsoftheInternetisanimportanttask,towhichthisreportwantsto
contribute. This chapter focuses on the analysis of the implications of Internet sur‐
veillancetechnologiesthathavebeenproducedinEurope.
Asdatasource,weareusingaselectionofdocumentsthathavebeenpublishedby
WikiLeaksintheso‐called“SpyFiles”thatwerepublishedinOctober2011.Itisacol‐
lectionoffilesthatdocumentsurveillancetechnologiesproducedbyWesterncompa‐
nies (http://wikileaks.org/the‐spyfiles.html). On January 23, 2012, there were 287
documentsinthisarchive.Thearchiveconsistsofdigitalversionsofbrochures,cata‐
The Privacy & Security Research Paper Series, Issue # 1
logues,contracts,manuals,newsletters,papers,presentations,pricelists,andvideos.
WikiLeaks categorized the documented surveillance technologies documented into
sixtypes:Internetmonitoring,phonemonitoring,Trojan,speechanalysis,SMSmoni‐
toring,GPStracking.
WikiLeaks has described the purpose of this archive in the following way:
“WhencitizensoverthrewthedictatorshipsinEgyptandLibyathisyear,theyuncov‐
ered listening rooms where devices from Gamma corporation of the UK, Amesys of
France,VASTechofSouthAfricaandZTECorpofChinamonitoredtheireverymove
onlineandonthephone.SurveillancecompanieslikeSS8intheU.S.,HackingTeamin
ItalyandVupeninFrancemanufactureviruses(Trojans)thathijackindividualcom‐
putersandphones(includingiPhones,BlackberriesandAndroids),takeoverthede‐
vice,recorditseveryuse,movement,andeventhesightsandsoundsoftheroomitis
in. Other companies like Phoenexia in the Czech Republic collaborate with the mili‐
tary to create speech analysis tools. They identify individuals by gender, age and
stresslevelsandtrackthembasedon‘voiceprints’.BlueCoatintheU.S.andIpoquein
GermanyselltoolstogovernmentsincountrieslikeChinaandIrantopreventdissi‐
dentsfromorganizingonline.[…]trovicor,previouslyasubsidiaryofNokiaSiemens
Networks, supplied the Bahraini government with interception technologies that
trackedhumanrightsactivistAbdulGhaniAlKhanjar.Hewasshowndetailsofper‐
sonalmobilephoneconversationsfrombeforehewasinterrogatedandbeateninthe
winterof2010‐2011[...]TheWikileaksSpyFilesrevealthedetailsofwhichcompa‐
nies are making billions selling sophisticated tracking tools to government buyers,
floutingexportrules,andturningablindeyetodictatorialregimesthatabusehuman
rights(http://wikileaks.org/the‐spyfiles.html).
Thearchivecanbenavigatedwiththehelpofaworldmapthatallowssearchingfor
searchforsurveillancetechnologiesproducersin21countries
(http://wikileaks.org/The‐Spyfiles‐The‐Map.html). It is a resource that provides
material about companies that produce and sell communications surveillance tech‐
nologies,includingInternetsurveillancetechnologies.TheresearchteamatUppsala
University downloaded all documents that were available on February 22nd, 2012,
forthecategoryofInternetsurveillanceforcompanieslocatedintheEU27countries.
These were a total of 17 companies from 9 European countries (Czech Republic,
Denmark,France,Germany,Hungary,Italy,Netherlands,Poland,UK).Weaddedthree
companies (Trovicor, Area Spa, Gamma Group) because a search for news articles
aboutprivacyaspectsofEuropeanInternetsurveillancetechnologyproducersinthe
databaseLexisNexisshowedthatthesethreecompanieshavebeenmentionedinre‐
spect to discussions about the actual or planned export of communication surveil‐
lancetechnologytocountrieswherepoliticaloppositionisrepressed.Thetotalnum‐
berofanalyzedcompanieswasthereforesetat20.ThenumberoffilesaboutInternet
surveillanceofthese20companiesthatwefoundintheWikiLeaksSpyFileswas64.
We searched on the websites of all 20 companies for documents (white papers,
productspecifications,corporateresponsibilityreportsthatmentionprivacyaspects,
etc)aboutInternetsurveillancetechnologiesandfoundadditional23documentsthat
The Privacy & Security Research Paper Series, Issue # 1
weincludedintheanalysis.For2companies,twoimportantdocumentsweretaken
fromadditionalsources(aproductofferfromthecompanyDigitask,aGammaGroup
productspecificationthatcouldnotbefoundonthecompany’swebsite).Therewere
atotalof89documentsasinputfortheanalysis.Thetwotablesbelowshowa)alist
oftheanalysedcompaniesandthenumberofdocumentsforeachandb)detailsfor
allanalyseddocumentsandtheirsources.
TheSpyFilesarenotcoveringallEuropeansurveillancetechnologyproducers,they
providehowevercomprehensiveaccesstoasamplethatislargeenoughforconduct‐
ing a document analysis that can give a picture of the type of Internet surveillance
technologiesthatareproducedinEuropeandtheself‐understandingsofthecompa‐
nies that create these technologies. Data about Internet surveillance technologies is
not easy to obtain. On many company websites, no detailed information about the
producedtechnologiesissupplied.Thesamplingprocessmustthereforeinthecase
ofananalysisofInternetsurveillancetechnologiesbebasedonconveniencesampling
that is “relying on available subjects” (Babbie 2010, 192). So the 89 analysed files
were gathered basedon convenience sampling and constitutea corpus that is large
enoughforobtaininganimpressionofhowtheEuropeanInternetsurveillancetech‐
nologyindustrylookslike.
Foreachcompany,wehaveconductedadocumentanalysisoftheavailablefiles.It
focusedonthethreefollowingaspects:
1) DescriptionanduseofInternetsurveillancetechnologiesthatareproducedand
sold.
2) Theself‐descriptionofthecompany.
3) TheexplanationoftherelevanceofInternetsurveillance,i.e.whythecompany
thinksitisimportantthatitproducesandsellssuchtechnologies.
4) Adocumentationofwhatthecompanysaysaboutproblemsandprivacyviola‐
tionsarisinginthecontextofInternetsurveillance.
The following table gives an overview of the companies that were included in the
analysis.
ID
Country
Companyname
NumberoffilesinSpyFiles
1
CzechRe‐
Inveatech
1
public
2
France
Qosmos
6
3
France
Thales
5
4
France
Aqsacom
6
5
France
Alcatel‐Lucent
3
6
France
Amesys(Bull)
18
7
Germany
Elaman
12
8
Germany
Datakom
3
9
Germany
Trovicor
1
The Privacy & Security Research Paper Series, Issue # 1
10
Germany
Digitask
5
11
Germany
Ipoque
6
12
Germany
UtimacoSafeware
4
13
Hungary
NETI
1
14
Italy
AreaSpa
0
15
Italy
Innova
1
16
Italy
IPS
3
17
Netherlands Group2000
8
18
Netherlands PineDigitalSecurity
1
19
UK
GammaGroup
1
20
UK
TelesoftTechnologies
4
Table1:Alistofthecompaniesincludedintheanalysis
Thefollowingtablegivesanoverviewoftheanalyseddocuments,includingtheirID
intheWikiLeaksSpyFilesarchive.
Internal
ID
1
2_1
WikiLeaksID(SpyFiles
archive)/source
190
37
Company
DocumentDescription
Inveatech
Qosmos
2_2
50
Qosmos
2_3
58
Qosmos
2_4
67
Qosmos
2_5
77
Qosmos
2_6
Qosmos
3_1
Datasource:downloadfrom
http://www.qosmos.com/
17
ProductsheetLawfulInterceptionSystem
Presentation“ixDP–InformationeXtraction
trhoughDeepPacketInspection.Layer7
IdentityManagementforLawfulIntercep‐
tion”.PatrickPail.October1st,2008.
Presentation“EnablingTrueNetworkIntel‐
ligenceEverywhere.ManagingVirtualIdenti‐
tiesAcrossIPNetworks”.Jean‐PhilippeLion.
ISSPrague,June2009.
Presentation“Interceptionat100Gbpsand
more”.JeromeTollet.October2011.
Presentation“DealingwithaneverChanging
SeaofApplicationProtocols”.KurtNeumann.
October2011.
Presentation“BoostingMonitoringCenters
withIPMetadata”.JeromeTollet.October
2011
QosmosixEngineproductsheet
3_2
40
Thales
3_3
Datasource:downloadfrom
http://www.thalesgroup.co
m
Datasource:downloadfrom
http://www.thalesgroup.co
m
Datasource:downloadfrom
Thales
3_4
3_5
Thales
Presentation“IPTr@pper”.Jean‐Philippe
Lelievre.ISSDubai2007
Presentation“NewSolutionsforMassive
Monitoring”.Jean‐PhilippeLelievre.ISS
WorldEurope.Prague.October3rd,2008
Thales:C4ISRProductsandSolutionsfor
Defence&Security2011.
Thales
Thales:IntegratedSecuritySolutions
Thales
ThalesCorporateResponsibilityReport2010
The Privacy & Security Research Paper Series, Issue # 1
4_1
http://www.thalesgroup.co
m
42
Aqsacom
4_2
78
Aqsacom
4_3
79
Aqsacom
4_4
199
Aqsacom
4_5
200
Aqsacom
4_6
Datasource:downloadfrom: Aqsacom
http://www.aqsacom.com/
81
Alcatel‐Lucent
5_1
5_2
6_1
Datasource:downloadfrom: Alcatel‐Lucent
http://www.alcatel‐
lucent.com
Datasource:downloadfrom: Alcatel‐Lucent
http://www.alcatel‐
lucent.com
21
Amesys
6_2
6_3
6_4
6_5
6_6
6_7
92
93
94
95
96
97
Amesys
Amesys
Amesys
Amesys
Amesys
Amesys
6_8
6_9
6_10
6_11
98
99
100
101
Amesys
Amesys
Amesys
Amesys
6_12
102
Amesys
6_13
103
Amesys
6_14
104
Amesys
6_15
105
Amesys
6_16
106
Amesys
6_17
6_18
107
185
Amesys
Amesys
7_1
7_2
7_3
124
124
124
Elaman
Elaman
Elaman
5_3
Presentation“Convergence–LIandDR.A
StrategicConcept”,AlanDubberley,ISS
World2009,Prague.
Aqsacom:LawfulInterceptionisOurBusi‐
ness
Standards‐basedlawfulinterceptionfrom
Aqsacom
AqsacomWhitePaper:TheUSAPatriotAct:
ImplicationsforLawfulInterception
AqsacomWhitePaper:LawfulInterception
forIPNetworks
ADRIS:TheAqsacomDataRetentionIntelli‐
genceSystem
Alcatel‐Lucent1357ULISUnifiedLawful
InterceptionSuite(versionfrom2008)
Alcatel‐Lucent1357ULISUnifiedLawful
InterceptionSuite(versionfromMarch
2010)
Alcatel‐LucentCorporateResponsibility
2010Report
Presentation“FromLawfultoMassiveInter‐
ception:AggregationofSources”
GraphinHQ1‐Annakoa
casperTSystemPresentation
Caspter‐TWiFiNetworkInterception
Amesys– CriticalSystemArchitect
CryptowallMailProtect
CryptowallPC‐ProtectProfessionalEd.(Mul‐
ti‐Volumes)
Dumb‐OE‐mailInterceptor
EagleGlintOperatorManual
EagleGlintOperatorManual
SMINT– TacticalInterceptionBasedonEA‐
GLECoreTechnology
GLINT– StrategicNationwideInterception
BasedonEAGLECoreTechnology
NetTap@ADSL.PassiveNon‐IntrusiveADSL
TappingProbeonAAnalogLine
NetTap@ADSL.SondePassive
D’InterceptionADSLSurLigneAnalogique
HomelandSecurityProgram:TechnicalSpec‐
ification.PublicSafetySystemsandPassport
NetworkoftheGreatLibyanArabJamahiriya
RHFVMEWB.WideBandHFVMEReception
Unit
RHFVME‐TA.1.5–30MHzReceiver
AmesysComint&LawfulInterceptionSolu‐
tions
ElamanCompanyInformation
CommunicationsMonitoring,October2007
TSCM– GovernmentTechnicalSurveillance
CounterMeasureSolutions
The Privacy & Security Research Paper Series, Issue # 1
7_4
124
Elaman
7_5
7_6
124
124
Elaman
Elaman
7_7
7_8
7_9
124
124
124
Elaman
Elaman
Elaman
7_10
7_11
7_12
186
187
188
Elaman
Elaman
Elaman
8_1
44
Datakom
8_2
Datakom
10_1
Datasource:downloadfrom:
http://www.datakom.de
Datasource:downloadfrom:
http://www.datakom.de
Datasource:downloadfrom:
http://www.trovicor.com
24
10_2
25
Digitask
10_3
45
Digitask
10_4
46
Digitask
10_5
Datasource:WikiLeaks:
http://wikileaks.org/wiki/S
kype_and_SSL_Interception_l
etters_‐_Bavaria_‐_Digitask
191
Datasource:downloadfrom:
http://www.ipoque.com
Datasource:downloadfrom:
http://www.ipoque.com/
Datasource:download from:
http://www.ipoque.com/
Datasource:downloadfrom:
http://www.ipoque.com/
Digitask
8_3
9
11_1
11_2
11_3
11_4
11_5
Datakom
Trovicor
Ipoque
Ipoque
trovicor:CodeofBusinessConduct,2010‐09‐
13
MichaelThomas,presentation“RemoteFo‐
rensicSoftware”
ThomasKröckel, presentation“FutureChal‐
lengesintheLawfulInterceptionofIPbased
Telecommunication”
TobiasHain,presentation“Challengesin
InterceptingWiFi”
MichaelThomas,presentation“RemoteFo‐
rensicSoftware”
Digitask:LeistungsbeschreibungfürBayer‐
ischesStaatsministeriumderustiz(Digitask:
productdescriptionfortheBavarianState
MinistryofJustice)
SupportedProtocolsandApplications
DataSheet:DPXNetworkProbe
Ipoque
DataSheet:NetReporter
Ipoque
DataSheet:PACE(Protocol&Application
ClassificationEngine)
KlausMochalskiandHendrikSchulze,White
Paper“DeepPacketInspection.Technology,
Applications&NetNeutrality”.
KlausMochalski,HendrikSchulzeandFrank
Stummer,WhitePaper“CopyrightProtection
intheInternet”
DirkSchrader,presentation“WhatLICan
LearnfromAnti‐SPAM,Anti‐Virus,IDS/IPS,
andDPITechnologies”
MartinStange,presentation“BuildingBlocks
ofaCarrierGradeDataRetentionSolution”
UtimacoLIMS:LawfulInterceptionofTele‐
Digitask
Ipoque
11_6
Datasource:downloadfrom: Ipoque
http://www.ipoque.com/
12_1
53
12_2
54
12_3
CS‐2000HighEnd.HighPerformanceNet‐
workPlatform
P2PTrafficFilter
PoseidonFlyer.PortableIPMonitoringSys‐
tem
PortableModemInterception.MuninPOTS
PortableModemInterception.MuninPOTS
POSEIDON.IMC–InternetMonitoringCenter
InternetProtocol(IP)
ElamanNewsletter01/2011
Elaman– TheBridgetoTrustandSecurity
ElamanCommunicationsMonitoringSolu‐
tions
ThomasFischer,Presentation“Oneis
Enough…CombiningLawfulInterception,
Mediation&DataRetentioninIP‐Networks”.
ISSPrague.June3‐5,2009.
Service&Qualität.Mess‐Dienstleistungs‐
Portfolio.
ICC‐Services
UtimacoSafe‐
ware
UtimacoSafe‐
ware
Datasource:downloadfrom: UtimacoSafe‐
The Privacy & Security Research Paper Series, Issue # 1
12_4
http://lims.utimaco.com
ware
Datasource:downloadfrom: UtimacoSafe‐
http://lims.utimaco.com
ware
13
32
NETI
15
16_1
16_2
16_3
17_1
17_2
205
144
145
146
29
30
Innova
IPS
IPS
IPS
Group2000
Group2000
17_3
17_4
48
Datasource:downloadfrom:
http://www.group2000.eu
Datasource:downloadfrom:
http://www.group2000.eu
Datasource:downloadfrom:
http://www.group2000.eu
Group2000
Group2000
17_5
17_6
17_7
17_8
18
19
20_1
20_2
20_3
20_4
Group2000
Group2000
Datasource:downloadfrom: Group2000
http://www.group2000.eu
Datasource:downloadfrom: Group2000
http://www.group2000.eu
35
PineDigital
Security
Datasource:downloadfrom: GammaGroup
http://projects.wsj.com/sur
veillance‐catalog
16
TelesoftTech‐
nologies
39
TelesoftTech‐
nologies
208
TelesoftTech‐
nologies
Datasource:downloadfrom: TelesoftTech‐
http://ww.telesoft‐
nologies
technologies.com
communicationServices
UtimacoLIMS:LawfulInterceptioninthe
DigitalAge:VitalElementsofanEffective
Solution
ZoltánPellerandZsoltKöhalmi,presentation
“DatainaHaystack.MonitoringSystems
withAdvancedWorkflowManagement”
InnovaInvestigationInstruments
IPSVisionaryIntelligence
IPSGENESIMonitoringCentre
IPSVisionaryIntelligence
DataRetentionChallenges
LIMA LawfulInterception:LawfulIntercep‐
tionintheEvolvingWorldofTelecom
LawfulInterception:TheBiggerPicture
NetworkForensics:LawfulInterceptionfor
Broadband
NetworkForensics:LIMADRSDataReten‐
tion
LIMAManagementSystem:TheComplete
ManagementSolutionforLawfulIntercep‐
tion
NetworkForensics:LIMADPIMonitor
SupportedProtocolsandApplications
ETSI’sIPHandoverStandards
FinFisher:GovernmentalITIntrusionand
RemoteMonitoringSolutions
KeithDriver,presentation“IntelligentProb‐
ingforIntelligenceandLIApplications”
KeithDriver,presentation“RealTimeInter‐
ceptfromPacketNetworks,Challengesand
Solutions”
HINTONetworkIndependentCDRApplica‐
tionNote
WhitePaper“UsingHardwareAccelerated
10‐40Gb/sPacketAnalysisinIMSPolicy
Applications”
Table2:Alistofthe89filesincludedintheanalysis Afirstviewofthematerialshowedthatoneparticularlyimportantterminthecon‐
textofInternetsurveillanceisDeepPacketInspection(DPI),whichisanInternetsur‐
veillancetechnology.Inordertounderstandwhatitis,weneedtounderstandwhat
theOpen‐SystemsInterconnection(OSI)Modelis.Forthetransmissionofdatawithin
andacrosscomputernetworks,communicationstandardsareneeded.Computer
networksconsistofsoftwareapplications,computers,andnetworkarchitecture.The
communicationprocesscanbemodelledwiththehelpofthreelayers:
The Privacy & Security Research Paper Series, Issue # 1
1)Thenetworklayer“isconcernedwiththeexchangeofdatabetweenacomputer
andthenetworktowhichitisattached”(Stallings1995,490)
2)Thetransportlayerislogicthatassures“thatallthedataarriveatthedestination
applicationandthatthedataarriveinthesameorderinwhichtheyweresent”
(Stallings1995,490f)
3)Theapplicationlayer“containsthelogicneededtosupportthevarioususerappli‐
cations.Foreachdifferenttypeofapplication,suchasfiletransfer,aseparatemodule
isneededthatispeculiartothatapplication”(Stallings1995,491).
One standard model of computernetwork data transmission is theOpen‐Systems
Interconnection(OSI)Model.Itconsistsofsevenlevels.
7Application
Thislayerprovidesaccessofapplicationsto Application
layer
thenetwork.Thesoftwareapplicationsre‐
sideatthislevel,suchasbrowsers,e‐mail
programmes,FTPclients,chatsoftware,
voiceoverIPsoftware,filesharingsoftware,
etc.
6Presentation Heretheformatoftheexchangeddataisde‐
layer
fined.Dataaretransformed,forexample
compressedorencrypted.Itensuresthatthe
formatoftransmittedfilesasunderstood
acrossdifferentsystems‐
5Sessionlayer Thislayerorganizesthecommunicationbe‐
tweentwoapplicationsondifferentma‐
chinesintheformofsessionsthatdefinee.g.
whenonesidetransmitsandavoidscommu‐
nicationproblemsoftheapplications.
4Transport
Thislayerreceivesdatafromtheapplication Host‐to‐
host/Transport
layer
layer,segmentsandreassemblesthedata
flowintosmallerunits.Thisisnecessarybe‐ (TCP)
causefilesareoftentoolargetobetransmit‐
tedatonceoveranetwork.Thetransmission
isorganisedinseveralsequentialsteps.
Internet(IP)
3Networklayer Thislayerisresponsibleforfindinganddi‐
rectingthewaythatdatapacketstakeacross
variousnetworksinordertocorrectlyarrive
atthedestinationnetworkandcomputer
(routing).Itsendsthedatapacketsfrom
networktonetworkbyfindingawaysothat
thedataistransportedfromthesourcenet‐
worktothedestinationnetwork.
2Datalinklayer Thislayersecuresthereliabletransferof
Networkaccess
The Privacy & Security Research Paper Series, Issue # 1
dataacrossnetworks.Itbreaksthedata
streamintoblocksofdata(so‐calledframes),
calculatesandaddschecksumstotheblocks
thatarecheckedinthedestinationandrout‐
ingnetworksinordertoguaranteeerror‐
freetransmission.
Physical
1Physicallayer Thislayertakescareofthetransmissionof
databitsovernetworkcables,wirelesscon‐
nections,etc.Onefindscables,plugconnect‐
ors,electronicimpulses,etconthislevel.
Table3:ThelayersoftheOSIReferenceModelandtheTCP/IPProtocol(source:
Stallings1995,2006;Comer2004)
In Internet communication, the OSI Reference Model is translated into the TCP/IP
Protocol that consists of five layers. Each device (like a computer or a printer) in a
networkconnectedtotheInternethasaspecificIPaddress,whichisaunique32bit
long identifier (such as 170.12.252.3). In order for data to be transmitted over the
Internet, a source and destination IP address are needed. If a user for example
searches for data on Google, he enters search keyword into the Google search box.
Thisisattheapplicationlevel.
At the TCP level, the Transmission Control Protocol (TCP) takes the data, adds a
communicationportnumber(anaddress,bywhichtheapplicationisaddressed)and
breaksthedataintopackets.TCPidentifiesports,the sequence numberofa packet
andachecksum.TCPprovidesareliabletransportservice.“AfterrequestingTCPto
establishaconnection,anapplicationprogramcanusetheconnectiontosendorre‐
ceive data: TCP guarantees to deliver the data in order without duplication. Finally,
whenthetwoapplicationsfinishusingaconnection,theyrequestthattheconnection
be terminated. TCP onone computer communicates with TCP on another computer
byexchangingmessages.AllmessagesfromoneTCPtoanotherusetheTCPsegment
format, including messages that carry data, acknowledgements, and window adver‐
tisements, or message used to establish and terminate a connection” (Comer 2004,
386).
AttheIPlevel,theIPaddressofthedestinationisdeterminedaswellastherouting
overtheInternetaredetermined.TheInternetProtocol(IP)“specifiesaddressing:IP
divides each Internet address into a two‐level hierarchy: the prefix of an address
identifiesthenetworktowhichthecomputerattaches,andthesuffixidentifiesaspe‐
cific computer on the network” (Comer 2004, 301). At the lower levels, the data is
transmitted.ThedataisroutedoverthevariousroutersoftheInternetuntilitfinally
arrives in our example in Google’s network, where it is treated in the opposite se‐
quence(fromthelowest leveltothe highest layer)so thatdata thatanswerstothe
searchqueryisgeneratedthatisthaninthesamewaysentbacktotheuser,whore‐
questedtheinformation.
The Privacy & Security Research Paper Series, Issue # 1
Payload
TCPHeader
IPHeader
Sourceport
SourceIP
Applicationdata:emailtext,URL,
DestinationIP
websitecontent,chatmessage,vid‐ Destinationport
Sequencenumber
Totallength
eocontent,imagecontent,etc.
Applicationheader:application
programmeversion,emailaddress
sender/receiver,etc
DefinedatTCP/IPlayer5(OSIlay‐ DefinedatTCP/IP
DefinedatTCP/IPlay‐
ers5,6,7
layer4
er3
Table4:ATCP/IPpacket
Table4showsthestructureofaTCP/IPpacketthatistransmittedovertheInternet.
A packet is a “small, self‐contained parcel of data sent across a computer network.
Eachpacketcontainsaheaderthatidentifiesthesenderandrecipient,andapayload
areathatcontainsthedatabeingsent”(Comer2004,666).Thepayloadis“thedata
beingcarriedinapacket”(Comer2004,667),theheadercontainsdatalikethenet‐
workaddressofsourceanddestination.IntheTCP/IPprotocolthattheInternetuses,
the packet is called an IP datagram. It consists of “a header that identifies both the
senderandreceiverandapayloadareathatcontainsthedatabeingcarried”(Comer
2004,658).
“Deep packet inspection is the collection, observation, analysis, and/or storage of
data related to an application that is found in Internet packets above OSI layer 3”
(Cooper 2011, 145). Deep Packet Inspection technologies “are capable of analysing
the actual content of the traffic that is flowing” (Jason 2011, 118). “DPI allows net‐
workoperatorstoscanthepayloadofIPpacketsaswellastheheader.[…]Itenables
thenetworkoperatortoanalyzethedatagramspassingthroughthenetworkinreal‐
time and discriminate among them according to their payload” (Bendrath and
Mueller2011,1144).“DeepPacketInspection(‘DPI’)isacomputernetworkfiltering
techniquethatinvolvestheinspectionofthecontentsofpacketsastheyaretransmit‐
tedacrossthenetwork.DPIissometimesreferredtoas‘completepacketinspection’”
(EPIC,DeepPacketInspectionandPrivacy.http://epic.org/privacy/dpi/)
Parsons (2008) distinguishes between Shallow Packet Inspection, Medium Packet
InspectionandDeepPacketInspectiontechnologies.ShallowPacketInspection(SPI)
technologies “examine the packet’s header information” (Parsons 2008, 6; see also
Daly 2010), the inspect data at the OSI layers 1‐3. Examples are firewalls that scan
source and destination IP addresses that aredefined at layer 3 of the OSI (network
layer) and TCP/IP (Internet/IP level) models. They can block data that comes from
certainIPaddresses(whicharee.g.consideredasdistributingspamorviruses).Me‐
dium Packet Inspection (MPI) technologies can analyse data on the OSI layers 1‐6.
This includes the presentation layer of the OSI model, at which file formats are de‐
The Privacy & Security Research Paper Series, Issue # 1
fined.MPItechnologiescane.g.blockcertainfiletypesorbeusedfornetworkman‐
agement (prioritization of the transmission of certain file types). “MPI technologies
canprioritizesomepacketsoverothersbyexaminingtheapplicationcommandsthat
arelocatedwithintheapplicationlayerandthefileformatsinthepresentationlayer”
(Parsons 2008, 8). Parsons defines Deep Packet Inspection technologies as surveil‐
lancemethodsthatcan“identifytheoriginandcontentofeachpacketofdata”(Par‐
sons 2008, 8). They can monitor data at the OSI layers 1‐7. Deep packet inspection
(DPI) surveillance technologies are communications surveillance tools that are able
tomonitorthetrafficofnetworkdatathatissentovertheInternetatallsevenlayers
of the OSI Reference Model of Internet communication, which includes the surveil‐
lanceofcontentdata.
2.2. The Analysed Companies’ Internet Surveillance Technologies
AnnexAprovidesamoredetailedanalysisof20EuropeansecuritytechnologiesIn‐
ternet surveillance technologies. For each company in the sample, the following in‐
formationisoutlined:
*Placeofbusiness
*Website
*Self‐descriptionofthecompany’sactivities
* Analysis: this section of each security company’s discussion gives an overview of
which Internet surveillance technologies the specific company creates and how it
views the usefulness and purpose of these technologies according to public state‐
ments(website,pressreleases,newsarticles).
Theanalysedsecuritycompaniesarethefollowingones:
1.Inveatech
2.Qosmos
3.Thales
4.AQSACOM
5.Alcatel‐Lucent
6.Amesys
7.Elaman
8.Datakom
9.trovicor
10.Digitask
11.ipoque
12.Utimaco
13.NETI
14.AreaSpa
15.Innova
16.IPS
17.Group2000
The Privacy & Security Research Paper Series, Issue # 1
18.PineDigitalSecurity
19.GammGroup
20.TelesoftTechnologies
2.3. Assessment of Deep Packet Inspection Internet Surveillance DPIisarelativelynewandnotmuchanalysedtopicinthesocialsciences.Atitle
searchforDPIOR“deeppacket”intheSocialSciencesCitationIndex(conductedon
February17,2011)produced9results,ofwhichonly2werereallyaboutDPI.Asimi‐
larsearchinthedatabaseCommunicationsandMassMediaComplete(conductedon
February17,2011)brought10results,ofwhich3focusedonDPI. BendrathandMueller(2011)listsevenareas,whereDPIaffectssociety:network
security (viruses, Trojans, worms, etc), bandwidth management, governmental sur‐
veillance,contentregulation(blocking,censorship),copyrightenforcement(fileshar‐
ing),adinjection.
ForassessingtheimpactofDPI,theUppsalaUniversityresearchteamconducteda
searchforacademicarticles,techreports,andassessments.Weanalysedthesedocu‐
ments.Theresultscanbesummarizedintheformofseveralimpactdimensions.
1.PotentialadvantagesofDPI
2.Netneutrality
3.ThepowerofInternetServiceProviders(ISPs)forunderminingusers’trust
4.PotentialfunctioncreepofDPIsurveillance
5.Targetedadvertising
6.Thesurveillanceoffilesharers
7.Politicalrepressionandsocialdiscrimination 2.3.1. Potential Advantages of DPI Cooper(2011,144)arguesthattheanalysisofInternetpacketsatTCP/IPlayer3
(destinationandsourceIPaddresses)hasalwaysbeenusedbyISPs“toroutepackets
totheirdestinations,andthusitwouldbedifficulttoarguethattheircontinueduse
creates some new privacy risk”. Privacy problems could be related to payload data
(TCP/IP layer 5). “Payloads often contain application headers, and many of these
headers – such as the HTTP version type and content encodings cited earlier – are
fairlyinnocuousfromaprivacyperspective.However,otherkindsofheaderscanre‐
veal much more sensitive information about a person’s Internet activities, such as
URLs,emailrecipientaddresses,usernames,addresses,andmanyotherkindsofda‐
ta”(Cooper2011,144).
TheadvantagesthataregenerallymentionedonthesideofISPsaretheopportuni‐
tiesforbandwidthmanagementandthecreationofpersonalizedfor‐profitservices:
“ISPs, meanwhile, see promising opportunities of many kinds in the growth of DPI.
Thetechnologycanprovidethemwithapowerfultooltoaddressconstantlyevolving
challenges in managing network congestion and security threats. It can provide in‐
The Privacy & Security Research Paper Series, Issue # 1
sightintohowtheirnetworksarebeingused,allowingthemtomakemoreinformed
decisionsaboutnetwork upgradesandarchitecture.And perhapsmostimportantly,
DPIisamongasetoftoolsthatcanprovideIPSwithnewrevenuestreams,whether
by funnelling data about users to advertisers, selling expedited delivery to content
providers,orlevyingextrafeesonheavynetworkusers”(Cooper2011,140).“Inter‐
nettraffichasincreasinglyinvolvedsuchdata‐richapplicationsasvoiceandstream‐
ingvideo.Notonlyarethesequitedemandingofbandwidth,thesetypesofcommuni‐
cations do not function well if subject to delays. One way carriers seek to solve the
problemisbyexaminingpacketsanddeterminingtrafficpriorities;DPIwouldallow
thecarrierstodoso”(Landau2010,141).
ipoquestressesinawhitepaper(#11_5)thatDPIisusedfordifferentpurposes,in‐
cludingspamfilters,virusfiltersaswellasbandwidthandnetworkmanagementthat
makesefficientuseofnetworksbyprioritizingthetransmissionofdifferentfiletypes.
Different protocols and different applications make different use of the Internet. So
e.g.VoIP(suchasSkype)hasalowuseofthenetwork,whereasfilesharinginpeer‐
to‐peernetworksmakesheavyuseoftheInternet.
2.3.2. Net Neutrality ThemediareformgroupFreePressdefinesnetneutralityastheprinciple“thatInter‐
net service providers may not discriminate between different kinds of content and
applications online. It guarantees a level playing field for all websites and Internet
technologies“ (http://www.savetheinternet.com/faq). “During the explosive rise of
the Internet, one fundamental principle governed: All users and all content were
treatedalike.Thephysicalnetworkofcablesandroutersdidnotknoworcareabout
the user or the content. The principle of non‐discrimination, or ‘Net Neutrality’, al‐
lowed users to travel anywhere on the Internet, free from interference” (Riley and
Scott2009,3).”TheconnectionbetweenDPIandnetneutralitybecameclearin2007,
when it was made public that Comcast used a SandVine DPI monitoring systems to
disrupt peer‐to‐peer traffic, which resulted in a lawsuit before theUS Federal Com‐
municationCommission(FCC)”(BendrathandMueller2011).“IntheUSA,thecable
operatorComcastbegantoblockpeer‐to‐peer(P2P)datatransfersforitsusersusing
DPI.ThisresultedintheFederalCommunicationsCommission(FCC)orderingCom‐
cast to ‘end discriminatory network management practices’, since it had ‘unduly in‐
terferedwithInternetusers’righttoaccessthelawfulInternetcontentandtousethe
applicationsoftheirchoice’”(Daly2010).
The FCC says that “reasonable network management”, which is network manage‐
mentthatis“tailoredtoachievingalegitimatenetworkmanagementpurpose“(FCC
2010, 48)and forwhichDPImaybeused, isnoproblem.Unreasonablediscrimina‐
tion of users that violates net neutrality would e.g. be the discrimination of certain
applications(suchasVoIP),hinderinguserstoaccesscertaincontent,servicesorap‐
plications, or the slow down of a service or website that a ISP disagrees with (FCC
2010,42).TheFCC(2010,43)alsosaysthat“payforpriority”islikelytoviolatenet
neutrality.
The Privacy & Security Research Paper Series, Issue # 1
One argument advanced by Free Press, the Consumer Federation of America and
theConsumersUnion(2006)isthatgivingupnetneutralitywouldgiveInternetser‐
vice providers a lot of power and would discriminate certain services so that their
ownfavouredcontentandapplications(thattheyeitherprovidethemselvesoroffer
inco‐operationwithspecificmediacontentproviders)wouldbeadvantagedandoth‐
ers disadvantaged.Thiscanespeciallybecomea problemifthenetworkprovideris
alsoacontentproviderorhascollaborationwithacontentprovider.Asecondwarn‐
ing by Free Press, the Consumer Federation of America and the Consumers Union
(2006)isthatatieredInternetisastratifiedsystem,inwhichrichplayers(likebig
companies)useafastInternetandeverydaypeople,whodonothavesomuchmoney,
a slow Internet. “Indeed, corporate control over what information users create, dis‐
seminate and receive could also entail access to content or programmes which are
notcommerciallylucrativeisrestrictedonlytothosewillingtopaymoretotheISPto
accessit,ornotavailableatall”(Daly2010).
LawrenceLessigandRobertW.McChesneyarguethatthenetneutralitydebateisa
discussionaboutthefundamentalqualitiesoftheInternet:“Willwereinstatenetneu‐
tralityandkeeptheInternetfree?Orwillweletitdieatthehandsofnetworkowners
itchingtobecomecontentgatekeepers?[…]Thecurrentlegislation,backedbycom‐
paniessuchasAT&T,VerizonandComcast,wouldallowthefirmstocreatedifferent
tiersofonlineservice.Theywouldbeabletosellaccesstotheexpresslanetodeep‐
pocketedcorporationsandrelegateeveryoneelsetothedigitalequivalentofawind‐
ing dirt road. Worse still, these gatekeepers would determine who gets premium
treatmentandwhodoesn’t”(LawrenceLessigandRobertW.McChesney,NoTollson
theInternet.TheWashingtonPost.June8,2006).
AtieredInternetmonitoredwiththehelpofDPIcouldalsoresultin“anencryption
armsraceinwhichdisfavouredapplicationswouldencryptalltraffictoevadeidenti‐
ficationbyDPI.Suchanoutcomewouldrenderthecongestion‐reductionpurposeof
DPIineffective”(RileyandScott2009,8)
2.3.3. The Power of ISPs for Undermining Users’ Trust Heavy use of DPI by ISPs may undermine trust that users have in the network and
ISPsandthiscanresultinself‐censorshipandinhibitionofusers(Cooper2011,147).
InternetusershavetotrusttheirISPmorethanGoogleorFacebookoranotherweb
platformbecausetheirwholetrafficpassesthroughtheISP’sservers.Neither“Google
noranyotherserviceproviderisascapableasanISPofcomprehensivelymonitoring
theentiretyofeachindividualsubscriber’sonlineactivities.Everyoneofasubscrib‐
er’spackets,bothsentandreceived,mustpassthroughtheISP’sfacilities.Whatsepa‐
ratesISPsfromotherserviceprovidersisthepotentialfortheirgazeovertheirsub‐
scribers to be omniscient” (Cooper 2011, 147). ISPs have with the help of DPI the
powertomonitortheentireInternetusageofsubscribers.Thediscussionsaboutthe
useofDPIforthatwerepresentedinthisreporthavefrequentlyinvolveddiscussions
The Privacy & Security Research Paper Series, Issue # 1
about the role of ISPs, which shows that they are crucial actors in Internet surveil‐
lanceandthattheyholdhighpowerinimplementingorpreventingInternetsurveil‐
lance. They hold the power to potentially build a total Internet surveillance system.
Encryptioncanmakethismoredifficult,butthequestionisifuserscanbeexpected
touseencryptionforalloforlargepartsoftheirInternetuseandifprivacyprotec‐
tionshouldbeadefaultoptionguaranteedbytheISPoranon‐defaultoptionthatcan
only be achieved by special actions on behalf of the users. Heavy use of encryption
canalsoslowdownthespeedofcomputernetworks.
ParsonswarnsthatwiththehelpofDPIitis“possibletoconstructvastsocialnet‐
workmaps”(Parsons2008,12)becausethetechnologyallowstoidentifythesource
anddestination(e.g.email‐addressesorusernamesonsocialmedialikeFacebookor
Twitter)aswellasthecontentofeachonlinecommunication.
BendrathandMueller(2012,1148)makeananalogybetweenanISPandapostal
worker inorderto show how DPI can potentially result in privacy violations: “Now
imagineapostalworkerwho[…]
*Opensupallpacketsandletters;
*Readsthecontent;
*Checksitagainstdatabasesofillegalmaterialandwhenfindingamatchsendsa
copytothepoliceauthorities;
*Destroysletterswithprohibitedorimmoralcontent;
*Sendspackagesforitsownmail‐orderservicestoaveryfastdeliverytruck,while
theonesfromcompetitorsgotoaslow,cheapsub‐contractor.
Imaginealsothatthepostalworkercoulddothiswithoutdelayingordamagingthe
packetsandletterscomparedtohis(former,nowfired)daydreamingcolleague.This
iswhatDPItechnologyiscapableof.[…]Suchapostalsystem[…]invadestheprivacy
ofcommunicationsandintroducesopportunitiesforregulationandcensorshipwhole
increasingthefeasibilityofimposingintermediaryresponsibilityonIPSs”.
“DPIisalettercarrierwhoreadsallyourmail,listenstoallyourcalls,followsyou
asyoubrowsedowntownandinthemal,notesyourpurchases,listensinasyouask
questionsoftheresearchlibrarian,andwatchesoveryourshoulderasyoureadthe
daily paper – and then correlates all that information in real time” (Landau 2010,
220).
The question that arises is if such data processing is “adequate, relevant and not exces‐
sive in relation to the purposes for which they are collected and/or further processed” (European Union Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data 95/46/EC, article 6 (c) ). 2.3.4. Potential Function Creep of DPI Surveillance
ThenotionofthesurveillancecreepwasintroducedbyGaryMarx:“Aspowerfulnew
surveillancetacticsaredeveloped,therangeoftheirlegitimateandillegitimateuseis
likelytospread.Wherethereisaway,thereisoftenawill.Thereisthedangerofan
The Privacy & Security Research Paper Series, Issue # 1
almostimperceptiblesurveillancecreep.[…]Thenewformsofsocialcontroltendto
besubtle,invisible,scattered,andinvoluntary.Theyareoftennotdefinedassurveil‐
lance, and many people, especially those born after 1960, are barely conscious of
them” (Marx 1988, 2f). Surveillance creep is “the expansion into new domains of
software or a surveillance system, and the ways that new functions are constantly
foundforsurveillancetechnologiesandpractices”(Lyon2007,201).“Personaldata,
collectedandusedforone purposeandtofulfilone functionoften migratetoother
onesthatextendandintensifysurveillanceandinvasionsofprivacybeyondwhatwas
originally understood and considered socially, ethically and legally acceptable. […]
Functioncreepusuallyhappensquietly,unobtrusively,asabitofadministrativecon‐
venience”(SurveillanceStudiesNetwork2010,9).
DPI usage for one purpose (such as network management or spam filtering) may
creeptoother,moreprivacy‐sensitiveactivities(suchastargetedadvertisingorcon‐
tentmonitoringforpoliticalpurposesorlawenforcement,violationofnetneutrality,
etc). “Another distinguishing feature of ISPs’ use of DPI is the potential for mission
creep: having DPI equipment that was installed for one purpose used for multiple
newpurposesovertime”(Cooper2001,148f).AnimportantaspecthereisthatDPI
canbeemployed“mostlyinvisiblyonthenetwork”(Cooper2001,149),therebyena‐
blinginvisiblesurveillancecreep. 2.3.5. Targeted Advertising Targeted advertising (also called targeted tracking, personalized advertising or be‐
haviouraladvertising)meansthat“marketingormediafirmsfollowactualorpoten‐
tial customers’ marketing and/or media activities to learn the consumers’ interests
andtodecidewhatmaterialstoofferthem”(Turow2008,180).
“Web‐basedadvertisingcompanieshaveformanyyearsusedweb‐basedtechnolo‐
gies (such as cookies) to track the sites that users visit, allowing the companies to
compileprofilesofusers’behaviourforadvertisingpurposes.DPIcreatesthatsame
possibility for ISPs by allowing them to identify the websites that their subscribers
are visiting, the content of those sites, and the other kinds of applications and data
that subscribers are using. ISPs or their advertising partners can extract this infor‐
mationfromindividualpacketsandcompileitintoprofilesthatcanlaterbeusedto
showtargetedadstosubscribersastheysurftheweb”(Cooper2011,151).
OnFacebook,targetedadvertisingisthestandardoptionandthereisnoopt‐into
thistypeofadvertising.Thiscircumstancewaspartof22complaintsthattheinitia‐
tive“EuropeversusFacebook”filedagainstFacebook.AsFacebookEuropeislocated
inIreland,theIrishdataprotectionauthoritiesareinchargeofsuchclaims.Afterau‐
diting Facebook, the Data Protection Commissioner of Ireland (2011) published an
auditreport.ItwrotethatFacebookneedstoimplement“anenhancedabilityforus‐
ers to make their own informed choices based on the available information” (42).
“Fromtheprivacyperspectivethereforeitwouldbeafarbetterpositionforusersif
therewerenodefaultsettingsuponsign‐up.Auserthenwouldbeaskedviaaprocess
The Privacy & Security Research Paper Series, Issue # 1
what their broad preferences are with settings that reflect such broad preferences
and a consequent ability for theuser to refine those settings all of which should be
available from one place” (40). “There are limits to the extent to which user‐
generated personal data can be used for targeted advertising. Facebook must be
transparentwithusersastohowtheyaretargetedbyadvertisers”(60).
TheDataProtectionCommissionerofIreland’sreportmadeclearthattargetedad‐
vertising is not unproblematic in respect to privacy violations and that special pre‐
cautionsneedtobetakeninordertoprotectconsumerprivacyontheInternet.
Facebookhasthemeansforconductingsurveillanceofpartsofusers’onlineactivi‐
ties.GiventhatISPs’employmentofDPIfortargetedadvertisinghasthepotentialto
use all user data (headers/connection and content data), one can imagine that DPI‐
based targeted advertising can intensify the potential problems and discussions
aboutonlinedataprotectionviolations.
In2008,therewerereportsthattheUScompanyPhormhad“dealssignedbyBT,
VirginMediaandCarphoneWarehousetoreportyourbrowsinghabitstoPhorm”and
to implement a behavioural ad targeting system (The Register, The Phorm Files. All
YerDataPimpingNewsinOnePlace.February29,2008.
http://www.theregister.co.uk/2008/02/29/phorm_roundup). In April 2008, the
British Information Commissioner’s Office issued a statement saying that Phorm’s
DPI‐basedadvertisingsystemWebwiseneedstobeimplementedasopt‐insystemin
ordertocomplytoBritishcommunicationsregulations:“Phormhasdevelopedasys‐
temwhere,withthecooperationofanindividual’sISPtheycanprofiletheaddresses
and certain content of websites visited by users and then use that information to
match that user against predefined broad advertising categories. […]When a user
visits a website that has an agreement with Phorm their user ID is recognised and
PhormwillusethebroadadvertisingcategoriesassociatedwiththatIDtoenablerel‐
evantadvertisingchanneltobeshownonthewebsite.[…]Regulation7ofPECR[Pri‐
vacyandElectronicCommunicationsRegulations]willrequiretheISPtogetthecon‐
sentofuserstotheuseoftheirtrafficdataforanyvalueaddedservices.Thisstrongly
supportstheviewthatPhormproductswillhavetooperateonanoptinbasistouse
trafficdataaspartoftheprocessofreturningrelevanttargetedmarketingtointernet
users”
(http://collections.europarchive.org/tna/20080422094853/http://ico.gov.uk/Home
/about_us/news_and_views/current_topics/phorm_webwise_and_oie.aspx).
InalettertotheBritishInformationCommissioner,theFoundationforInformation
PolicyResearch(FIPR)warnedaboutpotentialprivacyviolationsofPhorm’ssystem:
“TheprovisionofthisservicedependsonclassifyingInternetuserstoenableadver‐
tisingtobetargetedontheirinterests.Theirinterestsaretobeascertainedforthis
purposebyscanningandanalysingthecontentoftrafficbetweenusersandtheweb‐
sitestheyvisit.ThisactivityinvolvestheprocessingofpersonaldataaboutInternet
users. That data may include sensitive personal data, because it will include the
searchtermsenteredbyusersintosearchengines,andthesecaneasilyrevealinfor‐
mation about such matters as political opinions, sexual proclivities, religious views,
The Privacy & Security Research Paper Series, Issue # 1
andhealth.[...]Classificationbyscanninginthiswayseemstoustobehighlyintru‐
sive.Wethinkthatitshould notbeundertakenwithoutexplicitconsentfromusers
who have been given particularly clear information about what is liable to be
scanned.Usersshouldhavetooptintosuchasystem,notmerelybegivenanoppor‐
tunity to opt out. We believe this is also required under European data protection
law;failuretoestablishaclearandtransparent’opt‐in’systemislikelytorenderthe
entire process illegal and open to challenge in UK and European courts“
(http://www.fipr.org/080317icoletter.html).
TheinventoroftheWorldWideWeb,TimBerners‐Lee,expressedhisoppositionto
Phorm’sDPI‐basedtargetedadvertisingsystem:“TheaccessbyanISPofinformation
withinaninternetpacket,otherthanthatinformationusedforrouting,isequivalent
to wiretapping a phone or opening sealed postal mail. The URLs which people use
revealahugeamountabouttheirlives,loves,hates,andfears.Thisisextremelysensi‐
tivematerial.Peopleusethewebincrisis,whenwonderingwhethertheyhaveSTDs,
orcancer,whenwonderingwhethertheyarehomosexualandwhethertotalkabout
it,todiscusspoliticalviewswhichmaybeabhorrent,andsoon.[…]Thepowerofthis
information is so great that the commercial incentive for companies or individuals
misuseitwillbehuge,soitisessentialtohaveabsoluteclaritythatitisillegal.Theact
ofreading,liketheactofwriting,isapure,fundamental,humanact.Itmustbeavail‐
able without interference or spying” (Berners‐Lee, Tim. 2009. No Snooping.
http://www.w3.org/DesignIssues/NoSnooping.html).
BecauseofthePhormcase,theEuropeanCommissionopenedaninfringementpro‐
ceedingagainsttheUKinordertoseeiftheUKhascorrectlyimplementedtheEU’s
ePrivacy and data protection rules. “Since April 2008, the Commission has received
severalquestionsfromUKcitizensandUKMembersoftheEuropeanParliamentcon‐
cerned about the use of a behavioural advertising technology known as ‘Phorm’ by
InternetServiceProvidersintheUK.Phormtechnologyworksbyconstantlyanalys‐
ing customers' web surfing to determine users' interests and then deliver targeted
advertisingtouserswhentheyvisitcertainwebsites.InApril2008,theUKfixedop‐
erator, BT, admitted that it had tested Phorm in 2006 and 2007 without informing
customers involved in the trial. BT carried out a new, invitation‐based, trial of the
technologyinOctober‐December2008.BT’strialsresultedinanumberofcomplaints
to the UK data protection authority – the Information Commissioner’s Office (ICO)
andtotheUKpolice.[...]theCommissionhasconcernsthattherearestructuralprob‐
lems in the way the UK has implemented EU rules ensuring the confidentiality of
communications. [...]Under UK law, which is enforced by the UK police, it is an of‐
fence tounlawfully intercept communications. However, the scopeof this offence is
limited to ‘intentional’ interception only. Moreover, according to this law, intercep‐
tionisalsoconsideredtobelawfulwhentheinterceptorhas‘reasonablegroundsfor
believing’ that consent to interception has been given. The Commission is also con‐
cerned that the UK does not have an independent national supervisory authority
dealingwithsuchinterceptions.[...]TheEUDirectiveonprivacyandelectroniccom‐
municationsrequiresEUMemberStatestoensureconfidentialityofthecommunica‐
The Privacy & Security Research Paper Series, Issue # 1
tions and related traffic data by prohibiting unlawful interception and surveillance
unless the users concerned have consented (Article 5(1) of Directive 2002/58/EC).
The EU Data Protection Directive specifies that user consent must be ‘freely given
specific and informed’ (Article 2(h) of Directive 95/46/EC). Moreover, Article 24 of
theDataProtectionDirectiverequiresMemberStatestoestablishappropriatesanc‐
tionsincaseofinfringementsandArticle28saysthatindependentauthoritiesmust
bechargedwithsupervisingimplementation.TheseprovisionsoftheDataProtection
Directive also apply in the area of confidentiality of communications”
(http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/570). In autumn
2010,theEuropeanCommissiondecidedtotakethiscasetotheCourtofJusticeofthe
EU (Brand Republic News Releases, EU to Take UK to Court over Internet Privacy
Rules.October4,2010).
A Phorm‐initiated privacy impact assessment of Webwise concluded that infor‐
mation systems require informed consent, but confirmed that although Phorm was
workingonrespectingusers’privacy,itwouldnotintendtoimplementanopt‐insys‐
tem because “the market default for cookie‐based consent systems is opt‐out” and
that“userswillbegivenpropernotice”(80/20Thinking,PrivacyImpactAssessment
forPhorm.http://www.phorm.com/assets/reports/Phorm_PIA_Final.pdf,19).
AndrewMcStay(2011)interpretsPhorm’sWebwiseasthethirdtypeofonlinebe‐
haviouraladvertising.Inthefirstform,awebplatformcollectsuserdataonitsown
site in order to target ads. In the second form, a second party runs an advertising
network (such as DoubleClick) that collects and networks data from different web‐
sitesinordertotargetads.Inthethirdform,deep‐packetinspection“scanspacketsof
datathatpassesthroughthegateway[ofanISP]andmarriessuitabledatawithrele‐
vantadvertising”(McStay2011,312).
“Google may track your searches, your travel (Google Maps), and your appoint‐
ments(GoogleCalendar),butthecompany’sabilitytodosoislimitedbythenumber
ofdifferentGoogleservicesofwhichyouavailyourself.IfyouobjecttoGoogle’spri‐
vacypolicies,youcanchoosetouseotherservices.Bycontrast,yourISPknowseve‐
rythingyoudoonline.[…]AsingleISPwillknowwhatyouarebrowsing,whatyour
emailsays,VoIP,andsoon.Inamatterofdays,possiblyevenhours,anISPusingDPI
candeveloparemarkablydetaileddossieronaperson”(Landau2010,220).
Whereas targeted advertising on Facebook, Google, or DoubleClick can only be
basedonpartsofthewebusageofauser,theprofilingusedindeeppackettargeted
advertisinghasthepotentialtobebasedonatotalInternetsurveillancesystemthat
scans,filters,andanalysestheentireInternetdatatrafficandcontentofauser.Deep‐
packetinspectiontargetedadvertisingthereforehasthepotentialtobeatotalInter‐
netsurveillancesystem.ThemaincriticismsofDPI‐basedtargetedadvertisingisthat
users’consensusneedstobeobtainedtosuchwide‐reachingdataprocessing(opt‐in
insteadofopt‐out),thatsensitivedatamightbeanalysedandmisused,andthatthere
maybeasurveillancefunctioncreepwithunintendedconsequences.
The Privacy & Security Research Paper Series, Issue # 1
2.3.6. The Surveillance of File Sharers DPI can be used for detecting or blocking illegal file sharing (see the discussion in
#11_6).“Since2004,theEuropeanmusicindustryhastriedtousethecourtstoforce
ISPstosetupfilteringtechnologythatwoulddetectandblockcopyrightedmusicau‐
tomatically.[…]TheDPIproductsofonecompany,AudibleMagic,werepromotedby
the music industry as a suitable solution to the problem” (Bendrath and Mueller
2011,1154).
TheBelgianmusicindustryassociationSABAM(Sociétéd’AuteursBelge–Belgische
AuteursMaatschappij)suedtheISPScarletandrequestedthatitinstallsAudibleMag‐
ic for copyright surveillance (Bendrath and Mueller 2011). In Ireland, EMI, Sony,
Warner and Universal wanted to require Eircome to implement a similar system
(ibid).SABAMalsowantedtorequiretheBelgiansocialnetworkingsiteNetlogtoin‐
stallfilteringsystemsthatpreventcopyrightviolations.IntheScarletvs.SABAMcase,
in 2011 the “European Court of Justice has ruled that content owners cannot force
Internetserviceproviderstoengageinlargescalefilteringandblockingofcopyright‐
infringing material online. […] It argued that blocking general access to P2P sites
wouldbeunfaironaprovider,affectingitsfreedomtoconductbusinessandrequir‐
ing the ISP to ‘install a complicated, costly, permanent computer system at its own
expense’.ThecourtalsosaidthatafilterwouldinfringeupontherightsInternetus‐
ers have to privacy and information protection” (Wired Magazine Online, EU Court
Rules that Content Owners Can’t Force Web Filters on ISPs. November 24, 2011.
http://www.wired.co.uk/news/archive/2011‐11/24/eu‐rules‐on‐filtering).
IntheNetlogvs.SABAMcase,theEuropeanCourtofJusticeconfirmedtheScarlet
rule:“Netlogprotestedathavingtoinstallandmaintainacostlycomputersystemat
itsownexpenseforthebenefitofanotherindustryentirely,andtookthecasetothe
European Court of Justice, which said ‘such an injunction would result in a serious
infringement of Netlog's freedom to conduct its business’. However, that wasn't the
onlyissuethatthecourttookwithSABAM'sdemands.Itadded:‘Thefilteringsystem
mayalso infringethefundamentalrightsof its service users–namelytheir rightto
protectionoftheirpersonaldataandtheirfreedomtoreceiveorimpartinformation’.
Thecourt'sconclusion?‘Inadoptinganinjunctionrequiringthehostingservicepro‐
vidertoinstallsuchafilteringsystem,thenationalcourtwouldnotberespectingthe
requirementthatafairbalancebestruckbetweentherighttointellectualproperty,
ontheonehand,andthefreedomtoconductbusiness,therighttoprotectionofper‐
sonal data and the freedom to receive or impart information, on the other’” (Wired
MagazineOnline,SocialNetworksDon’tHavetoPoliceCopyright,RulesEU.February
16, 2012. http://www.wired.co.uk/news/archive/2012‐02/16/eu‐social‐networks‐
copyright).
In2009,theBritishISPVirginMediaannouncedtheuseof“deeppacketinspection
withthecontroversialDeticaCViewtechnology,whichwillascertainlevelsofillegal
musicfilesharingacrosstheVirginnetwork.ThetrialwillseeVirginmonitoring40
The Privacy & Security Research Paper Series, Issue # 1
percentofitscustomers,butnoneofthesecustomerswillbeinformedwhetherthey
are being checked out. Virgin insist that any data accumulated will be anonymous.
Thetechnology usedis calledCView,createdbyacompanycalledDeticaandbased
onthesametechnologythatpoweredthecontroversialPhorm.CViewlooksatWeb
traffic,spotspeer‐to‐peerpackets,andtakesalookinside.Itthencollectsdataifthe
files being shared are considered to be infringing copyright, based on information
from record companies” (CNET UK, Virgin Media and CView to Rifle Through Your
Packets. November 27, 2009. http://crave.cnet.co.uk/software/virgin‐media‐and‐
cview‐to‐rifle‐through‐your‐packets‐49304424). Privacy International argues that
this case constitutes privacy violations and is based on the assumption that Virgin
subscribersarecriminals,whichwouldreversethepresumptionofinnocence:
“Under the Privacy and Electronic Communications (EC Directive) Regulations
(PECR)andtheRegulationofInvestigatoryPowersAct(RIPA)aswellastheEurope‐
an ePrivacy Directive, that interception and processing of communications requires
eitherexplicitinformedconsentfromallpartiesorawarrant.[…]Wearefurthercon‐
cernedthatsuchasystemgeneratesaparadigmshiftwithregardstothebalanceof
justice. Virgin Media’s plans assume that all consumers are guilty of copyright in‐
fringement until their communications data proves otherwise – whereas the onus
shouldbeontheinjuredpartiestoprovidetheirownevidencethataninfringement
hasoccurred”(PrivacyInternational,PIWarnsthatNewISPInterceptionPlansWillBe
Illegal. November 26, 2009.https://www.privacyinternational.org/article/pi‐warns‐
new‐isp‐interception‐plans‐will‐be‐illegal).Inearly 2010,theEuropeanCommission
announced that it would closely monitor Virgin Media’s planned trial, later in the
sameyearVirginMediaannouncedthatitputitsplansonhold(ZDNetUK,VirginMe‐
dia Puts CView Packet Sniffing Trial on Hold. September 30, 2010.
http://www.zdnet.co.uk/news/security‐threats/2010/09/30/virgin‐media‐puts‐
cview‐packet‐sniffing‐trial‐on‐hold‐40090353/)
Since 2007, Australia, Canada, the EU, Japan, Jordan, Mexico, Morocco, New Zea‐
land, South Korea, Singapore, Switzerland, the United Arab Emirates, and the USA
haveengagedinnegotiationaboutanAnti‐CounterfeitingTradeAgreement(ACTA).
TheElectronicFrontierFoundationarguesthatitwasplannedtocreateanewlegal
regimesthatencourages“InternetServiceProviders[…]toidentifyandremovealleg‐
edly infringing material from the Internet”, “mandatory network‐level filtering by
InternetServiceProviders”,andarulethatISPshave“toterminatecitizens’Internet
connection on repeat allegation of copyright infringement” (Electronic Frontier
Foundation,
Anti‐Counterfeiting
Trade
Agreement.
What
is
ACTA?
https://www.eff.org/issues/acta). DPI could be usedfordetermining, who infringes
copyrightsontheInternetbysharing.Tousetheanalogyofaletter,suchprovisions
wouldmeanthatthepostofficeopensallletterstodeterminetheircontent,keepsa
recordofthemandinthecasethatindividualsororganisationsthreetimessendun‐
desirablecontentbansthemfromfurtheruseofthepostalserviceandthereforefrom
afundamentalmeansofhumancommunication.
The Privacy & Security Research Paper Series, Issue # 1
ThediscussedexamplesshowthatthereareDPItechnologies,suchasAudibleMag‐
icandCView,thatcanbeusedbyISPstomonitortheInternetsothatillegalfileshar‐
ing is detected. There are examples, where the content industry has tried to legally
enforce the use of these Internet surveillance technologies by ISPs. The European
CourtofJusticehasruledthatsuchmeasuresviolateInternetusers’righttoprivacy
andinformationprotectionandISPs’freedomtoconductbusiness.Anadditionalar‐
gumentwasthattheautomaticsurveillanceoftrafficbyISPinordertodetectillegal
filesharingwouldreversethepresumptionofinnocenceandassumethatallInternet
usersarecriminals.
2.3.7. Political Repression, Social Discrimination and the Export of Internet Surveillance Technologies
DPIcanbeusedforthemonitoringofspecificusersoralargenumberofusersinor‐
der to find out with whom they communicate about what, including the content of
communicationandthefilteringofcontentforkeywords.Itisnotexactlyknownhow
China’s “Great Firewall” that filters and allows to censor Internet content, exactly
works.Someobserverssaythatit“isbelievedalsotoinvolvedeeppacketinspection.
ButChinaappearstobedevelopingthiscapabilityinamoredecentralizedmanner,at
thelevelofitsInternetserviceprovidersratherthanthroughasinglehub,according
toexperts”(WallStreetJournalOnline,Iran’sWebSpyingAidedbyWesternTechnol‐
ogy.June22,2009,http://online.wsj.com/article/SB124562668777335653.html).
Annex A shows that security companies tend to argue that DPI can help fighting
crime(suchaschildpornographyorillegalfilesharing)andterrorism.FromaEuro‐
peandataprotectionperspective,someproblemsmayhoweverarise.Collectionand
automaticanalysisofcontentdatawiththehelpofDPImaycontainthefiltering,stor‐
ageandanalysisofsensitivedata.TheEuropeanDataProtectionDirectivesaysthat
“MemberStatesshallprohibittheprocessingofpersonaldatarevealingracialoreth‐
nicorigin,politicalopinions,religiousorphilosophicalbeliefs,trade‐unionmember‐
ship, and the processing of data concerning health or sex life” (European Union Di‐
rectiveontheProtectionofIndividualswithRegardtotheProcessingofPersonalData
andontheFreeMovementofSuchData,article8).
TheEUhasintheProposaloftheEuropeanParliamentandoftheCouncilonthePro‐
tectionofIndividualswithRegardtothe Processingof PersonalDataand on theFree
MovementofSuchData(GeneralDataProtectionRegulation)suggestedtoamendthis
passage: “The processing of personal data, revealing race or ethnic origin, political
opinions,religionorbeliefs, trade‐union membership,andtheprocessingofgenetic
dataordataconcerninghealthorsexlifeorcriminalconvictionsorrelatedsecurity
measuresshallbeprohibited”(article9).
Inbothcasesarepoliticalopinionsconsideredassensitivedata.Algorithmicanaly‐
sis and collection can semantically not perfectly distinguish between sensitive and
non‐sensitivedata.TheuseofDPIfortargetedadvertisingandbygovernmentsfaces
theriskthatsensitivedataofusersarebeingmonitored.Theexamplesabouttheal‐
The Privacy & Security Research Paper Series, Issue # 1
legedsurveillanceofpoliticaloppositiondocumentedinthisreportshowthatthereis
the risk that the processing and analysis of sensitive content results in political re‐
pression or social discrimination of certain groups. The claim that DPI surveillance
can help fighting crime and terrorism needs therefore to be complemented by the
warningthatDPIInternetsurveillanceatthecontentlevelofInternetdata(theappli‐
cationlevelintheTCI/IPlayermodel)canbringaboutprivacyviolationsandthepro‐
cessingofsensitivedataandtherebyresultinrepressionagainstanddiscrimination
ofcertaingroupsinsociety.
AnnexAshowsthattherehavebeencases,wherenewsmediareportedthatEuro‐
pean security technologies exported communications surveillance technologies to
countries,wheretheywereusedforthemonitoringofandrepressionagainstpoliti‐
cal opponents. The examples concern the following European security companies:
Area Spa (Italy), Qosmos (France), Utimaco (Germany), Amesys (France), trovicor
(Germany),NokiaSiemensNetworks(Finland).GammaGroup(UK).
2.3.7.1. Area Spa (Italy), Qosmos (France), Utimaco (Germany) InNovember2011,therewerenewsreportsthattheItalianfirmAreaSpaequipped
theSyrianintelligencewithsurveillancetechnologies(project“Asfador”)thatcanbe
usedformonitoringthepoliticalopponentsofBasharal‐Assad’sgovernment.Inthis
project,alsotechnologiesbyQosmos(France)andUtimaco(Germany)seemaccord‐
ingtonewsreportstohavebeenused:“AreaisusingequipmentfromAmericanand
European companies, according to blueprints and other documents obtained by
Bloomberg News and the person familiar with the job. The project includes
Sunnyvale, California‐based NetApp Inc. (NTAP) storage hardware and software for
archivinge‐mails;probestoscanSyria’scommunicationsnetworkfromParis‐based
Qosmos SA; and gear from Germany’s Utimaco Safeware AG (USA) that connects
tapped telecom lines to Area’s monitoring‐center computers” (Bloomberg, Syria
Crackdown Gets Italy Firm’s Aid With U.S.‐Europe Spy Gear. November 4, 2011.
http://www.bloomberg.com/news/2011‐11‐03/syria‐crackdown‐gets‐italy‐firm‐s‐
aid‐with‐u‐s‐europe‐spy‐gear.html).
“Whenthesystemiscomplete,Syriansecurityagentswillbeabletofollowtargets
on flat‐screen workstations that display communications and Web use in near‐real
timealongsidegraphicsthatmapcitizens’networksofelectroniccontacts,according
to the documents and two people familiar with the plans. Such a system is custom‐
made for repression, says Mark Dubowitz, executive director of the Washington‐
based Foundation for Defense of Democracies, which promotes tighter sanctions
againstSyria.’AnycompanysellingmonitoringsurveillancetechnologytotheAssad
regimeiscomplicitinhumanrightscrimes,’hesays.[…]WhenBloombergNewscon‐
tactedQosmos,CEOThibautBechetoillesaidhewouldpulloutoftheproject.‘Itwas
not right to keep supporting this regime,’ he says. The company’s board decided
aboutfourweeksagotoexitandisstillfiguringouthowtounwinditsinvolvement,
The Privacy & Security Research Paper Series, Issue # 1
hesays.Thecompany’sdeep‐packetinspectionprobescanpeerintoe‐mailandre‐
constructeverythingthathappensonanInternetuser’sscreen,saysQosmos’shead
ofmarketing,ErikLarsson”(ibid.).
“The Syrian secret service appears to be monitoring the country's protest move‐
mentusingtechnologyfromtheGermanfirmUtimaco,basedinOberursel,asuburb
ofFrankfurt.ContactedbySpiegelreportersonFriday,thecompanysaidithadsold
noproductsdirectlytoSyrianTelecom,theregime‐ownedtelecommunicationspro‐
vider. The company had instead delivered products to the Italian firm Area, with
which is has conducted business for years. The company said it could not confirm
whetherAreahadthenresoldgoodstoSyriandictatorBasharAssad’sregime”(Spie‐
gelOnlineInternational,IsSyriaMonitoringProtesterswithGermanTechnology?No‐
vember8,2011).
SothereweremediareportsthatsaidthatAreaSpastartedinstallingInternetsur‐
veillancetechnologiesinSyria,acountrywherehundredsofmembersofthepolitical
opposition have been killed by the government that tries to repress protests that
startedinJanuary2011.“EmployeesofAreaSpA,asurveillancecompanybasedout‐
sideMilan,areinstallingthesystemunderthedirectionofSyrianintelligenceagents,
who'vepushedtheItalianstofinish,sayingtheyurgentlyneedtotrackpeople,aper‐
sonfamiliarwiththeprojectsays.TheAreaemployeeshaveflownintoDamascusin
shiftsthisyearastheviolencehasescalated,saystheperson,whohasworkedonthe
systemforArea.[…]AreaisusingequipmentfromU.S.andEuropeancompanies,ac‐
cording to blueprints and other documents obtained by Bloomberg and the person
familiarwiththejob.TheprojectincludesSunnyvale,Calif.‐basedNetAppInc.storage
hardwareandsoftwareforarchivinge‐mails;probestoscanSyria'scommunications
networkfromParisbasedQosmosSA;andgearfromGermany'sUtimacoSafewareAG
thatconnectstappedtelecomlinestoArea'smonitoring‐centrecomputers.[…]When
the system is complete, Syrian security agents will be able to follow targets on flat‐
screen workstations that display communications and web use in near‐real time
alongside graphics that map citizens' networks of electronic contacts, according to
thedocumentsandtwopeoplefamiliarwiththeplans.Suchasystemiscustommade
for repression, says Mark Dubowitz, executive director of the Washington based
Foundationfor Defenseof Democracies[…]Area,aprivatelyheldcompanythatgot
itsstartin1996furnishingphonetapstoItalianlawenforcement,hascodenamedthe
system‘Asfador,’anodtoaMr.Asfadorwhocold‐calledthecompanyin2008asking
ittobidonthedeal,accordingtoonepersonknowledgeableabouttheproject”(The
Calgary Herald, Italian Firm Helping Syria Spy on E‐Mails. System Made for Repres‐
sion,saysThink‐Tank.November5,2011).
According to media reports, “Area chief executive Andrea Formenti says he can't
discussspecificclientsorcontracts,andthatthecompanyfollowsalllawsandexport
regulations”(ibid.).Later,Area’sCEOwasquotedinthepresssayingthatthesurveil‐
lanceprojecthasnotbeenactivated:“Inresponse,AreaSpA'sCEO,AndreaFormenti,
wasquotedinItaly'sCorrieredellaSeranewspaperthismonthannouncingthathis
companyhadnoemployeesinSyriaandthattheprojecthadnotmadeanyprogress
The Privacy & Security Research Paper Series, Issue # 1
in the last two months. […] ‘The interception system has never been activated and
cannot be under current circumstances. There has been no repression carried out
thankstoourequipment,’FormentitoldCorrieredellaSera”(CNNOnline,Cyberwar
ExplodesinSyria.November20,2011).
“’WehaveacontractinplacewithSyria,thistrue;buteverythinghasbeenhalted
fortwomonths,andtherearenoneofourtechniciansinDamascus.’Afterfivedaysof
silence, there is a statement by Andrea Formenti, chairman of Area SpA, the Italian
softwarehousethathasbecomeaninternationalcasebecauseitisinstallinganinter‐
ceptsystemofInternettrafficonbehalfof[SyrianPresident]BasharAssad’sregime.
Formenti, 42, explains his having ‘landed’ in Syria: ‘We won a international bidding
contest in 2008, outbidding 4 European countries, and other non‐European compa‐
nies.Asinterlocutors,wehaveneverhadpeopleeitherinthemilitaryorintheintel‐
ligenceservices,butofthelocaltelephoneprovider.’Area'schairmanstatedthatthe
contractwasworth13millioneuros,butdeniedcurrentlyhavingpersonnelatwork
intheMiddleEastcountry.‘Fortwomonthseverythinghasbeenhalted,andIwould
like to point out that the eavesdropping system has never been operated, and as
thingsnowstand,itneverwill.’Thefutureisuncertain:‘Wehavecontractualagree‐
mentsthatareverybinding,andwhich,ifnothonoured,wouldforceustopayhefty
penalties.Ontheotherhand,wearefollowingthesituationinSyriaasitevolves.We
wantnopartofbeingaccomplicestorepression.Wehopetherewillbesomeformof
interventionbytheinternationalauthoritiestosortthingsout.’Yesterday,aprotest
washeldinfrontofAreaheadquartersbyanti‐AssadrepresentativeswholiveinIta‐
ly. Beside them were activists of the Italian Pirates Party” (BBC Monitoring Europe,
Italian Software Company Denies Complicity in Syrian President’s Repression. No‐
vember9,2011).
AreaSpaisproducingandsellingMonitoringCentres.Ithasobtainedacontractfor
implementing anInternet surveillance system in Syria. The company has reacted to
allegationsaftertheyweremadepublicbythemedia,sayingthatthesystemhasnev‐
er been activated. The case is an example of how first surveillance technologies are
sold to countries or organisations that are considered problematic by human rights
groupsandonlyafterinformationaboutithasbeenmadepublicdocompaniesreact
totheallegations.Thequestionthatarisesiswhathappensinthosecases,wherecivil
societywatchdogorganizationsdonotfindoutabouttheexistenceofspecificcasesor
donothavetheresourcestoengageininquiries.
change.org gathered 20 000 signatures for a petition against the project
(change.org,HowWeWon,December1,2011.
http://www.change.org/petitions/demand‐us‐and‐european‐cos‐stop‐supporting‐
deadly‐syria‐net‐surveillance).ItwasinitiatedbytheInternetfreedomgroupAccess
and the Syrian blogger Anas Qtiesh. Area SpA withdrew from the project. Also Qos‐
mos withdrew its technology supply and released a news statement about this cir‐
cumstance.
Qosmosreactedtothemedia’scharges:“Qosmostechnologycomponentsaresold
to third‐party software vendors to improve performance in a wide variety of tele‐
The Privacy & Security Research Paper Series, Issue # 1
communications, network infrastructure and cyber security applications. We share
the concern about the potential for misuse of surveillance applications. As a result,
Qosmos withdrew from the Syrian ‘Asfador’ project – a decision made prior to the
systembeingfinalizedandpriortotheinitialstoryreportedbyBloombergon3No‐
vember.Qosmoswillneithersupplynorsupportitstechnologytothosewhosellto
authoritarianregimes.Qosmosisfullycompliantinadheringtoalllawsrelatedtothe
saleanduseofitstechnology.AlthoughtheuseofLawfulInterception(LI)solutions
bytelecommunicationscompaniesismandatedthroughouttheEU,USandmostoth‐
ercountriesworldwidetocollectcommunicationsinaccordancewithlocallaws,re‐
centpoliticaleventshaveshownthatfurtherregulationofLI,includingmorerestric‐
tivelegislation,isrequiredtopreventabuse”(Qosmos,QosmosStatementaboutRe‐
cent Media Reporting. November 22, 2011. http://www.qosmos.com/news‐
events/qosmos‐statement‐about‐recent‐media‐reporting).
Also the Germany company Utimaco reacted to the media reports: “It is thought
thatGermansurveillancetechnologyhasalsobeendeliveredtoSyria,aspartofasur‐
veillancesystemmadebytheItalianfirmArea.Foryears,theItalianshaveusedspe‐
cializedsoftwarebytheGermanfirmUtimacointheirsystems.ButasUtimacosenior
executiveMaltePollmanninsists,Areaonlybuiltatestversion,andtheItalianshave
justcancelledtheentireproject.‘Oursoftwarewasnotused,’saysPollmann”(Spiegel
Online International, Western Surveillance Technology in the Hands of Despots. De‐
cember 8, 2011). In a statement on its website, Utimaco declared: “Utimaco and its
majorityshareholder,Sophos,haverecentlybeenincludedinmediareportsaboutan
ItalianOEMreseller(AreaS.p.A.)allegedlysellingUtimaco’sLIMStechnologytoSyria.
Wetakeglobaltradecomplianceveryseriouslyandrequireallofourpartnerstoad‐
heretotheGerman,EuropeanUnion(EU)exportregulationsandUnitedNationsem‐
bargolists.Wearethoroughlyinvestigatingthematterandhavestoppedanyfurther
activities with Area until we receive full clarification from them”
(http://lims.utimaco.com/en/company/newsevents/statement‐on‐recent‐media‐
reports‐from‐utimaco‐safeware‐ag/).
Theexportofsurveillancetechnologywasinthiscircumstanceonlypreventedbe‐
causecriticaljournalistsandcivilsocietysteppedin.Theinvolvedcompaniesseemed
to have at first had no scruples about the possible use of their technologies for the
monitoringofpoliticalopposition,whichshowsthatitisdifficultifcivilsocietyhasto
taketheroleofawatchdogthattriestocorrectandstopcompaniesbehaviourafterit
has actually happened or started. Civil society tends to have limited resources and
onecanaskwhathappensinthosecasesthatremainunknown.Ifcivilsocietyandthe
media had not created pressure (e.g. because of lack of knowledge, resources, em‐
ployees,etc),onecanimaginethatproject“Asfador”wouldhavebeenimplemented
andresultedinhumansbeingtorturedandkilledfortheirpoliticalbelieveswiththe
helpofEuropeansurveillancetechnologies.
The Privacy & Security Research Paper Series, Issue # 1
2.3.7.2. Amesys (France) In August 2011, the Wall Street Journal wrote that the Amesys sold deep packet in‐
spectiontechnologiestoLibya,where,accordingtotheWallStreetJournal,Gaddafi’s
regimeusedtheminanInternetspyingcentreinTripolitomonitortheInternetus‐
ageofLibyancitizensandpoliticalopponents(WallStreetJournalOnline,Firmsaided
Libyanspies.Firstlookinsidesecurityunitshowshowcitizensweretracked.August
30,2011).TheInternationalFederationforHumanRightsandtheLiguedesDroitsde
l'HommeetduCitoyenfiledcriminalchargesagainstAmesys(FIDH,FIDHandLDHfile
acomplaintconcerningtheresponsibilityofthecompanyAMESYSinrelationtoacts
oftorture.October19,2011):
“On the ground floor of a six‐story building here, agents working for Moammar
Gadhafi sat in an open room, spying on emails and chat messages with the help of
technologyLibyaacquiredfromtheWest.Therecentlyabandonedroomislinedwith
posters and English‐language training manuals stamped with the name Amesys, a
unitofFrenchtechnologyfirmBullSA,whichinstalledthemonitoringcenter.Awarn‐
ingbythedoorbearstheAmesyslogo.Thesignreads:‘Helpkeepourclassifiedbusi‐
ness secret. Don't discuss classified information out of the HQ’. The room, explored
Monday by The Wall Street Journal, provides clear new evidence of foreign compa‐
nies' cooperation in the repression of Libyans under Col. Gadhafi's almost 42‐year
rule.ThesurveillancefilesfoundhereincludeemailswrittenasrecentlyasFebruary,
aftertheLibyanuprisinghadbegun.[…]Thiskindofspyingbecameatoppriorityfor
Libya as the region's Arab Spring revolutions blossomed in recent months. […] The
TripoliInternetmonitoringcenterwasamajorpartofabroadsurveillanceapparatus
builtbyCol.Gadhafitokeeptabsonhisenemies.Amesysin2009equippedthecenter
with ‘deep packet inspection’ technology, one of the most intrusive techniques for
snoopingonpeople'sonline activities, accordingtopeoplefamiliar withthematter.
[…]Gadhafi'sregimehadbecomemoreattunedtothedangersposedbyInternetac‐
tivism, even though the nation had only about 100,000 Internet subscriptions in a
populationof6.6million.TheEaglesystemallowsagentstoobservenetworktraffic
andpeerintopeople'semails,amongotherthings.Intheroom,oneEnglish‐language
postersays:’WhereasmanyInternetinterceptionsystemscarryoutbasicfilteringon
IPaddressandextractonlythosecommunicationsfromtheglobalflow(LawfulInter‐
ception), EAGLE Interception system analyses and stores all the communications
from the monitored link (Massive interception)’. [...] In a basement storage room,
dossiers of Libyans' online activities are lined up in floor‐to‐ceiling filing shelves”
(Wall Street Journal Online, Firms aided Libyan spies. First look inside security unit
showshowcitizensweretracked.August30,2011).
Peter Bouckaert, Human RightsWatch's emergencies director, expressed thecon‐
cern that Western companies and governments take actions to destroy evidence of
theirsupportofGaddafiandthesurveillanceofthepoliticaloppositioninLibya(The
Times,WesttriestocoverupLibyadeals:Theraceisontoseekoutanddestroyany
incriminatingevidence.October7,2011).
The Privacy & Security Research Paper Series, Issue # 1
Inapressrelease,Amesysdisputedtheclaimthatitinstalledasurveillancesystem
inLibyaandannouncedthatitreservestherighttofilesuitagainstthosewhomake
suchclaims:
“AmesyssignedacontractwiththeLibyanauthoritiesin2007.Therelevanthard‐
warewasdeliveredin2008.Thecontractwasrelatedtothemakingavailableofanal‐
ysishardwareconcerningasmallfractionoftheInternetlinesinstalledatthattime(a
fewthousand). ThisdidnotincludeeitherInternetcommunicationsviasatellite(as
usedinInternetcafes),encrypteddatasuchasSkype‐typecommunications,orfilter‐
ingofWebsites.Inaddition,thehardwareuseddidnotallowforthemonitoringof
eitherfixedormobiletelephonelines.
Thecontractwasconcludedatatimewhentheinternationalcommunitywasinthe
processofdiplomaticrapprochementwithLibya,whichwaslookingtofightagainst
terrorismandactsperpetratedbyAlQaeda(2007wastheyearinwhichtheBulgari‐
annurseswerereleased).(InDecember2007MuammarGadhafimadeanofficialvisit
to France; in July 2009 Muammar Gadhafi met with Barack Obama in Italy).
All Amesys' business dealings comply rigorously with the legal and regulatory re‐
quirementssetoutininternational,EuropeanandFrenchconventions.Amesysdoes
notoperateanytelephoneorInternetmonitoringcenters,anywhereworldwide.[...]
Amesysreservesitsrightsinrelationtoanyinfringementthatmayaffectitsimageor
reputation”
(Amesys,Pressrelease.September1,2011.
http://www.wcm.bull.com/internet/pr/new_rend.jsp?DocId=673289&lang=en).
Sotherearetwodifferentstories:Ontheonehandjournalistsandhumanrightsac‐
tivistswhosaythattheydiscoveredaLibyanmonitoringcentreandthat“Amesysin
2009 equipped the center with ‘deep packet inspection’ technology”. On the other
handAmesysthatsaysthatitdoesnotoperatesuchcentres.Andthereisadocument
releasedbyWikiLeaks(#5_15)thatifauthenticseemstosuggestbusinessrelations
betweeni2eandLibya.
2.3.7.3. trovicor (Germany) and Nokia Siemens Networks (Finland) InApril2009,theWashingtonTimesreportedthatNokiaSiemenssoldaMonitoring
CentretoIran:
“Nokia Siemens Networks (NSN), a joint venture between the Finnish cell‐phone
giantNokiaandGermanpowerhouseSiemens,deliveredwhatisknownasamonitor‐
ing center to Irantelecom, Iran's state‐owned telephone company. A spokesman for
NSN said the serverswere soldfor “lawful intercept functionality,” a technical term
used by the cell‐phone industry to refer to law enforcement's ability to tap phones,
reade‐mailsandsurveilelectronicdataoncommunicationsnetworks.InIran,acoun‐
trythatfrequentlyjailsdissidentsandwhereregimeopponentsrelyheavilyonWeb‐
based communication with the outside world, a monitoring center that can archive
theseinterceptscouldprovideavaluabletooltointensifyrepression.LilyMazaheri,a
The Privacy & Security Research Paper Series, Issue # 1
humanrightsandimmigrationlawyerwhorepresentshigh‐profileIraniandissidents,
said shehad suspected that thegovernment had increased its capability to monitor
its perceived enemies. Recently, one of her clients was arrested because of instant
messaginghehadparticipatedinwithMs.Mazaheri,shesaid.’Hetoldmehehadre‐
ceivedacallfromtheMinistryofIntelligence,andthisguywhenhewenttotheinter‐
rogation,theyputinfrontofhimprintedcopiesofhischatswithme.Hesaidhewas
dumbfounded,andhewassenttoprison.’[…]HadiGhaemi,spokesmanfortheInter‐
national Campaign for Human Rights in Iran, said 12 women´s rights activists were
arrested latelastmonthataprivatemeetingtocelebratethePersianNewYear.He
said the raid suggested the state had access to private communications.
’ThisisanabsolutethreattotheprivacyofallIranianactivists.Itputsthemindanger
ofbeingconstantlymonitoredbytheintelligenceservices,somethingthatweknowis
alreadyhappening,’Mr.Ghaemisaid“(WashingtonTimes,FedContractor,CellPhone
MakerSoldSpySystemtoIran.April13,2009).
TheIranianjournalistIsaSaharkhizwasjailedforthreeyears“onchargesofinsult‐
ing Iran's supreme leader and spreading propaganda against the regime. […] Last
month,SaharkhizfiledalawsuitagainstNokiaSiemens,accusingthecompanyofde‐
liveringsurveillanceequipmenttoIranthathelpedtheauthoritiestracehiswherea‐
boutsthroughhiscellphone”(BBCMonitoringWorldMedia,ProminentIranianJour‐
nalistJailedforThreeYears.September30,2010).
Nokia Siemens commented on media reports: (ARD Tagesthemen, Siemens‐Nokia
ÜberwachungstechnikimIran.June24,2009.
http://www.youtube.com/watch?v=8JbydEFBx5E).“Thesystemcanonlyrecord,it
cannot identify anybody” (Stefan Zuber)1. The journalist Erich Möchel in contrast
said: “One can geographically locate with these monitoring centres, where persons
are, one can create their communication profile, with whom they communicate.
Groups can be investigated”2 (ibid). A product specification of the Nokia Siemens
MonitoringCenter(providedinoneofElaman’sbrochures)explainsthatitsupports
the “fully automatic recording of all data concerning all activities of the target” and
makes“nationwidemonitoringpossible”(#7_2).Sotherelevantaspectisnotthatit
does not censor the Internet, but rather that Nokia Siemens’ Monitoring Center can
monitortheactivitiesandcommunicationsofpoliticalactivists.
AformeremployeeofNokiaSiemensreportedthathewaspartoftheinstallationof
aMonitoringCentreinIran(ZDFFrontal21,Nokia‐Siemens‐NetworksimIran.Janu‐
ary 26, 2010. http://www.youtube.com/watch?v=oHqyKYa6Ffw). Siemens Board
MemberJoeKaesersaid:“ThereistodaynoreasonforustoassumethatNSNhasact‐
1
”DasSystemkannnuraufzeichnen,eskannniemandenidentifizieren.Esistnichtgeeignet,umZensur
zuüben”.
2
“Es können mit diesen Monitoring Centern Personen geographisch bestimmt werden, wo sie sind, es kann ihr Kommunikationsprofil erstellt werden, mit wem sie kommunizieren. Es können Gruppen ausgeforscht warden”.
The Privacy & Security Research Paper Series, Issue # 1
ed unlawfully or unorderly”3. In the same report, the two Iranian political activists
Poojan Mahmudian and Kianoosh Sanjari reported that they were imprisoned and
thattheircommunicationsweremonitored(ibid.).
InitsCorporateResponsibilityReport2009,NokiaSiemens’CEORajeevSuriwrote:
“Over the past year we have seen allegations that telecommunications technology,
includingthatprovidedby NokiaSiemensNetworks,hasbeenusedtosuppresshu‐
manrightsinsteadofenhancingthem.Thisis notasimpleissueastechnologythatis
designed to benefit society can be used for other purposes and, of course, govern‐
mentscanchangeovertime”(NokiaSiemensNetworks2009,4).Thisstatementim‐
plies that a Monitoring Center isdesignedfor benefiting society and that its use for
repressionofpoliticalopponentsisanunintendedside‐effect.Thequestionisifthe
purposeoftheuseofsuchatechnologyforrepressionisnotforeseeableifacompany
entersabusinessdealwithIran.
InastatementissuedinJune2009,NokiaSiemensarguedthatthesurveillancecen‐
treitdeliveredtoIranhad“thecapabilitytoconductvoicemonitoringoflocalcallson
itsfixedandmobilenetwork”andthatitcouldnot“providedatamonitoring,internet
monitoring,deeppacketinspection,internationalcallmonitoringorspeechrecogni‐
tion”(NokiaSiemensNetworks,ProvisionofLawfulInterceptCapacityinIran.June
22, 2009. http://www.nokiasiemensnetworks.com/news‐events/press‐room/press‐
releases/provision‐of‐lawful‐intercept‐capability‐in‐iran). It also said in the same
statement that Nokia Siemens Networks’ Intelligence Solutions was sold to Persua
GmbH on March 31st, 2009 (ibid), which now operates it under the name Trovicor
GmbH(SpiegelOnlineInternational,WesternSurveillanceTechnologyintheHandsof
Despots. December 8, 2011). In August 2011, Bloomberg reported that the impris‐
onedhumanrightsactivistsAbdulGhaniAlKhanjarwastorturedinaBahrainiprison
andthattheofficialspossessedtranscriptsofhiscommunications.Accordingtotwo
people associated with Trovicor, the company provided surveillance technology to
Bahrain (Bloomberg, Torture in Bahrain Becomes Routine With Help From Nokia
Siemens. August 23, 2011. http://www.bloomberg.com/news/2011‐08‐22/torture‐
in‐bahrain‐becomes‐routine‐with‐help‐from‐nokia‐siemens‐networking.html).
“Trovicor equipment plays a surveillance role in at least 12 Middle Eastern and
North African nations, according to the two people familiar with the installations.
[…] Al Khanjar says the first of his communications used in the interrogations was
interceptedinJune2009.Atthattime,theNokiaSiemensfamilyofrelatedcompanies
was the only known supplier and maintainer of monitoring centers to Bahrain, the
two people familiar with the installations say. The clusters of computers required
constantupgradesbythecompanies,theysay”(ibid.).
InApril2012,GermanmediapublishedallegationsthatNokiaSiemensalsosoldits
Monitoring Centre to Syria. “German industrial giant Siemens sold network surveil‐
lancetechnologytotheSyrianregime in2000,public broadcasterARDreportedon
3
“Es gibt heute für uns keinen Grund anzunehmen, dass NSN sich rechtswidrig oder nicht ordnungsmässig verhalten hat”.
The Privacy & Security Research Paper Series, Issue # 1
Tuesdaynight.Accordingtotheirnewsshow‘Fakt’,aproductcalledthe‘Monitoring
Center’ was delivered to Syrian mobile communications company Syriatel. Nokia
Siemens Networks confirmed the delivery, they reported. The corresponding busi‐
ness division at Siemens became the new joint venture Nokia Siemens Networks in
2007. The following year, that company signed a contract with Syrian landline pro‐
vider STE, a deal that also included the ‘Monitoring Center’. These contracts were
then transferred in March 2009 to the Nokia Siemens Networks spin‐off company
Trovicor,whichtookoverthe‘VoiceandDataRecording’division,ARDreported,cit‐
ingdocumentstheyhadobtained.
TheMunich‐basedcompanyTrovicor,whichbelongstoafinancialinvestortoday,
declined to comment on the issue, ‘Fakt’ reported. But a human rights activist from
AmnestyInternationaltoldtheshowthatthesystematiconlinesurveillancebySyrian
security forceswaslikely playingaroleinthecapture ofoppositionmembers,who
facetortureaftertheirarrest.[…]InternetfreedomactivistandPiratePartymember
Stephan Urbach criticized the export of surveillance technology from Germany. ‘We
need a broader debate about the ethical responsibility of companies’, he said in a
statement.‘TheGermangovernmenthascompletelymissedthisdebate,particularly
inthewakeofrevelationsaboutsuchfilteringandsurveillancesystems’.Ifitbecomes
unambiguouslyclearthatGermancompanieshavedeliveredsurveillancetechnology
to totalitarian states, Berlin must ‘swiftly correct this failure’, he added” (Spiegel
OnlineInternational,MonitoringtheOpposition:SiemensAllegedlySoldSurveillance
GeartoSyria.April11th,2012.
http://www.spiegel.de/international/business/0,1518,826860,00.html).
Fakt interviewed a Syrian activist who fled to Germany. He said: “I provided
YouTube videos of demonstrations. When I was arrested, my exact behaviour was
readtomefromthefiles.EverysinglestepI'vetakenontheInternetwasheldaganist
tomewhileIwasbeaten”4(FAKT,SyrienüberwachtmitSiemens‐Technik.April10,
2012.http://www.mdr.de/fakt/siemens106.html).
If these reports are true, then it means that Nokia Siemens first sold Monitoring
CentrestoIranandSyria,thensolditssurveillancebusinessunittoanothercompany
that renamed the business unit to trovicor and continued selling the technology to
countriesthatusethemfortracking,imprisoningandtorturingpoliticalactivists.
Erich Möchel, the first journalist who reported about Nokia Siemens relations to
Iran,commentsonthe saleofthesurveillanceunittoasmallercompanythatthere
wasnoconcernabouthumanrights,butonlyaconcernaboutimagedamage,andthat
thebusinesswith surveillancecontinues:"Meanwhilepredominates the insightthat
thecollateraldamageforcompanypolicyprobablywillbemuchsmalleriftheseMon‐
itoringCenters[...]areoutsourcedtospecialistcompaniesandoneselfprepareseve‐
4
TranslationfromGerman.“IchstellteYouTubeVideosvonDemonstrationenbereit.Alsichdanach
verhaftetwurde,wurdemirmeinegenaueVorgehensweiseausdenAktenvorgelesen.Jedereinzelne
Schritt,denichimInternetunternommenhabe,wurdemirvorgehalten,währendichgeschlagen
wurde”.
The Privacy & Security Research Paper Series, Issue # 1
rythingtechnicallysothatthisforeignequipmentsuppliedbythirdpartiescanwith‐
outproblembedockedtoone’sowntelephonenetworks.[...]Itispuremarketpoli‐
tics,nothingelse.Ithasnothingtodowithhumanrights,butonlywiththefactthat
one does not want to dirty one’s own hands. So one sends ahead somebody else –
companiesthatdonotcarebecausetheycomefromthisarea.[...]Ifyouselltoastate
acompleteGSMnetworkfamily,thenthisreallycostsmoney.That'salotofrevenue.
Well,nowonesaysstopthat,oneletsotherstakecareofit,theMonitoringCentres,
andonerathermakesthebigbusinessandnotthesmallbusinessbecausebothget
togetherbadly[...]Nokiahassufferedahugereputationaldamagebytherevelations
inIran.[...]Forthisreasononehasretreatedandsaid:Theimagelossislargerthan
theexpectedprofitwhenwecarryonfurtherthisway,sowestopit.That’sbasicallya
verywisebusinesspolicydecision"(NDR.ZAPP:InterviewmitErichMöchel.Decem‐
ber7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/moechel103.html)6.
Möchelintheinterviewpointedoutthatpublicpressure(bythemediaandcivilso‐
ciety)ononecompanydoesnotautomaticallystopunethicalbusinesspractices,but
canresultinthesellingofbusinessunitstoothercompaniesthatengageincompara‐
blepractices.
NewsreportshavearguedthatMonitoringCentresproducedbyNokiaSiemensand
trovicorwereusedtorepresstheIranianandBahrainianopposition,peoplelikethe
5
“Inzwischen überwiegt die Einsicht, dass der Kollateralschaden für die Firmenpolitik wohl wesentlich ge‐
ringer sein wird, wenn man diese Monitoring Centres […] an Spezialfirmen auslagert und man selbst berei‐
tet eigentlich nur alles dazu vor technisch, dass dieses fremde Equipment (von Dritten zugelieferte) prob‐
lemlos an die eigenen Telefonienetze andockbar ist. […] Es ist reine Marktpolitik, sonst nichts. Es hat nichts mit Menschenrechten zu tun, sondern nur damit, dass man sich selbst nicht anpatzen will damit. Sondern da schickt man jemanden anderen vor – Firmen, denen es egal ist, denn sie kommen aus dem Bereich. […] Wenn man an einen Staat ein Netz aus der kompletten GSM Familie verkauft, das kostet so richtig Geld. Das ist viel Umsatz. Naja, jetzt sagt man halt, man überlässt das anderen, die Monitoring Centres, und wir ma‐
chen lieber das große Geschäft und das kleine Geschäft nicht, denn beide Geschäfte zusammen vertragen sich schlecht. […] Nokia hat einen immensen Imageschaden durch das Auffliegen im Iran davongetragen. […] Aus diesem Grund hat man sich zurückgezogen und hat gesagt: Der Imageschaden ist grösser als der zu erwartende Gewinn, wenn wir das weiter betreiben, also hören wir auf damit. Eine sehr kluge geschäftspo‐
litische Entscheidung im Grunde ”.
6
“Inzwischen überwiegt die Einsicht, dass der Kollateralschaden für die Firmenpolitik wohl wesentlich ge‐
ringer sein wird, wenn man diese Monitoring Centres […] an Spezialfirmen auslagert und man selbst berei‐
tet eigentlich nur alles dazu vor technisch, dass dieses fremde Equipment (von Dritten zugelieferte) prob‐
lemlos an die eigenen Telefonienetze andockbar ist. […] Es ist reine Marktpolitik, sonst nichts. Es hat nichts mit Menschenrechten zu tun, sondern nur damit, dass man sich selbst nicht anpatzen will damit. Sondern da schickt man jemanden anderen vor – Firmen, denen es egal ist, denn sie kommen aus dem Bereich. […] Wenn man an einen Staat ein Netz aus der kompletten GSM Familie verkauft, das kostet so richtig Geld. Das ist viel Umsatz. Naja, jetzt sagt man halt, man überlässt das anderen, die Monitoring Centres, und wir ma‐
chen lieber das große Geschäft und das kleine Geschäft nicht, denn beide Geschäfte zusammen vertragen sich schlecht. […] Nokia hat einen immensen Imageschaden durch das Auffliegen im Iran davongetragen. […] Aus diesem Grund hat man sich zurückgezogen und hat gesagt: Der Imageschaden ist grösser als der zu erwartende Gewinn, wenn wir das weiter betreiben, also hören wir auf damit. Eine sehr kluge geschäftspo‐
litische Entscheidung im Grunde ”.
The Privacy & Security Research Paper Series, Issue # 1
journalist Isa Saharkhiz and the political activists Poojan Mahmudian and Kianoosh
Sanjari in Iran or the Bahraini human rights activist Abdul Ghani Al Khanjar. There
aredifferingreportsandviewsaboutwhattechnicalcapacitiesthecommunications
surveillancetechnologiesexportedtoIranandBahrainactuallyhad.Soalthoughthe
business practices are not entirely clear, it seems to be the case the companies like
trovicor and Nokia Siemens produced or have produced surveillance technologies
that are capable of intercepting the communications content of different forms of
communication (Internet, fixed line telephony, mobile phone communication, etc)
andthatsuchtechnologiescaninpoliticalcontextsbeusedforrepressionagainstthe
politicalopposition.
OnOctober25th,2010,theEUupdateditsexportrestrictionstoIranthatwereis‐
sued in 2007. The restriction includes an explicit restriction “on trade in dual‐use
goodsandtechnology,aswellasequipmentwhichmightbeusedforinternalrepres‐
sion”(EURegulationNo.961/2010of25October2010onRestrictiveMeasuresagainst
Iran).ThismeansthatexportsofInternetandphonesurveillancetechnologieshave
beenlegalpriortothisrestriction.InMarch2012,theEUupdatedthisregulationsay‐
ingthatequipmentthatcanbeusedforInternetandphonesurveillanceandinternal
repressionshallnotbeexportedfromtheEUtoIran(EURegulationNo.267/2012of
23 March 2012 concerning Restrictive Measures against Iran). The EU’s export re‐
strictionsofthatwerepassedonNovember16th,2011applyforequipmentthatcan
be used “in connection with a violation of human rights, democratic principles or
freedomofspeechasdefinedbytheCharterofFundamentalRightsoftheEuropean
Union,byusinginterceptiontechnologiesanddigitaldatatransferdevicesformoni‐
toring mobile phones and text messages and targeted surveillance of Internet use
(e.g. via Monitoring Centres and Lawful Interception Gateways)” (EU Regulation No.
1232/2011oftheEuropeanParliamentandtheEuropeanCouncil).Therestrictionap‐
pliesonlyforthefollowingcountries:Argentina,China(includingHongKongandMa‐
cao), Croatia, India, Russia, South Africa, South Korea, Turkey, and Ukraine (ibid.).
Thismeansthatexportofcommunicationssurveillancetechnologytoacountrylike
Bahrain is still legal, whereas it is now illegal to export similar technologies (like
MonitoringCentres)toIran.Soiftheclaimsthattrovicorexportedcommunications
surveillance tools to Bahrain were true, then it would definitely be the case that
“trovicorcomplieswithallexportandcustomscontrolsinallregionswherebusiness
is conducted” (#9, 7). The question that can however be posed is not only if legal
standards have been respected or if fundamental ethical principles are respected
(such as the human right of freedom of assembly and expression) and if trovicor’s
businesspracticesrespecttheethicalgoalthatithassetitselfinitsCodeofBusiness
Conduct(#9)andthatisnotprimarilyalegalgoal,namelythat“trovicor’sbusiness
ethics goal is, as an industry leader, to be among the world’s best in corporate re‐
sponsibility,corporategovernance,promotingfaircompetition,adaptinternationally
recognized standards whenever feasible, and practicing good corporate citizenship
whereveritdoesbusiness”(#9,4).
The Privacy & Security Research Paper Series, Issue # 1
Being asked if trovicor exported communications surveillance technology to Bah‐
rain,trovicorofficials“wereonlywillingtostatethattheycouldnotpubliclydiscuss
customersandthedetailsofagreements”(SpiegelOnlineInternational,WesternSur‐
veillanceTechnologyintheHandsofDespots.December8,2011)and“BirgittFisch‐
er‐Harrow, Trovicor’s head of marketing communications, said Trovicor’s contracts
preventitfromdisclosingitscustomersorthecountrieswhereitdoesbusiness.She
declinedtocommentfurther”(ArabianBusiness,WesternSpyToolsAidinCrackdown
on Arab Dissent. August 28, 2011). That businesses refuse to comment on their ex‐
portsshowsthatunderthecurrentlegalcircumstancesintheEUitisdifficulttoob‐
taintransparencyaboutwhichsurveillancetechnologieshavebeenexportedandsold
towhichcountriesandorganizationsbyEuropeansecuritycompanies.
Insomeofthecasespresentedthusfar,companiesengagingintheexportofcom‐
munications surveillance withdrew their projects or plans only after the media and
civilsocietycriticizedthempublicly,inothercasescompaniesdeclinedtocomment.
Thisshowsthecircumstancethatthereisalackoftransparencyofthebusinessprac‐
ticesofsecuritycompanies.
2.3.7.4. Gamma Group (UK)
Gamma’sFinFisherisaso‐called“Trojanhorse”,asoftwarethatonceinstalledallows
theintruderremoteaccess.FinFishercaninfectcomputers,mobilephones,localnet‐
works and ISP networks and extract data from these systems (#7_10, 4‐10). The
product and training was advertised in Eleman’s Communications Monitoring cata‐
logue from October 2007 (#7_2). FinFisher can e.g. be tarned as a software update
thatissenttoacomputerormobilephone(NDR.ZAPP:GermanySpywareforDicta‐
tors.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).
“FinFisher is the leading offensive IT Intrusion program through which Gamma
provides complementary solutions, products and advanced training capabilities to
Government end‐users who are seeking world class offensive techniques for infor‐
mationgatheringfromsuspectsandtargets”(#19).
Accordingtomediareports,GammaofferedtosellitsFinSpysoftwaretoEgyptian
securityauthorities(EUobserver.com,EUcompaniesbannedfromsellingspywareto
repressive regimes. October 11, 2011). “Egyptian anti‐regime activists found a star‐
tlingdocumentlastmonthduringaraidinsidetheheadquartersofthecountry'sstate
securityservice:ABritishcompanyofferedtosellaprogramthatsecurityexpertssay
couldinfectdissidents'computersandgainaccesstotheiremailandothercommuni‐
cations. […] Amid the scattered papers, interrogation devices and random furniture
foundduringtheraid,theactivistsuncoveredaproposedcontractdatedJune29from
theBritishcompanyGammaInternationalthatpromisedtoprovideaccesstoGmail,
Skype,HotmailandYahooconversationsandexchangesoncomputerstargetedbythe
InteriorMinistryofoustedPresidentHosniMubarak.TheproposalfromGammaIn‐
ternationalwaspostedonlinebyCairophysicianMostafaHussein,abloggerwhowas
The Privacy & Security Research Paper Series, Issue # 1
amongtheactivistswhoseizedtheministry'sdocuments.‘Itisimportantevidenceof
theintentofthestatesecurityandinvestigationdivisionnottorespectourprivacy,’
Mr.Husseinsaid.‘Thisproposalwassenttoanotoriousdepartmentknownfortor‐
ture,spyingoncitizenstohelpMubarak'sregime,’Mr.Husseinsaid,referringtothe
State Security Investigations Service. ‘The company Gamma, I consider them to be
partnersinthecrimeoftryingtoinvadeourprivacyandarrestactivists’”(Washing‐
ton Times, British Firm Offered Spy Software to Egypt: Activists Say They Were the
Targets.April26,2011).
AlsotheGermanregionalpublicserviceTVstationNDRreportedaboutasecretof‐
ferofGammatotheEgyptianstatefortheFinFishertechnology(NDR.ZAPP:Germa‐
nySpywareforDictators.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).
The Egyptian blogger Mostafa Hussein, who discovered the documents, argued in
theNDRreportthatthissoftwareis“exactlylikeweapons”(ibid.).TheEgyptianIn‐
ternetactivistIsraaAbdelFattahwasinterviewed,sayingthatthissoftwareis“help‐
ingthedictators[…]to[…]attacktheactivism”(ibid.).HerownInternetcommunica‐
tionwassurveilledbytheEgyptiangovernment.Shesaidthatsurveillancecompanies
“only think about money” (ibid.). NDR also describes Gamma’s attempts to sell sur‐
veillance technologiestoTurkmenistanandOman(ibid.).The AustrianIT journalist
ErichMöchelsaidthatsurveillancetechnologycompaniesencourage“repressionand
torture”(ibid.).
Gamma reacted to the accusations partly by refusing to comment and partly by
denyingthem:“PeterLloyd,anattorneyforGammaInternational,toldTheWashing‐
tonTimesthatthecompanyneversoldtheFinFishersoftwaretotheEgyptiansecuri‐
ty ministry. But the lawyer declined to answer questions about the company's mal‐
waredivision,orthedetailedproposalfoundintheEgyptianministry.‘Gammacom‐
pliesinallits dealingswithallapplicableU.K.lawsandregulations,’Mr.Lloydsaid.
‘Gamma did not supply to Egypt but in any event it would not be appropriate for
Gamma to make public details of its transactions with any customer’ ” (Washington
Times,BritishFirmOfferedSpySoftwaretoEgypt:ActivistsSayTheyWeretheTar‐
gets.April26,2011).
Gammaexplainstheneedofsurveillancetechnologiesbythreatstonationalsecuri‐
ty.TheEgyptianrevolutioncertainlywasathreattothenationalsecurityoftheold
Mubarak regime. The question that arises is if a government that is questioned in
mass demonstrations by its own population has the moral right to defend national
securitywiththehelpofsurveillancetechnologiesthatareusedtospyon,imprison,
torture or kill opponents. On the one hand there are claims that Gamma offered to
supply Internet surveillance technologies to Egypt, on the other hand the company
hasdeniedthis.FinFisherdefinitelyisatechnologythathasthepotentialtobeused
forthesurveillanceofandrepressionagainstpoliticalopponents.
The Privacy & Security Research Paper Series, Issue # 1
2.3.7.5. A Problem Not Limited to Internet Surveillance: The Export of Mobile Phone Surveillance Technology
Discussions about the Swedish company Ericsson’s business relations to Iran
showsthatnotonlytheexportofDPIInternetsurveillancetechnologyiscontrover‐
sial,butthatthesametopicextendsintotherealmofmobilephonenetworks.
OnOctober30,2011,Bloombergpublishedanarticletitled “Iranian PoliceSeizing
Dissidents Get Aid Of Western Companies” (http://www.bloomberg.com/news/2011‐
10‐31/iranian‐police‐seizing‐dissidents‐get‐aid‐of‐western‐companies.html) as part
of their Wired for Repression article series on “Surveillance Tech & Repressive Re‐
gimes” (http://topics.bloomberg.com/wired‐for‐repression). The Bloomberg article
saysjournalistSaeidPourheydarwasimprisonedbyIranianpolicein2010.Hewas
“held in Evin Prison for weeks following his arrest early last year for protesting, he
says, he learned that he was not only fighting the regime, but also companies that
armed Tehran with technology to monitor dissidents like him” (ibid). Pourheydar
informsthesourcesthathismobiledevicewasintercepted,stating“thepowerofthis
enemy became clear as intelligence officers brandished transcripts of his mobile
phone calls, e‐mails and text messages during his detention. About half thepolitical
prisonershemetinjailtoldhimpolicehadtrackedtheircommunicationsandmove‐
mentsthroughtheircellphones”(ibid.).Followingtheincident,Pourheydarisquot‐
ed:“Thisisacommerceofdeathforthecompaniesthatplacethistechnologyinthe
hands of dictatorships” (http://www.insideofiran.org/en/human‐rights/3042‐
iranian‐police‐seizing‐dissidents‐get‐aid‐of‐western‐companies.html).
The Swedish company Ericsson “confirmed that in the fourth quarter of 2009 it
soldamobile‐positioningcenterforcustomerbillingpurposestoMTNIrancellTele‐
communications Services Co” (ibid). The Serving Mobile Positioning Centre is a “box
thatcancalculateaperson’slocationandlogsthedata”(ibid.).Thearticleclaimsan
unnamedformeremployeeofEricssonwas“urgentlycalledintofixthesysteminlate
2009sayshewastoldthatIranianintelligenceofficerswereattemptingtopinpoint
thelocation ofsomeoneinthe Zahedanarea ofsoutheastIran” (ibid.).Accordingto
Bloomberg,Ericsson“decidedin October2010itwouldnolongersellanyproducts
into Iran due to recent efforts to tighten sanctions.” (ibid.). The article claims that
formerEricssonemployeeSaiviahsFahimiwasarrestedinDecember2009byIranian
police based on interception of his mobile text messages, allegedly using Ericsson
technology. The article claims Fahimi was familiar with how the technology can
work, stating “I worked on the technology and I was a victim of the technology, as
well,”and:“Theycanmonitorwhoevertheywant,fortheirpurposes,notfortheben‐
efitofsocietyandpeople”(ibid).
InanarticlepublishedbyInsideofIran,Iranianwomen’srightsactivistMansoureh
ShojaeeclaimsshewasdetainedandinterrogatedatthesameprisonPourheydarwas
detainedat.Sheclaimsthepolicehaddetailsofherphoneactivity,stating,“mymo‐
bile phone was my enemy, my laptop was my enemy, my landline was my enemy”
(http://www.insideofiran.org/en/human‐rights/3042‐iranian‐police‐seizing‐
The Privacy & Security Research Paper Series, Issue # 1
dissidents‐get‐aid‐of‐western‐companies.html).In2010,TheSwedishWirepublished:
“Sweden’s Ericsson accused of monitoring in Iran” based on a statement by Nobel
PeacePrizeLaureateShirinEbadithatEricssonisselling“softwarethatalloweditto
monitortextmessagesandmobilephonecalls”
(http://www.swedishwire.com/business/7325‐swedens‐ericsson‐accused‐of‐
monitoring‐in‐iran).
OnNovember11,2011TheLocal,aSwedishonlinenewswebsitepublishedanar‐
ticletitled“EricssonRejectsClaimsofAidingIran”(TheLocal,
http://www.thelocal.se/37098/20111101/). According to The Local, Ericsson’s
Fredrik Hallston rejected claims published in a Bloomberg article that they were
providingIranwith“technologycapableoftracking dissidents throughtheirmobile
phoneactivity”,statingthatwhatEricssonreallysoldwasa“locationbasedcharging”
systemthatallowedmobileoperatorIrancelltochargetherighttariffsbasedonthe
callerslocation,claimingthatthetechnologyisunabletotrackthecallerslocationin
real time. Hallston defends Ericsson’s business relations by adding: “It is in every‐
one’s interest that you call in and out of the country” (ibid). In 2006, Cellular News
(CN, http://www.cellular‐news.com/story/16540.php) published an article about
Ericsson and British operated Vodafone’s involvement in the illegal surveillance of
the Greek Prime Minister Kostas Karamanlis. The British mobile operator Vodafone
allegedly used technology equipment built by Ericsson to illegally wiretap “senior
militaryofficers,humanrightsactivists,journalists,Arabbusinessmenandamobile
phoneusedbytheU.S.Embassy,accordingtoalistofnumbersgiventoparliamentby
Vodafone”(ibid).Accordingtothearticle:“Theroguewiretapprogramhijackedthe
Ericssonsoftwaretodivertcallstomobilephonesusinghard‐to‐tracetopupservices,
officialssaid”(ibid).TheCEOofEricsson’sGreecedivisionBillZoukiclaimsthatVo‐
dafonewasinformedandresponsibleforthelegaluseofthesoftware,althoughVoda‐
fonedeniestheseclaims.InJanuary2012,Crikey.com,wrote:“Ericssonhasalsobeen
accusedofsellingsurveillancetechnologytoIranandEricssonequipmentisusedby
thesavageBelarussiandictatorshipofAlexanderLukashenkotowiretapopponents”
(http://www.crikey.com.au/2012/01/10/tracking‐the‐trackers‐the‐cyber‐snoops‐
working‐in‐australia/).
The example shows that discussions about the export of communication surveil‐
lancetechnologyarenotonlylimitedtocomputingandtheInternet,butalsoaffects
therealmofmobilephonesurveillance.Supplyofcommunicationssurveillancetech‐
nologiesseemstobeinherentlyconnectedtopossibleabuse.
2.3.8. Summary of the Main Findings about European DPI Surveillance Technologies
2.3.8.1. The Technological Set-Up of Internet Surveillance
TheUppsalaUniversityresearchteamanalysedsampleofdocumentsthatdescribes
The Privacy & Security Research Paper Series, Issue # 1
theuseofInternetsurveillancetechnologiesthatareproducedandsoldbyEuropean
companies.ThequestionwastofindoutwhatkindsofInternetsurveillancetechnol‐
ogiesareavailable.
ThereisavarietyofInternetsurveillancetechnologiesavailableontheEuropean
securitytechnologymarketthatusesDeepPacketInspection(DPI).Someofthemare
thefollowingones:
*AlcatelLucent1357ULIS–UnifiedLawfulInterceptionSites(Alcatel‐Lucent)
*ALIS‐AqsacomLawfulInterceptionSystem(Aqsacom)
*BONGOMonitoringCentre(NETI)
*CS‐2000,POSEIDON,MuninPOTS(Elaman)
*DigiBase,DigiNet(Digitask)
*EAGLE(Amesys)
*EVELawfulInterceptionSolution(PineDigitalSecurity)
*GENESIMonitoringCentre,GENESINetworkInterceptionPlatform(IPS)
*TargetProfiling(IPS)
*iXEngine,ixMachine(Qosmos)
*LawfulInterceptionMediationArchitecture(LIMA),LIMADPIMonitor,LIMAMan‐
agementSystem(Group2000)
*LISystem(Inveatech)
*MCRSystemMonitoringCentre(AreaSpa),
*NetSpyder,IPTr@pper(Thales)
*PRXTrafficManager,NetReporter,DPXNetworkProbe,PACE(ipoque),
*SIP&GTPProbe(TelesoftTechnologies)
*trovicorMonitoringCenter(trovicor),formerly:NokiaSiemensMonitoringCenter
(NokiaSiemensNetworks)
*UtimacoLawfulInterceptionManagementSystem(LIMS)(Utimaco)
Suchsystemsaretypicallycoupledtomonitoringcentresthatareabletoscandif‐
ferenttypesofcommunicationnetworks(e.g.theInternet,fixedlinetelephony,mo‐
biletelephony).DeepPacketInternetsurveillanceisfacingthechallengethatInternet
protocolsarechangingandthatfiltering,decodingandanalysisofdifferentprotocols
(suchase‐mail,webmail,VoIp,chat,http,FTP,etc)isneededinordertothoroughly
monitorInternettraffic.
ForthepurposeofInternetsurveillance,notonlyDPItechnologiesareavailableon
theEuropeansecuritymarket,butalsoTrojanhorses.Twoexamplesare:
*RemoteForensicSoftware(Digitask)
*FinFisher(GammaGroup)
Trojan horses are software programmes that are disguised as other programmes
andonceinstalledonacomputercollectdataaboutusersthataresecretlytransmit‐
ted to the monitoring party. The use of such communication surveillance tools has
beenconsideredinlawenforcementincases,wheresubjectsuseSkypeorencrypted
e‐mailcommunication.Digitask’sRemoteForensicSoftwarehasinGermanyresulted
in an intense public debate about the constitutionality and ethical desirability of
online investigations in the debate about the “Bundestrojaner” (”Federal Trojan”).
The Privacy & Security Research Paper Series, Issue # 1
Gamma Group’s FinFisher has gained public attention when news reports claimed
thatthecompanyhadofferedthetechnologytoEgyptiansecurityauthorities.
2.3.8.2. The Self-Understanding of European Internet Surveillance Technology Producers TheUppsalaUniversityresearchteamalsostudiedtheself‐descriptionoftheana‐
lysedcompaniesandhowtheyexplaintherelevanceofInternetsurveillance,i.e.why
thecompanythinksitisimportantthatitproducesandsellssuchtechnologies.The
questionwashowthesellingofthesetechnologieswasjustified.Atypicalexplanation
whyEuropeancompaniessellInternetsurveillancetechnologiesisthatcriminalsand
terroristsusetheInternetandthatInternetsurveillancecanpreventandpolicecrime
andterrorism.
InveatechsaysthatInternetsurveillanceisnecessaryto“beabletoguaranteepub‐
licsafety”(#1).Thalesarguesthat“terrorismandcybercrimeareontherise”(#3_4,
3).Aqsacomsaysthatthereisa“darksidetotheInternet’spower–namelytheInter‐
net’sexploitationbycriminalsandterrorists”(#4_5,3).AmesysarguesthatInternet
surveillanceisneededinorder“reducecrimelevels,protectfromterrorismthreats,
andidentifynewincomingsecuritydanger[s]”(#6_1).ElamanpointsoutthatInter‐
netsurveillanceisneeded“forinvestigatingandprosecutingcriminalactivitiesand
terrorism”(#7_10,11).trovicorsays:“Whenitcomestofightingcrimeandthwarting
terroristattacks,lawenforcementandgovernmentsecurityagenciesneedtheright
communicationtoolstogetresults”(http://www.trovicor.com/en/business‐
sections/lawful‐interception.html).Utimacowritesthatthereisa“broadavailability
ofcommunicationoptionsandtherelativeeasewithwhichcriminalnetworksand
terroristgroupscanexchangeinformation”(#12_4,5).IPSstates:“Criminalorganiza‐
tionsexploittheseapplicationstakingadvantageoftheanonymitygrantedbythe
Internet.SocialNetworksmonitoringorWebMailsinterceptioncangathertheintel‐
ligencehelpingtoidentifypeopleinvolvedincriminalactivities”(http://www.resi‐
group.eu/ips/?page_id=210&lang=en).TheGammaGroupholds:“Theincreaseof
cybercrimeboththroughterrorism,intimidationandindustrialespionagearecon‐
stantlyontherise,andillegalactivitiesareaidedbyavailabletechnologies”(#19).
Theseopinionscanbeconsideredasbeingexpressionsofaspecificworldviewon
theroleofcrimeinsocietythathasbysomescholarsbeencharacterisedasconserva‐
tive ideology of crime (Hall et al. 1978, Jewkes 2011). It is based on law and order
politicsandtheassumptionthatsurveillancetechnologiesshouldbeheavilyusedand
canpreventcrimeandterrorism.It“emphasizesdeterrenceandrepressionandvoic‐
es support for more police, more prisons and a tougher criminal justice system”
(Jewkes2011,62).Policingcrimeandterrorcaninsuchasituationeasilyturnover
intopolicingthepoor,theunemployed,minorities,peopleofcolour,andcivilsociety.
Thenewsurveillanceofthe21stcenturynotonlytacklescriminalsandterrorists,but
erectsavisibilityofeveryoneandeverythingthatalsoallows(actuallyorpotentially)
thecontrolofpoliticalprotests(thatareontheriseinsituationsofcrisis),whichun‐
The Privacy & Security Research Paper Series, Issue # 1
dercutstheliberalvaluesoffreedomofspeechandassemblyandtherebyshowshow
modernsocietytodayisrunningtheriskofcontradictingitsownvalues,onwhichit
wasbuilt.
Theidentifiedtechnologyfetishismofthesecurityindustryisgroundedinastrong
belief in the power of technology that is conceived as being independent of society.
Societalphenomena(crime,terror,crises,politicaltransformations)aremistakento
be caused and controllable by technology. But societal phenomena merely express
themselvesincommunicativeandtechnologicalspaces,theyarenotcausedbythem.
Technological determinism inscribes power into technology, it reduces power to a
technologically manageable phenomenon and thereby neglects the interaction of
technology and society. Technological determinism sees technology as developing
independently from society, but as inducing certain societal effects with necessity
(Kling, Rosenbaum and Sawyer 2005, 13, 188; Lister et al. 2003, 391; Shade 2003).
Technologicaldeterminismassumesthat“technologieschange,eitherbecauseofsci‐
entificadvanceorfollowingalogicoftheirown;and[that]theythenhaveeffectson
society” (MacKenzie and Wajcman 1999a, 3). It is based on “a simple cause‐and‐
effect‐sequence” (MacKenzie and Wajcman 1999b, xiv). “Such determinism treats
technology as both panacea and scapegoat” (Shade 2003, 433). The identified
worldviewofthesecurityindustrylooksforsecuritybyalgorithmsinaworldofhigh
insecurity.Itadvancesafethishismoftechnology–thebeliefthatcrimeandterror‐
ismcanbecontrolledbytechnology.Technologyisseenaspromisinganeasyfixto
complexsocietalproblems.
Halletal.(1978)arguethatthelaw&order‐worldviewhasbeenconnectedtothe
riseofneo‐liberaleconomies.Sowhereasthisworldviewseestheneedforastrong
stateintheareaofpolicing,itadvocatesliberalization,privatization,andderegulation
intheeconomy.Neoliberalismaimsatasocietythatisorientedonthe“multiplicity
anddifferentiationofenterprises”atalllevelsofsociety(149).Itisinfavourofthe
“formalizationofsocietyonthemodeloftheenterprise”(Foucault2008,160).Itad‐
vocatestheideathatthehumanisahomooeconomicus–an“entrepreneurofhimself”
(226).Thismodelstandsforthe“economizationoftheentiresocialfield”(242)and
thecreationofan“enterprisesociety”(242).Theinvolvementofthesecurityindustry
in the production of communications surveillance technology that is used by state
actors is characteristic for this new mode of governance – policing is turned into a
profitable business, companies make profit from surveillance technologies that are
soldtostateactors. 2.3.8.3. The European Internet Surveillance Industry’s Expressed Views towards Privacy Aspects of Internet Surveillance
TheUppsalaUniversityresearchteamalsodocumentedwhattheanalysedcompanies
saidaboutproblemsandprivacyviolationsarisinginthecontextofInternetsurveil‐
lance.Inthosecases,wheretherewaspubliccriticismofthecompanies,wealsoana‐
lysedhowthecompaniesreactedtocriticisminpublicstatements.
The Privacy & Security Research Paper Series, Issue # 1
Thequestionofreactiontopubliccriticismwasespeciallyrelevantinanumberof
analysedcases,wheretherewerepublicchargespublishedinmassmediathatEuro‐
pean security companies exported or planned to export Internet surveillance tech‐
nologies to undemocratic regimes. Such claims could be found in respect to the fol‐
lowingcountries(seethedetaileddiscussionsinsection2.1.3.7.andannexA):
*Bahrain:trovicor
*Egypt:GammaGroup
*Iran:NokiaSiemensNetworks(cellphonenetworks)
*Libya:i2eTechnologies(thatafterafusionwithArtwarelaterbecameAmesys)
*Syria:Asfadorproject(AreaSpa,Qosmos,Utimaco),NokiaSiemensNetworks
ArangeofpositioningtowardsprivacyquestionsofInternetsurveillancecouldbe
foundintheanalysis,rangingfromnomentioningontheonesidetothediscussionof
advantagesofDPIontheotherside.Sixpositionscouldbeidentified.
a)NodiscussionofprivacyaspectsofInternetsurveillance
Privacy aspects were often not mentioned in the analysed documents and on the
analysedwebsites(e.g.Inveatech,Aqsacom,Datakom,NETI).
b)Nocommenting
Somecompaniesrespondedtochargesbyrefusingtocommentandwiththerefer‐
ence to trade secrets and customer protection. For example, being asked if trovicor
exportedcommunicationssurveillancetechnologytoBahrain,trovicorofficials“were
onlywillingtostatethattheycouldnotpubliclydiscusscustomersandthedetailsof
agreements” (Spiegel Online International, Western Surveillance Technology in the
HandsofDespots.December8,2011).Facingallegationsthatitplannedtoexportthe
FinFisherInternetsurveillancetechnologytoEgypt,anattorneyoftheGammaGroup
saidthat“GammadidnotsupplytoEgyptbutinanyeventitwouldnotbeappropri‐
ate for Gamma to make public details of its transactions with any customer” (The
Washington Times, British Firm Offered Spy Software to Egypt: Activists Say They
WeretheTargets.April26,2011).
c)Statementsastheresultofpublicpressure(media,civilsociety)
Insomeanalysedcases,publicpressure(media,civilsociety)createdcompanyre‐
actionstoclaimsthattherewereplansofsellingsurveillancetechnologiestoregimes
thatrepresspoliticalopposition.
Oneanalysedcompanysaidthatamistakewasmadeandthattheywouldpullout
oftheproject(Qosmos).Theexportofsurveillancetechnologyseemsinthiscircum‐
stancetohavebeenpreventedbecausecriticaljournalistsandcivilsocietysteppedin.
Civil society tends to have limited resources and one can ask what will happen in
thosecasesthatremainunknown.
NewsreportshavearguedthatMonitoringCentresproducedbyNokiaSiemensand
trovicorwereusedtorepresstheIranianandBahrainianopposition,peoplelikethe
The Privacy & Security Research Paper Series, Issue # 1
journalist Isa Saharkhiz and the political activists Poojan Mahmudian and Kianoosh
Sanjari in Iran or the Bahraini human rights activist Abdul Ghani Al Khanjar. After
media reports and heavy public criticism, Nokia Siemens Networks admitted that a
surveillancesystemforlocalphonenetworkswasimplementedinIran,butsaidthat
ithadalreadysolditsintelligencebusinessinMarch2009.
Inautumn2011,chargesemergedthatclaimedthatthefollow‐upcompanytrovi‐
cor sold a monitoring centre to Bahrain, where according to media reports it was
usedforsurveillingpoliticalopponents.InvestigativejournalistErichMöchelpointed
out that public pressure (by the media and civil society) on one company does not
automaticallystopunethicalbusinesspractices,butcanresultinthesellingofbusi‐
nessunitstoothercompaniesthatengageincomparablepractices:"Meanwhilepre‐
dominatestheinsightthatthecollateraldamageforcompanypolicyprobablywillbe
muchsmalleriftheseMonitoringCenters[...]areoutsourcedtospecialistcompanies
andoneselfprepareseverythingtechnicallysothatthisforeignequipmentsupplied
bythirdpartiescanwithoutproblembedockedtoone’sowntelephonenetworks.[...]
It is pure market politics, nothing else. It has nothing to do with human rights, but
onlywiththefactthatonedoesnotwanttodirtyone’sownhands”(NDR.ZAPP:In‐
terviewmitErichMöchel.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/moechel103.html).
Inautumn2011,thereweremediachargesthattheItaliansecuritycompanyArea
Spa sold monitoring centres to Syria, where heavy protests by the opposition have
questionedAssad’sregimesinceJanuary2011andmanyprotestorshavebeenkilled.
Area Spa’s CEO confirmed that a contract with Syria was in place and said that the
interception system was never activated. The German company Utimaco reacted to
theclaimthatAreaSpa’splannedprojectincludedUtimaco’sLIMStechnologybysay‐
ingthatactivitieswithAreaSpahavebeenstopped.
In one case, there was a denial of the charges that were made by the public
(Amesys).
d)Approvalofthesurveillanceofthecommunicationofthepoliticalopposition
Inasinglecase,wefoundaformulationthatjustifiedthesurveillanceofthecom‐
municationofpoliticalopponents.Onecompany(ElamanfromGermany)wrotethat
withcommunicationssurveillance“governmentscanidentifyanindividual’slocation,
theirassociatesandmembersofagroup,suchaspoliticalopponents”(#7_12,17).
A document that presents Elaman’s “Communications Monitoring Solutions”
(#7_12) for the surveillance of phone networks, satellite communication, SMS, the
Internet, and Radio Frequency Monitoring (RFM), and various other tools (such as
FinFisher and speech identification software) specifies one task of data retention
technologiesinthefollowingway:“Inthefieldoftelecommunications,dataretention
generallyreferstothestorageofcallrelatedinformation(numbers,date,time,posi‐
tion,etc.)oftelephonyandinternettraffic.Thestoreddataisusuallytelephonecalls
madeandreceived,emailssentandreceived,web‐sitesvisitedandlocationdata.The
primaryobjectiveindataretentionistrafficanalysisandmasssurveillance.Byana‐
The Privacy & Security Research Paper Series, Issue # 1
lysingtheretaineddata,governmentscanidentifyanindividual’slocation,theirasso‐
ciates and members of a group, such as political opponents” (#7_12, 17; emphasis
added).
Elaman advertises its surveillance products and services as well as surveillance
technologies by other companies as means for fighting terrorism and crime. The
technologies described in this section can be classified as Deep Packet Inspection
Technologies,theyallowtomonitorthecontentofInternetcommunicationandother
formsofcommunication.Intheanalyseddocuments,wecouldnotfindanycomments
about privacy violation concerns and the limitation of human rights that may arise
from the use of DPI Internet surveillance and related forms of surveillance. In con‐
trast, as shown, Elaman says that data retention can help governments to identify
“members of a group, such as political opponents” (#7_12, 17). The question that
ariseshereisifthisformulationquestionsthe“righttofreedomofpeacefulassembly
andtofreedomofassociation”thatisdefinedinarticle11oftheEuropeanConven‐
tion of Human Rights and in article 12 of the Charter of Fundamental Rights of the
European Union (“Everyone has the right to freedom of peaceful assembly and to
freedomofassociationatalllevels,particularinpolitical,tradeunionandcivicmat‐
ters,whichimpliestherightofeveryonetoformandjointradeunionsfortheprotec‐
tion of his or her interests”). The European Convention of Human Right allows re‐
strictingthisfreedomifitis“necessaryinademocraticsocietyintheinterestsofna‐
tionalsecurityorpublicsafety,forthepreventionofdisorderorcrime,fortheprotec‐
tion of health or morals or for the protection of the rights and freedoms of others”.
Elaman’s formulation may however imply that it wants to enable governments in
generaltomonitorthemembershipofpoliticalgroups,whichmaylimittherightto
freedom of political assembly and also raises the question if the formulation disre‐
spects theEU’sDataProtectionDirective (95/46/EC)thatprohibits“the processing
ofpersonaldatarevealingracialorethnicorigin,politicalopinions,religiousorphilo‐
sophical beliefs, trade‐union membership, and the processing of data concerning
healthorsexlife”(article8).
e)Proactiveaddressingofthedangersofsecuritytechnologyexports
Thales, a company against which no charges were made in the mass media, in its
2010 Corporate Responsibility Report (#3_5) addressed the issue of the export of
security technologies. It writes that it respect export controls because profitability
canotherwisebeharmedbynegativenewsreporting.Thalessaysthatitrespects“ob‐
tainingexportlicencesfromvariousnationalauthorities”because“breachingexport
controls can have serious consequences fora company. Depending on the nature of
the violation, sanctions can include heavy fines, imprisonment of company officials
and prohibition of future exports or imports by the company” (#3_5, p. 18).
f)PresentationofadvantagesofDPI
Some companies stressed in discussion of advantages and disadvantages of DPI
that there are big advantages. For example, ipoque mentioned that DPI is used in
The Privacy & Security Research Paper Series, Issue # 1
networkandbandwidthmanagementandthefilteringofspame‐mailsandcomputer
viruses.TelesoftTechnologiessaysthatDPIisneededfornetworkmanagementand
thatitcancreatenewpersonalizedcontentserviceswithpayment. 3. Conclusion: DPI Internet Surveillance Deeppacketinspection(DPI)surveillancetechnologiesarecommunicationssurveil‐
lancetoolsthatareabletomonitorthetrafficofnetworkdatathatissentoverthe
InternetatallsevenlayersoftheOSIReferenceModelofInternetcommunication,
whichincludesthesurveillanceofcontentdata.
TheconductedanalysisofDeepPacketInspection(DPI)Internetsurveillance
showsthatthereisavarietyofpotentialimpactsofthistechnology.
* Potential advantages of DPI Internet monitoring mentioned in the literature in‐
clude bandwidth management by network providers in order to optimize the net‐
worktransmissionspeedandtheuseforspamfiltersandvirusfilters.
*Violationofnetneutrality:DPIusebyInternetServiceProviders(ISPs)canresult
inaviolationofnetneutralityandasaconsequencethecreationofatieredInternet
thatdisadvantagescertainusersandapplicationtypesinthetransmissionprocess,is
controlledbybigcompaniesandhasslowconnectionspeedifalotofusersasacon‐
sequenceofDPIsurveillancestartusingencryptionthatcannotbemonitored,which
increasesbandwidth.Ifencryption(e.g.bytheuseofTor)asaresultofDPIbecame
more common, then those users not familiar with its use as a result of information
inequality would be subject to surveillance, whereas more skilled users would not
(Lace2010,222).
*TotalInternetsurveillance:ThereareconcernsthatDPIInternetsurveillancecan
result inthe emergence of atotalor relatively total Internet surveillance system, in
whichall,mostoralotofausers’Internetactivitiesaremonitoredandmapsofsocial
connections are created. The question that arises is if such data processing is “ade‐
quate,relevantandnotexcessiveinrelationtothepurposesforwhichtheyarecol‐
lected and/or further processed” (European Union Data Protection Directive
95/46/EC,article6(c)).
*Surveillancecreep:DPIusagefor onepurpose(suchasnetworkmanagementor
spamfiltering)maycreeptoother,moreprivacy‐sensitiveandcontroversialpurpos‐
es(suchastargeted advertisingorcontent monitoringforpolitical purposesorlaw
enforcement,violationofnetneutrality,etc).
* Targeted advertising: DPI surveillance can enable targeted online advertising at
thelevelofISPsthatisbasedontheanalysisofthecontentofallorlargepartsofthe
transmitteddataofusers.Theconcernsofprivacyadvocatesarethatsuchdatapro‐
cessingisdisproportionate,thatusers’consensusneedstobeobtainedtosuchwide‐
reachingdataprocessing(opt‐ininsteadofopt‐out),thatsensitivedatamightbeana‐
lysed and misused, and that there may be a surveillance function creep with unin‐
tendedconsequences.
The Privacy & Security Research Paper Series, Issue # 1
*Surveillanceoffilesharers:TheuseofDPIsurveillancefordetectingandblocking
filesharingcan,asruledbytheEuropeanCourtofJustice,violateusers’information
freedomandprivacyrights.Itcanalsoreversethepresumptionofinnocenceandad‐
vancetheassumptionthatallInternetusersarecriminalsunlesstheyprovetheop‐
posite.
*Politicalrepressionandsocialdiscrimination:TheuseofDPIfortargetedadvertis‐
ingandbygovernmentsfacestheriskthatsensitivedataofusersaremonitored.The
examplesoftheallegedsurveillanceofpoliticaloppositiondocumentedinthisreport
show that there is the risk that the processing and analysis of sensitive content re‐
sultsinpoliticalrepressionorsocialdiscriminationofcertaingroups.
ThereisavarietyofInternetsurveillancetechnologiesavailableontheEuropean
securitytechnologymarketthatusesDeepPacketInspection(DPI).
AtypicalexplanationgivenbyEuropeansecuritycompanieswhytheysellInternet
surveillance technologies is that criminals and terrorists use the Internet and that
Internet surveillance can prevent and police crime and terrorism. This worldview
was characterised as a conservative ideology of crime that believes in law & order
politicsandthetechnologicaldeterministicviewthattherearetechnologicalfixesto
societalproblems.
WefoundpublicchargespublishedinthemassmediathatEuropeansecurity
companiesexportedorplannedtoexportInternetsurveillancetechnologiesto
undemocraticregimes.Suchclaimscouldbefoundinrespecttothefollowingcoun‐
tries:
*Bahrain:trovicor
*Egypt:GammaGroup
*Iran:NokiaSiemensNetworks(cellphonenetworks)
*Libya:i2eTechnologies(thatafterafusionwithArtwarelaterbecameAmesys)
*Syria:Asfadorproject(AreaSpa,Qosmos,Utimaco),NokiaSiemensNetworks
Assurveillancetechnologyproducersarenotcompliedtoreleasetheircustomers
andsalespublicly,dataaboutwhatthesecompaniesaredoing,islikelytobeincom‐
pletebecausethecompaniesthemselvesoftentreatitasasecret.TheSpyFilesmake
available some of this data. In the end, it is often not clear, which communications
surveillancetechnologiesaresoldbywhichcompaniestowhom.Notmuchisknown
aboutitandonlysurfacesoccasionallyastheresultofinvestigativejournalism.
Whatcouldgenerallybeobservedisthatsomecompaniesarguedthattheycouldn’t
commentonanycustomersbecausetheyhadtoprotectthelatter’sinterests.Inother
cases,companiesreactedtothechargesaftertheybecamepublic.Insomecases,se‐
curity companies argued that they had stopped the criticized projects or that they
soldtheircommunicationssurveillancebusinessunits.Ageneralphenomenonthat
could be observed is that alleged details only became public with the help of
civilsocietyandjournalists.Thequestionarisesiftherearecasesthatareunknown
to the public. Public criticism does not automatically stop the recurrence of public
charges, which is shown by the claims against Nokia Siemens and trovicor: Nokia
The Privacy & Security Research Paper Series, Issue # 1
Siemenssolditscommunicationsurveillancebusinessaftermediachargesthatitex‐
portedcommunicationssurveillancetechnologiestoIranandsometimelatercompa‐
rablechargesemergedagainstthefollow‐upcompanytrovicorinrespecttoBahrain.
Overall, not much is known about the selling and export of communications
surveillancetechnologies.Thereisalackoftransparencyandaccountability.In
thosecases,wherechargesemerge,itremainsoftenunclearwhatexactlyhap‐
pened.Therelativefrequencyofsuchchargescouldbeanindicationthatgood
business practices are not always voluntary achieved in the security industry
and that an industry that sells technologies that can seriously harm human
livesneedsmorepublictransparencyofitssalesthanotherindustries.
TheDutchMEPMarietjeSchaakecommentedinthiscontextinOctober2011that
sheperceivedalackoftransparencyintheEuropeansecurityindustry:"Weneedto
askformoretransparencyfromcompanies beforetheyactuallysell thesetechnolo‐
gies. It's not about sanctions and trade restrictions, it's about making sure the new
technologies are not systematically used to repress citizens" (EUobserver.com, EU
CompaniesBannedfromSellingSpywaretoRepressiveRegimes.October11,2011).
Surveillance Studies scholar David Lyon defines transparency as the “quality of
‘seeingthrough’”andarguesthat“thepublicshouldhaveaccesstoinformationabout
the modes and purposes of surveillance” (Lyon 2007, 181). Transparency would be
“vitalforahealthydemocracyandforhumanrights”(Lyon2007,182).
AquestionthatEuropeanpolicymakersmayfindimportantisiftransparen‐
cyofthesalesofcommunicationssurveillancetechnologiesofEuropeansecuri‐
tycompaniesshouldbecreatedandhowthiscouldpracticallybeimplemented.
Thereare“surveillancetradeshow[s]knowntoindustryinsidersas‘TheWiretap‐
pers’Ball’”(PrivacyInternational,SurveillanceWho’sWho,
https://www.privacyinternational.org/big‐brother‐incorporated/countries). Ex‐
amplesareISS(IntelligenceSupportSystems)WorldandMiliPol–WorldwideExhibi‐
tionofInternalStateSecurity.PrivacyInternationalincollaborationwiththeBureau
ofInvestigative Journalism publishedalistofattendingorganisations.“ISSWorld is
attended by brutal dictatorships and Western democracies alike. Governments and
companiesfromallovertheworldmeet,mingle,buyandsell”(ibid.).
Surveillancetechnologyfairsareoftennotaccessibleforthegeneralpublic.AtISS
WorldthattookplaceonFebruary13‐15,2012,inDubai,“programsarebyinvitation
only. Telecommunication service providers, government employees, LEA's and ven‐
dors with LI, Network, Security or investigative products and services are invited”
(http://www.issworldtraining.com/ISS_MEA/register.cfm). The registration lists as
different participant categories telecommunications service providers, government
orprivatesectorinvestigators,lawenforcement,DepartmentofHomelandSecurity,
Intelligence Community, Department of Defense, surveillance technology vendors.
The next Milipol event that will take place in Paris 2013 is by invitation only. The
event’swebsitesaysthatit“isreservedfortheprofessionalsofthesecurityindustry.
Access is only available with an official invitation cardor with an electronic badge.
Proof of identity will be requested together with the badge”
The Privacy & Security Research Paper Series, Issue # 1
(http://en.milipol.com/To‐visit‐Milipol‐expo/Useful‐information). The access re‐
strictionstosucheventsimplythatitishardforcriticalcitizensorinvestigativejour‐
naliststogainaccess.Thesecrecysurroundingsucheventsaddstothelackoftrans‐
parencyofthesecurityindustry.
TheOfficeofthePrivacyCommissionerofCanadapublishedaprivacyreviewofDPI
(OfficeofthePrivacyCommissionerofCanada,ReviewoftheInternetTrafficManage‐
ment Practices of Internet Service Providers. February 18, 2009.
http://www.priv.gc.ca/information/pub/sub_crtc_090728_e.cfm). It argues that one
ofthereasons“DPItechnologiesraiseprivacyconcernsisbecauseitcaninvolvethe
inspectionofinformationcontentsentfromend‐usertoend‐user,thusenablingthird
parties to draw inferences about users’ personal lives, interests and activities. DPI
devices have the ability to look at Layer 2 (link layer) through Layer 7 (application
layer)oftheOpenSystemsInterconnection(OSI)Model.DPIdevicescan,therefore,
examine headers and data protocol structures as well as the actual payload of the
message.Inotherwords,DPItechnologycanlookintothecontentofamessagesent
overtheInternet.Touseareal‐worldexample,usingDPIisakintoathirdartyopen‐
ing an envelope sent by surface mail, and reading its contents before it reaches its
intendeddestination”.TheOfficeconcludesthat“theexaminationofcontent”withthe
helpofDPI“mayconstituteanunreasonableinvasionofanindividual’sprivacy”and
that the “prospectiveuses o DPI technology raise serious concernsabout individual
privacy”. Privacy International believes that “online behavioural advertising for
onlinecommercialadvertisingusingthetechnologyofDeepPacketInspection(DPI)
isadangerousandpotentiallyunlawfultechniquethatisfraughtwithunethicalprac‐
tice” (Privacy International, Online Behavioural Targeted Advertising – Privacy Inter‐
national’sPosition.April19,2009.
https://www.privacyinternational.org/article/online‐behavioural‐targeted‐
advertising‐%E2%80%93‐privacy‐international%E2%80%99s‐position).
Cooper (2011) argues that attempts for mitigating privacy risks of DPI can be to
limitthedepthandbreadthofinspectionaswellasdisclosingthepresenceandpur‐
posesofDPI.Discussions aboutDPI show thatprivacyproblemscanespecially
arise if the content of communications that may include sensitive data is ana‐
lysedforvariouspurposes.Policymakersmaywanttothinkaboutlegallylimit‐
ingthedepthofInternetsurveillancesothatcommunicationscontentsurveil‐
lanceisnotlegallypossible.
Oneargumentagainstlegallylimitingthealloweddepthofpacketinspectioncanbe
thatvirusscanning,spammailfilteringandbandwidthmanagementonthesideofthe
ISPcanrequireunlimitedDPI.Atthesametimethereishoweverthedangerthatle‐
gallyunregulatedDPIresultsinaninvisiblesurveillancecreep,inwhichthelimited
usefor one purpose is extended to other uses that canhave negative consequences
fortheusers.Formanagingthebandwidthinanetwork,itmaybenecessarytoana‐
lysethefiletype,butitisnotnecessarytoanalysethefullcontentofpackets.Imple‐
mentingvirusscanningandspammailattheISPlevelentailstheriskofinvisiblesur‐
veillancecreep.Awaytomitigatethisriskistoimplementthesefunctionsnotauto‐
The Privacy & Security Research Paper Series, Issue # 1
maticallyinanetwork, buttogivethesubscribers/usersthepossibilitytoopt‐into
network‐widescanningofcertaindatatypes(e.g.e‐mails)forlimitedpurposessuch
asdetectingspammailandviruses.
TechnologyanalystEvgenyMorozovarguesthatin“additiontotherosynarrative
celebratinghowFacebookandTwitterhaveenabledfreedommovementsaroundthe
world,weneedtoconfrontamoresinistertale:howgreedycompanies,fosteredby
Western governments for domestic surveillance needs, have helped suppress them.
[…]Theobviousresponseistobantheexportofsuchtechnologiestorepressivegov‐
ernments. But as long as Western states continue using monitoring technologies
themselves, sanctions won’t completely eliminate the problem – the supply will al‐
waysfindawaytomeetthedemand”(Morozov,Evgeny.Politicalrepression2.0.New
YorkTimes.September1,2011).
Morozovwarnsthatifthereisademandbylawenforcementandcompanies
for communications surveillance tools, misuse is hard to control and that ex‐
portbansaloneareunlikelytoeliminatetheproblemoftechnology‐enhanced
humanrightsviolationsbecausetheuseofcommunicationsurveillanceagainst
politicalopponentsandcivilsocietycaninprincipleemergeinmanydifferent
contexts.Politicaleventsaredynamic,thepoliticalsituationcanchangequickly
inacountry,whereaspassinglawsandregulationsismoretime‐consuming.An
exportbanofDPIcommunicationssurveillanceforcertaincountries(asforArgenti‐
na,China,Croatia,India,Russia,SouthAfrica,SouthKorea,Turkey,andtheUkrainein
the EU) is facing the problem of the dynamics of political events. The charges that
NokiaSiemensexportedcommunicationsurveillancetechnologytoIranandthefol‐
low‐up company trovicor to Bahrain show this problem. If the latter is true, then it
certainly was not illegal because Bahrain is not included in the list of countries, to
whichtheEUbanstheexportofcommunicationsmonitoringdevices.Theproblem
is that human rights violations are quite unpredictable and that technologies
that can support such violations require special control, transparency and
regulation.
Ontheonehand,thereareICTcompaniesthatproduceandsellcommunications
surveillancetechnologies.Discussionsrelatingtoprivacyviolationsandothercon‐
cernscausedbysuchtechnologiesontheotherhandmostlycomefromcivilsociety
organisationsthatnormallytendtoneitherautomaticallyhavealotofmoneyand
resourcesnoralotofpoliticalinfluence.Itisthereforemuchmoredifficultforcivil
societytomakeisvoiceheardinthepublicspherethanitisforcompaniesandgov‐
ernments.InrelationtoDPI,thereisanumberofactivecivilsocietygroups,suchas
e.g.
NoDPI(https://nodpi.org),
OpenRightsGroup(http://www.openrightsgroup.org/),
AntiPhorm(http://www.antiphorm.co.uk),
BadPhorm–WhenGoodISPsGoBad!(http://www.badphorm.co.uk),
DenyPhormBlog(http://denyphorm.blogspot.com),
Dephormation(https://www.dephormation.org.uk),
The Privacy & Security Research Paper Series, Issue # 1
InPhormationDesk(http://www.inphormationdesk.org),
PhormWatch(http://phormwatch.blogspot.com).
Civilsocietygroupsthatwarnaboutactualorpotentialimpactsofnewtech‐
nologies such as DPI are vital for a vivid democracy. Therefore hearing their
voices and their visibility are of crucial importance and it is a task for politi‐
cianstothinkabouthowtheroleofcivilsocietyinpoliticallyassessingtheim‐
plicationsofsurveillancetechnologiescanbeadvancedsothatthereisnodomi‐
nanceofinterestsbyindustry,governmentandlawenforcement.
DPIis astronglycontroversialtechnologythatis enmeshedintovariousinterests
bygovernments,corporationsandcivilsociety.GovernmentshavebeenusingDPIfor
repressingcitizens, law enforcement has been using it for surveillance of suspected
criminals and terrorists, in the EU political representatives have also shown some
concern about the potential and actual problems of DPI. DPI technologies are pro‐
ducedandsoldbycompaniesthatstriveforprofitsinthesecuritybusiness.Themar‐
ket for communications surveillance technologies seems to be highly intransparent
and has been involved in controversies about human‐rights violations‐implicating
exports,theviolationofnetneutralityandthecreationofanunequaltieredInternet
byDPI‐basedInternetservices,theprivacyimplicationsofDPIbasedtargetedadver‐
tising, and the limitation of users’ privacy rights and information freedom by DPI‐
basedsurveillanceoftheInternetinordertopreventfilesharing.DPIisahighlycon‐
troversialnewsurveillancetechnologythathasalotofsocietalimplicationsthatneed
tobecarefullyconsidered.
ThediscussionofDPIInternetsurveillanceontheonehandbringsupprivacycon‐
cernsandontheotherhandbroadersocietalissuesrelatingtopowerstructures.The
dangeroflarge‐scaleandin‐depthInternetsurveillancepointstowardspotentialvio‐
lations of the collection limitation and data minimization principles (data collection
should be limited to that which is necessary for the specified purpose and should
notbeexcessive).ThedangerofsurveillancecreepinthecontextofDPIisanexpres‐
sionofpotentialviolationsofthepurposefuldataprocessionprinciple(thepurpose
of data processing should be specified and data collection should be limited to this
purpose). These principles are so‐called fair information principles that are part of
data protection legislation and discussions about privacy rights (Bennett and Raab
2006,12;InformationandPrivacyCommissionerofOntario2009).
Violations of net‐neutrality that can arise from DPI could create a tiered Internet
that is controlled by large media companies and slower for certain groups of users
(e.g. those who pay less for Internet access). This is an issue that goes beyond con‐
cerns for privacy rights. It has to do with information inequality and is a matter of
justice,inclusion/exclusion,andthecentralisationofpower.Thetopicofimplement‐
ing targeted advertising at the Internet Service Provider level with the help of DPI
relatesontheonehandtoprivacyissues(consensustosuchdataprocessing,surveil‐
lanceofsensitivedata),ontheotherhandalsotothemorepolitical‐economicques‐
tionifanInternetthatisheavilybasedonadvertisingcultureisdesirable.Theissue
ofconductingsurveillanceandpolicingoffilesharerswiththehelpofDPIhastodo
The Privacy & Security Research Paper Series, Issue # 1
with questions of freedom and democracy, namely if there should be free access to
cultural goods and if policing and surveillance of the Internet results ina culture of
suspicionandpolicepowerthatnegativelyimpactsdemocracy.
Last,butnotleast,wehaveseenthatDPIInternetsurveillanceandcommunications
surveillanceingeneralhavebeenusedformonitoringandrepressingmembersofthe
politicaloppositioninvariouscountries.Thisquestionisnotsimplyaprivacyissue,it
ratherrelatestotheviolationofpoliticalfreedoms(thefreedomofassembly,associa‐
tion,opinion,expression),theviolationofhumandignity,theviolationoftherightto
life, and the violation of the prohibition of torture andinhuman or degradingtreat‐
ment. DPI here relates to issues of democracy and human rights. The violation of
theserightsbymonitoringandrepressingpoliticalopponentswiththehelpofcom‐
municationssurveillanceisnotonlyademocraticandpoliticalissue–itisalsoapo‐
litical economic issue. We have seen that Western companies exported communica‐
tions surveillance technologies to countries, where they were used for political re‐
pressionhave.Theviolationofcivilrightsisinthesecontextsthereforeconnectedto
the profits of what Ben Hayes (2009, 2010) terms the European security‐industrial
complex.Hearguesthatthereare“closebondbetweencorporateandpoliticalelites
inthehomeland‐securitysector”andthatonanideologicallevelonefinds“theinher‐
ently neoconservative appeal to the defence of the homeland” (Hayes 2010, 148).
“Neoconideologyiscentreduponthe‘righttolimitlessprofit‐making’,whichisatthe
very heart of the EU’s desire to create a lucrative Homeland Security industry. The
EU’ssecuritypoliciesarepremisedontheneoconphilosophyofglobalpolicingand
intervention in failed states to both pre‐empt ‘threats’ to security and further the
spread of the free market and western‐style democracy around the world” (Hayes
2009,7).Thesecurity‐industrialcomplexontheonehandwantstomakeabusiness
out of developing military and surveillance technologies and on the other hand ad‐
vancesthelarge‐scaleapplicationofsurveillancetechnologiesandthebeliefinman‐
agingcrime,terrorismandcrisesbytechnologicalmeans.DPIInternetsurveillanceis
part of this political‐economic complex that combines profit interests, a culture of
fearandsecurityconcerns,andsurveillancetechnologies.
TheexampleofDPIInternetsurveillanceshowsthatforunderstandingnewsur‐
veillance technologies, we do not only need privacy and data protection as‐
sessments, but broader societal impact assessments that are guided by ethics
and connected to the analysis of power structures in society. ICTs and society
mutuallyshapeeachotherandarebothconditionedbypowerandpoliticaleconomy
(Fuchs2008).CharlesRaabandDavidWright(2012,382)argueinthiscontextthat
the analysis of surveillance technologies should focus on “wider impacts, and ulti‐
mately impacts on society as a whole”. Works by David Wright and Emilio Mordini
(2012) and David Wright (2011) suggest a Privacy and Ethical Impact Assessment
FrameworkforICTs.“Privacyanddataprotectionraiseethicalissues,althoughethi‐
calimpactassessmentaddressesissuesbeyondsimplythoseofprivacyanddatapro‐
tection”(Wright2011,224).
The Privacy & Security Research Paper Series, Issue # 1
Therehavebeenvaluableattemptsthathavetriedtoestablishethicalandsocietal
impactassessmentprinciplesandframeworksforICTs.Onlysomecanbementioned
here.TheSocietalImpactExpertWorkingGrouparguesthattheanalysisofsecurity
technologiesshouldbeconnectedtotheanalysisofcitizen’srights,societalrelevance
and benefits, necessity and proportionality of security technologies in a democratic
society, civil liberties, and research ethics (Centre for Irish and European Security
2012).Itsuggeststhatsecurityresearchprojectsshouldhaveindependentpartsthat
discussethicalandsocietalimplications.
JacquesBerleur(1999)arguesthatICTsliketheInternetareethicallyrelatedtois‐
sueslikedemocracy,protectionofthecommongood,universalservice,humandigni‐
ty, protection of minors, crime against humanity, justice, social exclusion, human
rights,freespeechandcensorship,qualityoflife,righttoinformationandtranspar‐
ency,personalqualities,non‐abuseofpower,respectforculturaldifferences,freedom
ofchoice.
Scholars in the EU FP7 project “ETICA ‐ Ethical Issues of Emerging ICT Applica‐
tions” (http://ethics.ccsr.cse.dmu.ac.uk/etica) have argued that the assessment of
emerging information technologies should be connected to topics like power rela‐
tionships, sustainability, gender biases, responsibility, human dignity, freedom, au‐
tonomy,privacy,dataprotection,surveillance,justice,equality,solidarity,autonomy,
consumer protection, cultural diversity, environmental protection, animal welfare,
health, safety, equal access, health care, human rights, ownership, social inclusion,
non‐discrimination,participation,accesstothelabourmarket,security,proportional‐
ity, the precautionary principle, transparency, governance, global justice, integrity,
welfare, human life, democracy and participation (Nagenborg and Capurro 2010,
Stahl2011,StengelandNagenborg2010)‐
Wright(2011)andWright/Mordini(2012)suggestaframeworkfortheethicaland
societalimpactassessmentofICTsthatisbasedonethicalprincipleslikedignity,in‐
formed consent, nonmaleficence, safety, solidarity, inclusion, human contact, non‐
discrimination, beneficence, universal service, accessibility, value sensitive design,
sustainability, distributive justice, equality, fairness, social justice privacy, and data
protection.
Thesediscussionsandtheassessmentofnewsurveillancetechnologiesconducted
inthischaptershowthatsecuritytechnologiesdonotonlyhaveimpactsonprivacy
and individuals, they have impacts on society at large. Contemporary societies are
fundamentallystructuredbypowerasymmetries.ItisthereforeimportantthatICTs
andsecuritytechnologiesareassessedinthecontextofquestionsthatrelatetosocie‐
ty,power,democracy,justice,freedom,andpoliticaleconomy.Fordoingthis,ethical
assessment frameworks, guidelines, principles, systematic models and typologies of
ICT ethics that are grounded in social theory and social philosophy are needed.
Wright(2011,224)concludesthat“therewouldseemtobevalueinfurtherresearch
exploringthepossibilityofdevelopingintegratedprivacyand ethicalimpactassess‐
ment”(Wright2011,224).JacquesBerleurandMaried’Udekem‐Gevers(2001)write
aboutthelong‐standingdifficultiesintryingtoestablishgeneralethicalguidelinesin
The Privacy & Security Research Paper Series, Issue # 1
theInternationalFederationforInformationProcessing(IFIP).Althoughtherewere
significantattemptsandlongdebatesintheIFIP,argumentshaveprevailedthathold
thatcomputerethicscanandshouldnotbeuniversalizedandintegrated.Approaches
forestablishingintegratedandunifiedguidelines,frameworksandprinciplesforeth‐
icalandsocietalimpactassessmentsofICTsandsecuritytechnologiesaredefinitely
needed,butmuchworkonthistopicremainstobedone,whichrequiresresources,
projectsandpossibilitiesforconductingthisimportantwork.
The Privacy & Security Research Paper Series, Issue # 1
Annex A: An Analysis of the Internet Surveillance Technologies Produced by a
Sample of European Security Companies
1.Inveatech
Placeofbusiness:Brno,CzechRepublic
Website:http://www.invea‐tech.com/
Self‐description:
“INVEA‐TECHisanuniversityspin‐offcompanydevotedtothedevelopmentofstate‐
of‐the‐art solutions for high‐speed network applications. […]The main focus of IN‐
VEA‐TECHistouseprogrammablehardware(FPGAtechnology)intheareaofsecuri‐
ty and monitoring of high‐speed network applications. The target technologies are
Gigabit and 10 gigabit Ethernet” (http://www.invea‐tech.com/company/about‐us).
Analysis
Inveatch’sLI(LawfulInterceptionSystem)isanInternetsurveillancetechnologythat
isinstalledonthecomputersystemofanInternetServiceProvider(ISP)andallows
the police or secret service to monitor the traffic over a web interface. It is a Deep
PacketInspection(DPI)technology.
InveatechdescribestheusefulnessandtasksofLISysteminthefollowingwords:
“Widespreadinformationtechnologiesprovidefastanddynamiccommunicationme‐
dia even for criminals and terrorists. To be able to guarantee public safety, law en‐
forcementagencies(LEAs)needtoidentify,interceptandanalysethecontentofthe
malicious communication. INVEA‐TECH provides law enforcement and government
agencieswiththestateofthearttechnologytosolvethekeypartoftheinvestigation
process. INVEA‐TECH LI System is the idea instrument for collecting evidence from
wiredIP‐basednetworks”(#1).
Theusefulnessofthesystemisintheanalyseddocumentsjustifiedwiththepoten‐
tialuseoftheInternetbyterroristsandcriminals,whichisseeninordertoguarantee
publicsafety.Privacyaspectsandconcernsaboutthesurveillanceofcitizensandpo‐
liticaloppositionwiththehelpofLISystemarenotmentionedintheanalysedmate‐
rial.
The Privacy & Security Research Paper Series, Issue # 1
2.Qosmos
Placeofbusiness:Paris,France(also:Bethesda,MD,USA;Singapore)
Website:http://www.qosmos.com/
Self‐description:
“QosmossellsNetworkIntelligence/DPItechnologythatidentifiesandanalyzesdata
as it crosses networks. Qosmos advanced technology goes deeper than mere data
classification – it recognizes thousands of protocols and traffic metadata at multi‐
Gbpsthroughputstobuildthemostaccuratepictureofnetworkactivityinrealtime.
[…]Networksarethecommonsourceofdata–andsometimestheonlysourceofdata
–intoday’senvironment.Directvisibilityintonetworkactivityprovidesthetruepic‐
tureofdatausage,purposeandvalue.Itiscriticaltoidentifyabnormalbehaviorand
defend against potential cyber attacks, provide a means of data retention to ensure
compliance and provide audit trails and analyze performance to manage Quality of
Service, for just a few examples” (http://www.qosmos.com/about‐us/corporate‐
overview).
Analysis
Qosmos produces the Deep Packet Inspection (DPI) software iXEngine. “The latest
version provides advanced Deep Packet Inspection (DPI) and metadata extraction
featuresthatdelivercompletevisibilityintonetworktrafficinrealtime,enablingde‐
veloperstoinjectapplication‐levelinsightintopolicyandtrafficmanagement,charg‐
ing, Quality of Service (QoS), subscriber analytics and other solutions”
(http://www.qosmos.com/news‐events/enhancements‐qosmos‐ixengine‐sdk‐
enable‐smarter‐mobile‐network‐solutions‐through‐network). According to the Qos‐
mosiXEngineproductsheet,thesoftwaregoesbeyond “traditionalDPO”byalsoal‐
lowingto“extractprotocolandapplicationmetadata,enabling detailedunderstand‐
ingofnetworktransactionsuptotheapplicationlevel”(#2_6).Qosmossaysthatthe
software has “triple R” qualities (resilience, robustness, reliability) and can thereby
functionunderextraordinarycircumstances(suchasincompletetrafficordenial‐of‐
service attacks). It can monitor, extract and analyse data that are transmitted over
variousInternetprotocols.ItconductsDPIandextractsmetadataandcontent(#2_1).
Qosmos argues that it is a new challenge for law enforcement agencies that “the
samepersoncancommunicateinseveralways”(differentemailaccounts,socialme‐
diaprofiles,VoiceoverIPsuchasSkype,FTP,websites,etc).Itstechnologieswould
provideasurveillancesolutionthatidentifies“usersandintercept[s]alltypeofcom‐
municationinitiatedbythesameuserwhenatriggersuchas‘userlogin’isdetected”
(#2_1). Qosmos’ surveillance technology allows to monitor all communication on a
devicethatisidentifiede.g.byanIPaddress(InternetProtocoladdress,identifiesa
specificcomputerinacomputernetwork)auser’sMACaddress(MediaAccessCon‐
troladdress,anaddressofthehardwarecardthatconnectsacomputertoanetwork),
oranIMSI(InternationalMobileSubscriberIdentity,anumberthatuniquelyidenti‐
The Privacy & Security Research Paper Series, Issue # 1
fiesamobilephone).Themonitoredapplicationscanallbeviewedoveronewebap‐
plication (#2_1). The software is installed on the broadband remote access server
(BRAS) of an Internet service provider and/or the gateway GPRS support node
(GGSN) of a mobile phone network provider (#2_1). Qosmos also sells ixMachine,
which are “information extraction machines” that “extract extremely fine‐grained
informationfromthenetwork”onwhichtheyareinstalled(#2_2).
Qosmos argues that a big challenge for surveillance is the “exponential growth of
throughput”(#2_3),i.e.thegrowthofdatathatistransportedovertheInternet.The
solutionthatQosmosoffersistonotanalysealldataflows,butonlyfocuson“relevant
flows”inorderto“optimizeDPIusage”(#2_4).Itadvertisesitstechnologiesbysaying
itcanequip“monitoringcentres”withsurveillancetechnologiesandcanreducethe
datavolumeofsurveillance(“reduceby90%thedatavolumemanagedbythemoni‐
toringcenter”)(#2_5).Qosmosalsosaysthata“limitednumberofLEA[lawenforce‐
ment]agents”requiresthe“needtoautomateinvestigationtasks”andthatitsprod‐
uctsprovidesuchfeatures(#2_5).
Data is transported in the form of packets of certain sizes over the Internet. The
transferofane‐mailorafileistherebyconnectedinseveralstepsandthetransferred
packetsareassembledtogethertoformawhole.DeepPacketInspection(DPI)tech‐
nologiesmonitorthepacketsthatarecomingintogateways,analyse,classifythedata,
extractpartsare all ofit, andmakethem visibleto the surveillors.“Deeppacket in‐
spection(DPI)isaformoffilteringusedtoinspectdatapacketssentfromonecom‐
puter to another over a network. […] The effective use of DPI enables its users to
track down, identify, categorize, reroute or stop packets with undesirable code or
data.[…]DPIisnormallymoreeffectivethantypicalpacketfiltering,whichinspects
only the packet headers. DPI inspects the packet's data part (and sometimes the
packet header) when it goes over an inspection point, attempting to find protocol
noncompliance, intrusions, spam, viruses or other predefined factors to determine
whetherthepacketcanpassorwhetheritmustbedirectedtoanotherlocation.[…]
Deeppacketinspectionisalsoknownascompletepacketinspectionandinformation
extraction. […] DPI is being used by governments to monitor and protect territorial
cyber boundaries. DPI has also been used to inspect user activities, to maintain the
security of big local and wide area networks, and to block malware and suspicious
software.Inaddition,serviceprovidersmakeuseofDPItokeeptrackofcustomers'
Web‐browsinghabits.Thesecustomerdetailsarethenusedbycompaniesfocusedon
targeted
advertising”
(Techopedia.
Deep
Packet
Inspection
(DPI),
http://www.techopedia.com/definition/24973/deep‐packet‐inspection‐dpi; for a
technicalcharacterizationofDPIsee:Ramos2007).
Intheanalyseddocuments,Qosmosgivesnospecificjustificationfortheneedofits
technology beyond saying that it is “critical to identify abnormal behavior” (self‐
definition)anddoesnotpointoutpotentialprivacyproblems,suchasthetargetingof
politicaloppositionbysurveillance,ofDPIsurveillance.
In November 2011, there were news reports that the Italian firm Area Spa
equipped the Syrian intelligence with surveillance technologies (project “Asfador”)
The Privacy & Security Research Paper Series, Issue # 1
thatcanbeusedformonitoringthepoliticalopponentsofBasharal‐Assad’sgovern‐
ment.Inthisproject,alsotechnologiesbyQosmosseemaccordingtonewsreportsto
havebeenused:“AreaisusingequipmentfromAmericanandEuropeancompanies,
according to blueprints and other documents obtained by Bloomberg Newsand the
personfamiliarwiththejob.TheprojectincludesSunnyvale,California‐basedNetApp
Inc.(NTAP)storagehardwareandsoftwareforarchivinge‐mails;probestoscanSyr‐
ia’scommunicationsnetworkfromParis‐basedQosmosSA;andgearfromGermany’s
UtimacoSafewareAG(USA)thatconnectstappedtelecomlinestoArea’smonitoring‐
center computers” (Bloomberg, Syria Crackdown Gets Italy Firm’s Aid With U.S.‐
Europe Spy Gear. November 4, 2011. http://www.bloomberg.com/news/2011‐11‐
03/syria‐crackdown‐gets‐italy‐firm‐s‐aid‐with‐u‐s‐europe‐spy‐gear.html).
“Whenthesystemiscomplete,Syriansecurityagentswillbeabletofollowtargets
on flat‐screen workstations that display communications and Web use in near‐real
timealongsidegraphicsthatmapcitizens’networksofelectroniccontacts,according
to the documents and two people familiar with the plans. Such a system is custom‐
made for repression, says Mark Dubowitz, executive director of the Washington‐
based Foundation for Defense of Democracies, which promotes tighter sanctions
againstSyria.’AnycompanysellingmonitoringsurveillancetechnologytotheAssad
regimeiscomplicitinhumanrightscrimes,’hesays.[…]WhenBloombergNewscon‐
tactedQosmos,CEOThibautBechetoillesaidhewouldpulloutoftheproject.‘Itwas
not right to keep supporting this regime,’ he says. The company’s board decided
aboutfourweeksagotoexitandisstillfiguringouthowtounwinditsinvolvement,
hesays.Thecompany’sdeep‐packetinspectionprobescanpeerintoe‐mailandre‐
constructeverythingthathappensonanInternetuser’sscreen,saysQosmos’shead
ofmarketing,ErikLarsson”(ibid.).
change.org gathered 20 000 signatures for a petition against the project
(change.org,HowWeWon,December1,2011.
http://www.change.org/petitions/demand‐us‐and‐european‐cos‐stop‐supporting‐
deadly‐syria‐net‐surveillance).ItwasinitiatedbytheInternetfreedomgroupAccess
and the Syrian blogger Anas Qtiesh. Area SpA withdrew from the project. Also Qos‐
mos withdrew its technology supply and released a news statement about this cir‐
cumstance.
“Qosmos technology components are sold to third‐party software vendors to im‐
proveperformanceinawidevarietyoftelecommunications,networkinfrastructure
andcybersecurityapplications.Wesharetheconcernaboutthepotentialformisuse
ofsurveillanceapplications.Asaresult,QosmoswithdrewfromtheSyrian‘Asfador’
project–adecisionmadepriortothesystembeingfinalizedandpriortotheinitial
storyreportedbyBloombergon3November.Qosmoswillneithersupplynorsupport
itstechnologytothosewhoselltoauthoritarianregimes.Qosmosisfullycompliantin
adheringtoalllawsrelatedtothesaleanduseofitstechnology.Althoughtheuseof
Lawful Interception (LI) solutions by telecommunications companies is mandated
throughout the EU, US and most other countries worldwide to collect communica‐
tions in accordance with local laws, recent political events have shown that further
The Privacy & Security Research Paper Series, Issue # 1
regulationofLI,includingmorerestrictivelegislation,isrequiredtopreventabuse”
(Qosmos, Qosmos Statement about Recent Media Reporting. November 22, 2011.
http://www.qosmos.com/news‐events/qosmos‐statement‐about‐recent‐media‐
reporting).
Theexportofsurveillancetechnologywasinthiscircumstanceonlypreventedbe‐
causecriticaljournalistsandcivilsocietysteppedin.Theinvolvedcompanies,includ‐
ing Qosmos, seemed to have at first had no scruples about the possible use of their
technologiesforthemonitoringofpoliticalopposition,whichshowsthatitisdifficult
ifcivilsocietyhastotaketheroleofawatchdogthattriestocorrectandstopcompa‐
nies behaviour after it has actually happened or started. Civil society tends to have
limitedresourcesandonecanaskwhathappensinthosecasesthatremainunknown.
If civil society and the media had not created pressure (e.g. because of lack of
knowledge,resources,employees,etc),onecanimaginethatproject“Asfador”would
have been implemented and resulted in humans being tortured and killed for their
political believes with the help of European surveillance technologies.
The Privacy & Security Research Paper Series, Issue # 1
3.Thales
Placeofbusiness:Neuilly‐sur‐Seine,France
Website:http://www.thalesgroup.com
Self‐description:
“Withoperationsin50countriesand68,000employees,Thalesisaworldleaderin
mission‐critical information systems for defence and security, aerospace and trans‐
portation.Buildingonitsexpertiseinthemostsophisticatedtechnologiesandlarge‐
scalesoftwaresystems,Thalesissteppinguptothesecuritychallengesofitscustom‐
ers in an increasingly complex world. With its global network of 22,500 high‐level
researchers, Thales has earned particular recognition for its ability to develop and
deploy dual civil and military technologies. Leveraging its international operations
andspanningtheentirevaluechainfromequipmenttosystemsandservices,Thales
isplayingapivotalroleinmakingtheworldasaferplace”
(http://www.thalesgroup.com/AboutUs.aspx).
“The emergence of new types of threats – from terrorism and organised crime to
drugtrafficking,massimmigrationandcyberattacks–meansthatdefenceorganisa‐
tions alone are not fully equipped to contend with the changing risks.
Safety and security requirements now transpiring at the national, European and in‐
ternationallevelsreflecttheexpectationsanddemandsofthe world'scitizens.Ana‐
lysingandaddressingtherisksinvolvedcallsforexpertisethatencompassesrigorous
methods,proventechnologicalcapabilityandtheappropriateorganisationalandhu‐
manresources.
Thisconvergencebetweendefenceandsecurityhaspromptedtheneedfornewso‐
lutionsandtechnologiesthatenableorganisationstoshareexistinginformationand
communication systems whilst also ensuring the traceability of individuals and the
protectionofnetworksandinfrastructures.
Thalesinvestsasignificantshare(18%)ofitsrevenuesbackintoinnovation.Com‐
binedwiththecompany'ssolidskillsandexperienceinsecuritysystems,whichtoday
accountfor25%ofturnover,thisputsThalesinauniquepositionforaddressingthe
requirements of public authorities by developing surveillance and intelligence sys‐
tems,identitysystems,etc.,andforcontributingtothedependabilityandsecurityof
large‐scalecriticalinfrastructuresuchasrailways,energysupplynetworks,sensitive
sitesandbankinformationsystems”
(http://www.thalesgroup.com/Markets/Security/What_we_do/).
Analysis
Initsproductcatalogue2011(#3_3),ThalesofferstwoInternetsurveillancesystems:
NetSpyderandIPTr@pper.NetSpyderisanInternetsurveillancesystemthatisun‐
detectable and automatically classifies and decodes accessed web pages, e‐mails,
web‐mailaccess,chatuse,webcamuse,filetransfer,voiceoverIP(VoIP,e.g.Skype)
onthecomputersofanInternetServiceProvider(#3_3,page179).IPTr@pperisa
The Privacy & Security Research Paper Series, Issue # 1
hardwaredevicethatisconnectedtoaLocalAreaNetwork(LAN)orInternethostor
router.Itscansthetrafficandcananalysee‐mails,webaccess,chat,filetransfer,voice
over IP, and online video access (#3_1; #3_3, page 180). Both Internet surveillance
technologiescanbeusedasstandalonetoolsorintegratedintotheSpyderMonitoring
centre(#3_3,page180).BothcanbeclassifiedasDeepPacketInspection(DPI)tech‐
nologies.
Figure 1: Product description of Thales’ Net Spyder (data source: #3_3, page
179).
Figure 2: Product description of Thales IP Tr@pper (data source: #3_3, page
180)
Intheanalyseddocuments,potentialnegativeaspectsandprivacythreatsofInternet
surveillance technologies are not mentioned. The world is presented as having be‐
come more insecure, which would require the employment of security and surveil‐
lancetechnologiesinordertokeep“populations,infrastructuresandinformationse‐
cure” (#3_4): “Today’s world is faced with multiple threats. Terrorism and cyber‐
The Privacy & Security Research Paper Series, Issue # 1
crime are on the rise, and natural disasters and epidemics loom. […]Digital infor‐
mation is circulating at rates never seen before […] Many traditional borders have
becomevirtual,asglobalisationisthenorm.Inthiscontext,physicalandcybersecuri‐
tyareessentialtoprotectalltypesofassets–people,infrastructuresanddata”(#3_4,
3).“State‐of‐the‐artcommunicationsandsurveillancesystemsareessentialforeffec‐
tiveearlywarning,crisismanagement,nationaldefenceandtheprotectionofcovert
operations”(#3_4,6).Producingandsellingsurveillancetechnologiesisjustifiedwith
referencetotheneedtokeepsocietysecureandtheideathatweliveinarisksociety
thatisfacingthreatsliketerrorismandcybercrime.
In its 2010 Corporate Responsibility Report (#3_5), Thales says that one of its
“principlesisresponsibility”isthat“businessesshouldsupportandrespectthepro‐
tection of internationally proclaimed human rights and make sure that theyare not
complicitinhumanrightsabuses”(#3_5,p.4).Italsoaddressesthetopicoftheex‐
port ofweaponsandsecuritytechnologies(#3_5,pp.18‐19),saying thatitrespects
“obtainingexportlicencesfromvariousnationalauthorities”because“breachingex‐
portcontrolscanhaveseriousconsequencesforacompany.Dependingonthenature
oftheviolation,sanctionscanincludeheavyfines,imprisonmentofcompanyofficials
andprohibitionoffutureexportsorimportsbythecompany”(#3_5,p.18).Whatis
significant in this passage is that it is not mentioned that security technologies can
harmtheprivacyandhumanrightsofindividuals,butthatratherthefocusisentirely
on business interests and concerns about consequences that can negatively impact
businessperformance.
The Privacy & Security Research Paper Series, Issue # 1
4.AQSACOM
Placeofbusiness:UlisLes,France
Website:http://www.aqsacomna.com
Self‐description:
“AqsacomdevelopsandmarketsrealtimeLawfulInterception,DataRetention,Mobil‐
ityTrackingandSurveillancesolutions.Withitscorebusinessfocusedonlawfulin‐
terceptionandrelated applications for over14 years, Aqsacom provides end‐to‐end
turnkey solutions for fulfilling lawful interception and data retentionrequirements
anywhere in the world, especially over highly heterogeneous networking and ser‐
vicesenvironments”
(http://www.aqsacomna.com/us/index.cfm?vSectionCode=ABOUTUS).
Analysis
Aqsacom argues that with “the popular acceptance of the Internet as a communica‐
tionsmedium,therealsocomesadarksidetotheInternet’spower–namelytheIn‐
ternet’sexploitationbycriminalsandterrorists”(#4_5,3).
Aqsacomsaysthatdatashouldbecapturedandstoredwiththehelpoftheirtech‐
nologiesformultiplepurposes:immediateactioninmattersoflifeanddeathandon‐
going investigations, for possible investigations in the future (#4_1, 10). It refers to
the EU’s Data Retention Directive and says that technologies are needed that allow
that“datawillbestoredbetween6monthsandupto3years”andthatthe“storing
principlesmustalloweffectivemining”(#4_1,14).Lawenforcementagencieswould
“needALLhighprioritydata”thatisrelatingtoongoinginvestigationsand“peopleon
‘highinterest’list”(#4_1,15).Butalsolowerprioritydatawouldbeneededinorder
toconduct“generalanalysislookingfor‘fits’againstdefinedcriminalprofiles”andfor
“potentiallateruse if‘new’ areasorpeopleofinterest areidentified”(#4_1,16).So
AqsacomissuggestingtechnologiesthatareusedforstoringalotofdataaboutInter‐
netusageaboutsuspiciouspeopleandthemassofusersatlargesothatdataanalysis
and data mining can be conducted based on these data for criminal investigation.
Aqsacom’s surveillance systems enable “extraction of call information and content
fromthenetworkentities(voiceorIPnetworkequipment)andb)managementofthe
dataforeffectivedeliverytothelawenforcementagencies”(#4_2).Thecompanyex‐
plainsthatitssurveillancetechnologiescanoperateatallsevenlayersoftheOSIRef‐
erenceModel,whichmeansthattheycanalsoconductthe“directextractionofinter‐
ceptedcontent”(#4_5,11).ThismeansthatAqsacom’ssurveillancetechnologiescan
beclassifiedasDeepPacketInspectionInternetsurveillancetechnologies.Itprovides
twosurveillancesystems:
ALIS(AqsacomLawfulInterceptionSystem)
ADRIS(AqsacomDataRetentionIntelligenceSystem)
The Privacy & Security Research Paper Series, Issue # 1
ALISisasystemforthesurveillanceof“massive‐scalepublicIPnetworks”(#4_2).
ItinterceptstheIPaddressofspecificusersandthen“routesasecurereplicationof
allincoming/outgoingIPtraffictothelawenforcementagencyforanalysis”(#4_2).
Thesurveilloraccessesthedata“throughaneasy‐to‐use,commonuserinterface”
(#4_3).“ALIS’friendlygraphicaluserinterfaceallowsfortheeasyautomationof
manyoperationalinterceptiontasks,suchastheautomatictriggeringorstoppingof
aninterceptionoperationatpredefineddatesandtimes”(#4_5,34).ALIScanalsobe
usedforthesurveillanceofvoiceoverIPdata(e.g.Skype).
ADRISisadatastoragesystemthatcanbeusedfordataretentionbyInternetSer‐
viceProviders(ISPs)andalsoenablesthetransportofretaineddatatolawenforce‐
mentagencies.“TheADRISCollection&StorageModuleisresponsibleforthecollec‐
tionofretaineddata.Thismodulecanimporttransactionaldatafromlegacyplat‐
forms(e.g.,billingsystems)fornonreal‐timeDataRetention;however,amoredy‐
namic,future‐proofapplicationofthismoduleisinthereal‐timecollectionoflive
eventdatafromswitches,routers,probes,applicationsservers,andothernetwork
components.Oncecollected,thedataaretransformedon‐the‐fly(forreal‐timeData
Retention)intoaninternalrepresentationbytheDataCollectionMediationFunction,
thensenttotheDataRetentionRepository(alargescalestoragesystem).TheADRIS
ConsultationModulesupportsthequeryingofretaineddatathatarestoredinthe
Repository.ThismodulecontainstheRetainedDataRetrievalFunction,whichsup‐
portstheHandoverInterface(HI)withLawEnforcementAgenciestoensureastand‐
ards‐compliantandsecuremeansofrequestingandobtainingtheretaineddata.The
AdministrationModuleprovisionsADRIS’communicationswiththerequiredLaw
EnforcementAgencies.ThismodulealsoinstructstheDataCollectionMediation
Functionandnetworkelementsonwhatdataaretobecollected,whilemonitoring
thedatacollectionanddeliveryoperations”(#4_6).
AqsacomproducesInternetsurveillancetechnologiesthatcanbeclassifiedas
DeepPacketInspectiontechnologies.Italsoproducesstoragetechnologiesfordata
retention.Itjustifiestheproductionofthesetechnologiesbydescribingathreatof
terroristandcriminaluseoftheInternet.Itsaysthatitisexport‐oriented,butonits
websitewecouldfindnodetailedinformationaboutwhichinstitutionsinmorethan
30countriesareAqsacom’scustomersandwhichtechnologiestheyhaveboughtfor
whichpurposes.
Aqsacomdoesnotspecifytowhichcountriesitexactlyhasexportedsurveillance
technologies.Itmentionsthatithascustomersfromover30countries.AQSACOM's
diversifiedcustomerportfolioincludesclientsfrommorethan30countries,covering
geographicalareasasdiverseasCentralandEasternEurope,Asia‐Pacific,Africaand
theMiddle‐East.
Aqsacomsaysthat“duetothenatureofLI[lawfulinterception],securitymustbe
taken very seriously to preserve the privacy of the target and the confidentiality of
theinvestigation”(#4_3).Aqsacomwantstoensureitscustomersthatitssystemsare
securesothat“noconfidentialinformationcanbeextractedfromthemediationman‐
agementplatformoritscomponents”(#4_3)byunauthorizedparties.Aqsacomdoes
The Privacy & Security Research Paper Series, Issue # 1
notaddressconcernsabouttheuseofDPIforpoliticalrepressionandthecreationof
a society, in which everyone is seen as a potential criminal and terrorist, which re‐
verses and practically abolishes the presumption of innocence and installs a large‐
scalesurveillanceofpersonaldata.Aqsacomhasnotaddressedcriticalquestionsthat
relatetoprivacyviolationsofcitizensintheanalyseddocuments.
The Privacy & Security Research Paper Series, Issue # 1
5.Alcatel‐Lucent
Placeofbusiness:Paris,France
Website:http://www.alcatel‐lucent.com
Self‐description:
“The long‐trusted partner of service providers, enterprises, strategic industries and
governmentsaroundtheworld,Alcatel‐Lucentisaleaderinmobile,fixed,IPandOp‐
ticstechnologies,andapioneerinapplicationsandservices.Alcatel‐Lucentincludes
BellLabs,oneoftheworld’sforemostcentresofresearchandinnovationincommu‐
nications technology. With operations in more than 130 countries and one of the
most experienced global services organizations in the industry, Alcatel‐Lucent is a
localpartnerwithglobalreach.TheCompanyachievedrevenuesofEuro16billionin
2010andisincorporatedinFranceandheadquarteredinParis“(http://www.alcatel‐
lucent.com/wps/portal/aboutus).
Analysis
Alcatel‐Lucent is a global telecommunications company. One of the technologies it
produces and sells is Alcatel Lucent 1357 ULIS – Unified Lawful Interception Sites
(#5_1, #5_2).Itarguesthat the“convergenceofvoiceanddata”(#5_2,2)hasmade
surveillanceadifficultchallengeandthatULIS1357providesasolution.Thespecific
characteristic of this technology is that it can be used both for the monitoring of
phone networks and the Internet, it is an integrated communication surveillance
technology. The system “internal intercept function” allows “the intercept‐related
informationandcontentsofcommunications”(#5_1,4).Thismeansthatthetechnol‐
ogy can monitor Internet content, which makes it a Deep Packet Inspection surveil‐
lance tool. The system’s “administration function” “delivers the data and content to
theLEA”(lawenforcementagency,#5_2,4).
The Privacy & Security Research Paper Series, Issue # 1
Figure3:Altacel‐Lucent’s1357ULIS(datasource:#5_2)
Alcatel‐Lucentsaysthatthe1357ULISsystemhasbeen“deployedinmorethan70
countries”(#5_2,7;#5_1,6),butdoesnotspecifywhichcountriestheseare.Alcatel‐
Lucentsaysthatitis“alongtermleaderintheMiddleEast,headquarteredinEgypt
withlocalpresencein19countries”,includingbesidesEgypte.g.Bahrain,Iran,and
Syria(documentAlctael‐LucentintheMiddleEast,http://www.alcatel‐
lucent.com/wps/DocumentStreamerServ‐
let?LMSG_CABINET=Docs_and_Resource_Ctr&LMSG_CONTENT_FILE=Corp_Governan
ce_Docs/Midle_East‐RU_PROFILE.pdf&lu_lang_code=en_WW).Alcatel‐Lucentalso
signedcontractswithLibyaTelecomandTechnology(MaghrebConfidential.Alcatel‐
Lucent.May9,2008)andtheLibyanPostTelecommunications&InformationTech‐
nologyCompany(TelecomWorldwide.Alcatel‐Lucenttoprovidefibre‐opticbackbone
networkcontractforLibya.July12,2007)forinstallingInternetnetworksinLibya.
WecouldfindnoinformationonAlcatel‐Lucent’swebsitetowhichcountriesitex‐
portedits1357ULISsystem.
Inits2010CorporateResponsibilityReport(#5_3),Alcatel‐Lucentdevotesoneof
108pagestothetopicofprivacy.Itsaysthatit“iscommittedtorespectingindividu‐
als’privacyrightsandexpectationsandtoprotectingthepersonaldataitcollects
The Privacy & Security Research Paper Series, Issue # 1
fromunauthorizedaccess,use,retention/storageand/ordisclosure”(#5_3,23).The
reportaddressesprivacyprotectionataverygenerallevel,nodiscussionofprivacy
concernsaboutDeepPacketInspectionInternetsurveillancetechnologiessuchas
1357ULISisgiven.1357ULISisneithermentioned,norisitexplainedtowhichor‐
ganizations,institutionsandcountriessuchtechnologieshavebeensold.
The Privacy & Security Research Paper Series, Issue # 1
6.Amesys
Placeofbusiness:LesMilles,France
Website:http://www.amesys.fr
Self‐description:
“Amesysestuneentreprisefrançaise,leaderdanslaconceptionetl’intégrationdes
systèmescritiquesdehautetechnologie.Grâceàsonexpertisecombinéede
l’électroniqueetdel’informatique,Amesyss’adresseauxsecteursd’activitésstraté‐
giques“:"AmesysisaFrenchcompany,leaderinthedesignandintegrationofcritical
systemsofhightechnology.Withitscombinedexpertiseinelectronicsandcompu‐
ting,Amesystargetsstrategicsectors”
(http://www.amesys.fr/index.php/fr/amesys/qui‐sommes‐nous)
“ActeurreconnudansledomainedelaDéfense,Amesysaconstruitsarenomméesur
samaîtrisedestechnologiesmilitairesetsonexpertisetechniqueenmatièrede
guerreélectronique”
"Recognizedplayerinthefieldofdefense,Amesyshasbuiltitsreputationwithits
expertiseinmilitarytechnologyandtechnicalexpertiseinelectronicwarfare”
(http://www.amesys.fr/index.php/fr/secteurs‐dactivites/defense).
In2010,theFrenchcompanyBullboughtAmesys.
Analysis
Amesysdistinguishestwotypesofsurveillancesystems:lawfulinterceptionandmas‐
siveinterception.“ThemaingoalofLawfulinterceptionistoanalyzeindeepthetraf‐
ficofpredefinedtargets.InLIsystems,allthetarget’strafficisduplicatedbytheSer‐
vice Provider (phone, mobile or Internet) and is sent to a centralized interception
system. Then, the investigators analyze as deeply as possible all the traffic of each
target”(#6_18,5).
Massiveinterceptionallowsthesurveillanceof“billionsofcommunications”andto
notonlyinterceptatarget’scommunication,butalso“toprovidetheadvancedtools
needed to find potential new targets” (#6_18, 5). Such systems are able to “analyze
thewholecountry’strafficinrealtime”andtostoreandarchivedata(#6_18,5).They
allowthe“globalsearchandsurveillanceofallInternettraffic”(#6_1).Figure4visu‐
alizesthedifferencesbetweenthetwosurveillancesystems.
Amesyssaysthatmassiveinterceptionisneeded“intheconstantstruggleagainst
criminalsandterrorism”(#6_1)inorderto“reducecrimelevels,protectfromterror‐
ismthreats,andidentifynewincomingsecuritydanger[s]”(#6_1).
The Privacy & Security Research Paper Series, Issue # 1
Figure 4: “Lawful interception” and “massive interception” (data source: 6_1).
Amesys’ EAGLE surveillance system consists of a Captor collecting the data, a Data
Centerthatclassifiesandstoresdata,theMonitoringCenterandSmartAnalysisTools
(#6_18,6).AmesysdescribesEAGEasproviding“acentralizedpointofview”because
itcan“aggregatedifferentsourcesofinformation”andallowsthesurveillanceofdif‐
ferent networks (such as the Internet, analogical phones, mobile phones, satellite
phones) (#6_1, see also figure 5). With the help of software, the results of the con‐
ducted surveillance are displayed to controllers sitting in monitoring centres (#6_5,
7).
The Privacy & Security Research Paper Series, Issue # 1
Figure5:Amesys’EAGLEsystem(datasource:#6_1)
Amesys’notionofsurveillancesystemsthatbuildacentralpointofviewremindsof
Foucault’snotionofsurveillanceaspanopticism.Surveillanceisbasedon“aprinciple
ofcompulsoryvisibility”thatisexercisedthroughtheinvisibilityofdisciplinarypow‐
er(Foucault1977,187),it“mustseewithoutbeingseen”(171),is“capableofmaking
allvisible,aslongasitcoulditselfremaininvisible”(214),itisa“systemofperma‐
nentregistration”(196)inwhich“alleventsarerecorded”(197),a“machinefordis‐
sociating the see/being seen dyad” (202). “One is totally seen, without ever seeing”
(202).“Heisseen,buthedoesnotsee;heistheobjectofinformation,neverasubject
incommunication“(200).“thepanopticmechanismbasicallyinvolvesputtingsome‐
one in the center – an eye, a gaze, a principle of surveillance – who will be able to
makeitssovereigntyfunctionoveralltheindividuals[placed]withinthismachineof
power.Tothatextentwecansaythatthepanopticonistheoldestdreamoftheoldest
sovereign:Noneofmysubjectscanescapeandnoneoftheiractionsisunknownto
me.Thecentralpointofthepanopticonstillfunctions,asitwere,asaperfectsover‐
eign“(Foucault2007,93f).BasedonFoucaultonecansaythatAmesysaimstobuild
systems that perfect sovereigntyby making unknowns known to those who control
thesystem.
The Privacy & Security Research Paper Series, Issue # 1
Figure6showsamodeloftheEAGLEsurveillancesystem.
Figure6:Amesys’EAGLEsystem
TheEAGLEsystemprovides“tactical”tools(SMINT,SMAW)and“strategic”tools
(GLINT,GLAW)(#6_1).ThetacticaltoolsareportableandcanbepluggedintoanIP
networkforanalysingthecontentofanetwork(#6_5,10).Incontrast,the“massive
systemisdesignedtoanswertotheneedofinterceptionandsurveillanceonascale
ofnation”(#6_5,10).
TheEAGLEGLINTsystemcanretrieve,storeandanalysedatacomingfrommore
than300differentInternetprotocols(mail,webmail,VoIP,chat,http,searchengines,
filetransfer)(#6_9,5f;#6_12).Amesyssaysthatisa“coretechnology”that“isde‐
signedtohelpLawEnforcementAgenciesandIntelligenceorganization[s]toreduce
crimelevels,toprotectfromterrorismthreatsandtoidentifynewincomingsecurity
danger[s]”(#6_9,4).ItisaDeepPacketInspectiontechnologythatcan“record,de‐
code,storeanddisplaytheinterceptednetworktraffic”(#6_12).“GLINTisasystem
designedtomonitorandinterceptinrealtimeinformationon[a]veryhighdatarate
network”(#6_12).GLINTisnotlimitedtoInternetsurveillance,butenablesalsothe
surveillanceoffixedline‐,mobile‐andsatellitephonenetworks,andmicrowave
transmission(#6_12).
SMINTisaportableDeepPacketInspectionsurveillancetechnologythatis“plug‐
gabledirectly”toanIPnetwork,worksonthemostcommonprotocols,focusesonthe
monitoringofIPtraffic,can“recorddaysoftraffic”,analysesurveillancedata(#6_11).
“SMINTisatacticalsystemdesignedtorecord,store,analyseanddisplayinrealtime
The Privacy & Security Research Paper Series, Issue # 1
information.Thissystemisabletomonitorawiderangeofprotocols,includingmail,
voiceoverIP(VoIP),webmail,chat,webbrowsing…”(#6_11).
i2eTechnologieswascreatedin1979andwasfusedin2007withArtwaretoform
the company Amesys (http://www.crescendo‐industries.de/index.php?g=0&s=2). A
document(#6_15)specifiesasurveillancesystemthati2eTechnologies,accordingto
thedocument,plannedtodelivertoLibya.Thesystemsdescribedareabletomonitor
phonenetworksandtheInternet.Thedocumentsaysthattherewasavisitofi2eto
Libyaonthe10thand11thofMay,2006,andavisitofLibyanofficialstothecompa‐
ny’sFrenchoffices(#6_15,3).“Thisdocumentisourtechnicalspecificationforyour
homelandsecurityproject.Itcoversallaspectsdiscussedbetweenthevariousteams
ofexpertsfromyourorganisationandourcompany”(#6_15,3).
Thedocumentamongotherthingsdescribesa“NetworkStreamAnalyser”that“is
mainly designed to monitor all Internet traffic and intercept those mails that may
content information relevant to the Public Safety System Organisation” (#6_15, 26).
ThesystemcanmonitorvariousInternetprotocols(#6_15,27).Itallowse.g.thesur‐
veillance of e‐mail content, attachments, web sites browsed, chat messages, the
searchforkeywordsincapturede‐mails,thecaptureoftrafficfromandtoanIPad‐
dress,themonitoringofspecifictelephonenumbers(#6_15,37).Thedocumentalso
talksaboutthesetupofmonitoringcentres(seefigure7).
Figure7:Monitoringcentres(datasource:#6_15,32).
Figure 8 shows a model of the entire Internet surveillance system specified in the
document. The document also specifies that 3 Libyan engineers should spend 2
monthsinParisinorder“toassistandhelptheArabisationandcustomizationofthe
The Privacy & Security Research Paper Series, Issue # 1
system”,thattherewouldbea2weeklongtrainingandthat“twoi2eengineerswill
be installed in Tripoli for the 6 first months to help the customer in any matter”
(#6_15,43).
Figure8:Internetsurveillancesystemplannedbyi2e(datasource:#5_15,42)
The Privacy & Security Research Paper Series, Issue # 1
Bull’sCEOPhilippeVannierdescribestheactivitiesofAmesys‐Bullintheareaofde‐
fence: “When it comes to defense of course one thinks of missiles, etc… But there’s
another aspect of the defense landscape that’s all about controlling information,
searchinginformation…sonaturallyyou’dtrytobeabletoanalyzeeverythingthat’s
circulatingaroundthesecommunicationsnetworkswhetherit’svoicetraffic,images,
dataandhere,withtheAmesys‐Bullcombinationwe’reofferingsometotallyunique
tools” (subtitles taken from a French video by Bull: http://www.bull‐
world.com/c_TancXb_en_security).
InAugust2011,theWallStreetJournalwrotethattheAmesyssolddeeppacketin‐
spectiontechnologiestoLibya,where,accordingtotheWallStreetJournal,Gaddafi’s
regimeusedtheminanInternetspyingcentreinTripolitomonitortheInternetus‐
ageofLibyancitizensandpoliticalopponents(WallStreetJournalOnline,Firmsaided
Libyanspies.Firstlookinsidesecurityunitshowshowcitizensweretracked.August
30,2011).TheInternationalFederationforHumanRightsandtheLiguedesDroitsde
l'HommeetduCitoyenfiledcriminalchargesagainstAmesys(FIDH,FIDHandLDHfile
acomplaintconcerningtheresponsibilityofthecompanyAMESYSinrelationtoacts
oftorture.October19,2011):
“On the ground floor of a six‐story building here, agents working for Moammar
Gadhafi sat in an open room, spying on emails and chat messages with the help of
technologyLibyaacquiredfromtheWest.Therecentlyabandonedroomislinedwith
posters and English‐language training manuals stamped with the name Amesys, a
unitofFrenchtechnologyfirmBullSA,whichinstalledthemonitoringcenter.Awarn‐
ingbythedoorbearstheAmesyslogo.Thesignreads:‘Helpkeepourclassifiedbusi‐
ness secret. Don't discuss classified information out of the HQ’. The room, explored
Monday by The Wall Street Journal, provides clear new evidence of foreign compa‐
nies' cooperation in the repression of Libyans under Col. Gadhafi's almost 42‐year
rule.ThesurveillancefilesfoundhereincludeemailswrittenasrecentlyasFebruary,
aftertheLibyanuprisinghadbegun.[…]
This kind of spying became a top priority for Libya as the region's Arab Spring
revolutionsblossomedinrecentmonths.[…]TheTripoliInternetmonitoringcenter
wasamajorpartofabroadsurveillanceapparatusbuiltbyCol.Gadhafitokeeptabs
on his enemies. Amesys in 2009 equipped the center with ‘deep packet inspection’
technology,oneofthemostintrusivetechniquesforsnoopingonpeople'sonlineac‐
tivities,accordingtopeoplefamiliarwiththematter.[…]
Gadhafi'sregimehadbecomemoreattunedtothedangersposedbyInternetactiv‐
ism,eventhoughthenationhadonlyabout100,000Internetsubscriptionsinapopu‐
lationof 6.6million. TheEaglesystemallowsagentstoobserve networktrafficand
peer into people's emails, among other things. In the room, one English‐language
postersays:’WhereasmanyInternetinterceptionsystemscarryoutbasicfilteringon
IPaddressandextractonlythosecommunicationsfromtheglobalflow(LawfulInter‐
ception), EAGLE Interception system analyses and stores all the communications
from the monitored link (Massive interception)’. [...] In a basement storage room,
dossiers of Libyans' online activities are lined up in floor‐to‐ceiling filing shelves”
The Privacy & Security Research Paper Series, Issue # 1
(Wall Street Journal Online, Firms aided Libyan spies. First look inside security unit
showshowcitizensweretracked.August30,2011).
Peter Bouckaert, Human RightsWatch's emergencies director, expressed thecon‐
cern that Western companies and governments take actions to destroy evidence of
theirsupportofGaddafiandthesurveillanceofthepoliticaloppositioninLibya(The
Times,WesttriestocoverupLibyadeals:Theraceisontoseekoutanddestroyany
incriminatingevidence.October7,2011).
Inapressrelease,Amesysdisputedtheclaimthatitinstalledasurveillancesystem
inLibyaandannouncedthatitreservestherighttofilesuitagainstthosewhomake
suchclaims:
“AmesyssignedacontractwiththeLibyanauthoritiesin2007.Therelevanthard‐
warewasdeliveredin2008.Thecontractwasrelatedtothemakingavailableofanal‐
ysishardwareconcerningasmallfractionoftheInternetlinesinstalledatthattime(a
fewthousand). ThisdidnotincludeeitherInternetcommunicationsviasatellite(as
usedinInternetcafes),encrypteddatasuchasSkype‐typecommunications,orfilter‐
ingofWebsites.Inaddition,thehardwareuseddidnotallowforthemonitoringof
eitherfixedormobiletelephonelines.
Thecontractwasconcludedatatimewhentheinternationalcommunitywasinthe
processofdiplomaticrapprochementwithLibya,whichwaslookingtofightagainst
terrorismandactsperpetratedbyAlQaeda(2007wastheyearinwhichtheBulgari‐
annurseswerereleased).(InDecember2007MuammarGadhafimadeanofficialvisit
to France; in July 2009 Muammar Gadhafi met with Barack Obama in Italy).
All Amesys' business dealings comply rigorously with the legal and regulatory re‐
quirementssetoutininternational,EuropeanandFrenchconventions.Amesysdoes
notoperateanytelephoneorInternetmonitoringcenters,anywhereworldwide.[...]
Amesysreservesitsrightsinrelationtoanyinfringementthatmayaffectitsimageor
reputation”
(Amesys,Pressrelease.September1,2011.
http://www.wcm.bull.com/internet/pr/new_rend.jsp?DocId=673289&lang=en).
Sotherearetwodifferentstories:Ontheonehandjournalistsandhumanrightsac‐
tivistswhosaythattheydiscoveredaLibyanmonitoringcentreandthat“Amesysin
2009 equipped the center with ‘deep packet inspection’ technology”. On the other
handAmesysthatsaysthatitdoesnotoperatesuchcentres.Andthereisadocument
releasedbyWikiLeaks(#5_15)thatifauthenticseemstosuggestbusinessrelations
betweeni2eandLibya.
The Privacy & Security Research Paper Series, Issue # 1
7.Elaman
Placeofbusiness:Munich,Germany
Website:http://www.elaman.de
Self‐description:
“ELAMAN, with its headquarters in Munich/Germany and its subsidiaries in Du‐
bai/United Arab Emirates and Malans /Switzerland, specializes in security require‐
mentsforgovernmentandlawenforcementworldwide.Ouraim is toprovidecom‐
prehensive security products and solutions, technical consultancy and services as
well as professional training for our customers” (http://www.elaman.de/company‐
profile.php).Thecompanywasestablishedin2004(#7_2,1).
Analysis
Elaman justifies its production if surveillance technologies with the need to fight
crimeandterrorism:Lawfulinterceptionisneeded“forinvestigatingandprosecuting
criminalactivitiesandterrorism”(#7_10,11).
OneoftheanalyseddocumentsisaproductspecificationoftheCS‐2000HighEnd
(#7_4), a high performance network platform that has a Deep Packet processing
module(DPPM)thatcan“detectandtrackupto1millionsimultaneousflows”(#7_4)
and conduct “up to 5 gigabits per second L2‐7 inspection and analysis”. Other tech‐
nologiesadvertisedbyElamanincludeforexampleapeertopeer(p2p)trafficfilter
(#7_5), the portable IP monitoring system Poseidon Flyer (#7_6), the portable mo‐
deminterceptionsystemMuninPOTS(#7_7),orthePOSEIDONInternetMonitoring
Center(#7_9).
“POSEIDONMobilisaportablesystemforrecording,reconstructionandevaluation
ofIP‐dataandtheirapplications,e.g.email,web‐sessions,chat.[…]POSEIDONMobil
consistsodthreefunctionalparts.Therecordingoftherawdata,pickedupfromdif‐
ferentkindsofcommunicationlines,thedatabasemanagementforinternalorganiza‐
tionalpurposesofthesedataandthereconstructionfunctiontoanalyzeandevaluate
therecordedIP‐baseddata”(#7_6,2).
MuninPOTSinterceptsInternetdatasentfrom onesource overamodem.Itis“a
trueportablemodeminterceptsolutiontobeusedinoperations,wheredirectaccess
tothetargetlinesisrequired.Thisunitcanbedeployedinthefieldclosetothetarget
or installed on a permanent basis in a monitoring centre” (#7_7, 3). It can monitor
datafromdifferentprotocols,suchaswebsites,e‐mailsandattachments,chat,VoIP,
andfiletransfer,messengerservices.
ThePOSEIDONInternetMonitoringCenter“isanequipmentforrecording,recon‐
struction and evaluation of IP‐Data, which are passively recorded from different
communicationlines.Itreadsthedata,filtersthemaccordingtopredefinedfiltercri‐
teria[…],addsatimestamptothedata(NTP‐Server)andsavesthedatainrawformat
The Privacy & Security Research Paper Series, Issue # 1
inadatabase.UsingtheAnalyzerUserInterfacethe datacan– evenonline– be re‐
constructedandevaluated”(#7_9).Figure9showsthatPoseidontypicallyprocesses
InternetdatafromInternetServiceProviders(ISPs).POSEIDONcanmonitorcontent
fromalotofdifferentprotocols,forexamplee‐mail,WWW(http,smtp),chat,FTP,or
VoIP.
Figure9:POSEIDONInternetMonitoringCenter(datasource:#7_9,3)
The Privacy & Security Research Paper Series, Issue # 1
AdocumentthatpresentsElaman’s“CommunicationsMonitoringSolutions”(#7_12)
for the surveillance of phone networks, satellite communication, SMS, the Internet,
and Radio Frequency Monitoring (RFM), and various other tools (such as FinFisher
andspeechidentificationsoftware)specifiesonetaskofdataretentiontechnologies
in the following way: “In the field of telecommunications, data retention generally
referstothestorageofcallrelatedinformation(numbers,date,time,position,etc.)of
telephony and internet traffic. The stored data is usually telephone calls made and
received,emailssentandreceived,web‐sitesvisitedandlocation data.Theprimary
objectiveindataretentionistrafficanalysisandmasssurveillance.Byanalysingthe
retaineddata,governmentscanidentifyanindividual’slocation,theirassociatesand
membersofagroup,suchaspoliticalopponents”(#7_12,17;emphasisadded).
Elaman advertises its surveillance products and services as well as surveillance
technologies by other companies as means for fighting terrorism and crime. The
technologies described in this section can be classified as Deep Packet Inspection
Technologies,theyallowtomonitorthecontentofInternetcommunicationandother
formsofcommunication.Intheanalyseddocuments,wecouldnotfindanycomments
about privacy violation concerns and the limitation of human rights that may arise
from the use of DPI Internet surveillance and related forms of surveillance. In con‐
trast, as shown, Elaman says that data retention can help governments to identify
“members of a group, such as political opponents” (#7_12, 17). The question that
ariseshereisifthisformulationquestionsthe“righttofreedomofpeacefulassembly
andtofreedomofassociation”thatisdefinedinarticle11oftheEuropeanConven‐
tion of Human Rights and in article 12 of the Charter of Fundamental Rights of the
European Union (“Everyone has the right to freedom of peaceful assembly and to
freedomofassociationatalllevels,particularinpolitical,tradeunionandcivicmat‐
ters,whichimpliestherightofeveryonetoformandjointradeunionsfortheprotec‐
tion of his or her interests”). The European Convention of Human Right allows re‐
strictingthisfreedomifitis“necessaryinademocraticsocietyintheinterestsofna‐
tionalsecurityorpublicsafety,forthepreventionofdisorderorcrime,fortheprotec‐
tion of health or morals or for the protection of the rights and freedoms of others”.
Elaman’s formulation may however imply that it wants to enable governments in
generaltomonitorthemembershipofpoliticalgroups,whichmaylimittherightto
freedom of political assembly and also raises the question if the formulation disre‐
spects theEU’sDataProtectionDirective (95/46/EC)thatprohibits“the processing
ofpersonaldatarevealingracialorethnicorigin,politicalopinions,religiousorphilo‐
sophical beliefs, trade‐union membership, and the processing of data concerning
healthorsexlife”(article8).
Elamanoffersinanewsletter(#7_10)seminarsfortheuseofGammaInternation‐
al’sFinFisherITintrusionsoftwareaswellasanintrusionportfolioofferedtogether
byElamanandGamma.FinFisherisaso‐called“Trojanhorse”,asoftwarethatonce
installed allows the intruder remote access. FinFisher can infect computers, mobile
phones,localnetworksandISPnetworksandextractdatafromthesesystems(#7_10,
4‐10). The product and training for it was also advertised in Eleman’s Communica‐
The Privacy & Security Research Paper Series, Issue # 1
tionsMonitoringcataloguefromOctober2007(#7_2).FinFishercane.g.betarnedas
asoftwareupdatethatissenttoacomputerormobilephone(NDR.ZAPP:Germany
SpywareforDictators.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).
TheGermanregionalpublicserviceTVstationNDRreportedaboutasecretofferof
the UK company Gamma to the Egyptian state for the FinFisher technology (NDR.
ZAPP:GermanySpywareforDictators.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).
The Egyptian blogger Mostafa Hussein, who discovered the documents, argued in
theNDRreportthatthissoftwareis“exactlylikeweapons”(ibid.).TheEgyptianIn‐
ternetactivistIsraaAbdelFattahwasinterviewed,sayingthatthissoftwareis“help‐
ingthedictators[…]to[…]attacktheactivism”(ibid.).HerownInternetcommunica‐
tionwassurveilledbytheEgyptiangovernment.Shesaidthatsurveillancecompanies
“only think about money” (ibid.). NDR also describes Gamma’s attempts to sell sur‐
veillance technologiestoTurkmenistanandOman(ibid.).The AustrianIT journalist
ErichMöchelsaidthatsurveillancetechnologycompaniesencourage“repressionand
torture”(ibid.).ElamandoesnotproduceFinFisher,itratheradvertisesthistechnol‐
ogyandseminarsforitsuse.TheNDRreportalsomentionedandproblematizedthe
quotation by Elaman about the surveillance of political opponents (ibid). NDR con‐
cludedthat“criticalquestionsareevidentlyunwelcomeinthisindustry”(ibid.).
Elaman also advertised the Nokia Siemens Monitoring Centre in one of its docu‐
ments(#7_2).TheAustrianjournalistErichMöchelreportedinApril2008that“with
highlikelihoodaresurveillancesystemsdevelopedbySiemensMunichusedincoun‐
trieslikeChina,Iranandothertotalitarianstatesfortrackingdissidents,ethnicaland
religious minorities”7 (Möchel, Erich. Datenjagd auf Dissidenten. April 7, 2008.
http://www.fuzo‐archiv.at/artikel/268868v2/).AskedforacommentbytheAustri‐
an Broadcasting Company ORF that published Möchel’sreport, Nokia Siemens com‐
mented: “Following the wish of our customers, we unfortunately cannot disclose,
whichorganisationshaveboughtoursolutions”8(ibid.).
Elamanhasinadocumentexpressedthatsurveillancetechnologiescanbeusedfor
identifyingpoliticalopponents.Politicalrealityshowsthatsome ofthetechnologies
thatitadvertisedinitsdocumentshavebeenusedforthisverypurpose:Accordingto
reports,Gamma’sFinFisherwasusedinEgypttomonitorthecommunicationsofpo‐
liticalactivistslikeIsraaAbdelFattah.Elamanhasinoneofitsdocumentsadvertised
thecapacityofsurveillancetechnologyto“identifyanindividual’slocation,theiras‐
sociatesandmembersofagroup,suchaspoliticalopponents”(#7_12,17).
7
“MithoherWahrscheinlichkeitwerdenvonSiemensMünchenentwickelteÜberwachungssystemein
LändernwieChina,demIranundanderentotalitärenStaatenzurVerfolgungvonDissidenten,ethni‐
schenundreligiösenMinderheiteneingesetzt”.
8
"DemWunschunsererKundenentsprechendkönnenwirleidernichtbekanntgeben,welcheOrgani‐
sationenunsereLösunggekaufthaben”.
The Privacy & Security Research Paper Series, Issue # 1
The Privacy & Security Research Paper Series, Issue # 1
8.Datakom
Placeofbusiness:Ismaning,Germany
Website:http://www.datakom.de/
Self‐description:
“TheDATAKOMGmbHisaleadingtechnology‐integratorandserviceprovideronthe
ICTmarket.Since1986offerwetrend‐settingtest‐,analysis‐,security‐andmanage‐
ment‐systems for all communications networks”9 (http://www.datakom.de/ueber‐
uns.html)
“Monitoringmeansthepluggingofamonitoringprobetodatalinesforsurveillanceof
the network. At line speed, the data are detected, decoded, stored and analysed ac‐
cordingtodifferentaspects(DeepPacketInspection,DPI)”
(http://www.datakom.de/netzwerk‐analyse‐simulation/netzwerk‐
monitoring.html)10.
Analysis
Datakomsaysthatforlawfulinterception“everybitandbytehastobeanalyzed”in
ordertocreate“Application/ContentAwareness”(#8_1).ItthereforepromotesDeep
PacketInspection(DPI)technologiesthatcreate“TOTALvisbilityatnetworkspeed”
(#8_1;seealsofigure10).
Datakomprovidestheinstallationofsurveillancetechnologiesasaservicethatis
primarilydirectedatcompaniesthatwanttomonitortheirinternalnetworks(#8_2).
DatakomalsooperatesanInterceptionCentreinBremenandofferstotelecommuni‐
cationsoperatorstheservicetoroutelawenforcementrequestfortargetedsurveil‐
lanceoverthismonitoringcentre(#8_3).
Datakom propagates the panoptic idea of “total visibility” of communication net‐
workswiththehelpofDPIsurveillancetechnologies.Wecouldintheanalyseddocu‐
mentsandonDatakom’swebsitenotfindanydiscussionofdataprotection,privacy
andethicalproblemsthatmayariseduetoDPI.
9
“DieDATAKOMGmbHistführenderTechnologie‐IntegratorundServiceprovideramITK‐Markt.Seit
1986bietenwirrichtungsweisendeTest‐,Analyse‐,Sicherheits‐undManagementsystemefüralle
Kommunikationsnetze”.
10
“MonitoringbedeutetdasAufschalteneinerMonitorprobeaufDatenleitungenzurÜberwachungdes
Netzwerks.DieDatenwerdeninLeitungsgeschwindigkeiterfasst,decodiert,gespeichertundnach
unterschiedlichenGesichtspunktenanalysiert(DeepPacketInspection,DPI)”.
The Privacy & Security Research Paper Series, Issue # 1
Figure10:Datakom’svisionoftotalvisbility(datasource:#8_1)
The Privacy & Security Research Paper Series, Issue # 1
9.trovicor
Placeofbusiness:Munich,Germany
Website:http://www.trovicor.com/
Self‐description:
“trovicorstandsforalmosttwodecadesofcustomer‐centricdevelopmentsproviding
state‐of‐the‐art intelligence solutions. trovicor is an industry leader who pro‐
videsturnkey intelligence solutions. These solutions are based on our own state‐of‐
theartcoredevelopmentsintegratingbest‐in‐classthirdpartyproductsandourcus‐
tomer‐centricCareProgrammes.
Atpresentweemploysome170expertsworldwide.OurheadquartersinMunichad‐
dress Europe, the Community of Independent States (CIS) and both Americas; our
subsidiaries in Dubai and Islamabad cater for the Middle East and Africa; the Kuala
LumpurofficefocusesonAsiaPacific.
Based on our vast experiences our main business goal has always been to generate
sustainablebenefitsforlawenforcementandgovernmentagencies.Inthecourseof
developingmanyandvariedMonitoringCentersolutionsaswellasotherintelligence
projects,wehavegainedanin‐depthexperienceoftheirrequirements“
(http://www.trovicor.com/en/about‐us/in‐brief.html).
“Our vision: 'Being the leading solution provider for the intelligence community' ‐
reflectsourpassiontobuildasolutiondrivenandsustainablebusinessforasuccess‐
fulfuture.
Our mission: 'Makingthe world a saferplace' ‐ expresses the understanding of our
missionfortodayandtomorrow.Weareconvincedthatourexpertisehelpstomain‐
tainandenhancepre‐emptivesecurity,andthuscontributestothequalityofallpeo‐
ples’lives.[…]
We don't justphilosophise about warnings like 'without security, there is no free‐
dom';together with ourpartners we can help to increase safety and security. Good
governancehastotakeappropriateactionstomaketheworldasaferplaceforindi‐
viduals, families and nations. We believe that this is where true freedom begins“
(http://www.trovicor.com/en/about‐us/philosophy.html).
Analysis
OnMarch31st,2009,NokiaSiemensNetworkssolditsIntelligenceSolutionsbranch
toPersuaGmbH(NokiaSiemensNetworks,ProvisionofLawfulInterceptCapacityin
Iran. June 22, 2009. http://www.nokiasiemensnetworks.com/news‐events/press‐
room/press‐releases/provision‐of‐lawful‐intercept‐capability‐in‐iran) that now op‐
erates it under the name trovicor GmbH (Spiegel Online International, Western Sur‐
veillanceTechnologyintheHandsofDespots.December8,2011).Wewilltherefore
intheanalysisfocuspartlyonNokiaSiemensNetworks’surveillancetechnologies.
The Privacy & Security Research Paper Series, Issue # 1
trovicor justifies its business operations with the need to fight crime and terror‐
ism: “Never before has information been exchanged so fast and in so many ways.
Needlesstosaythatcriminalsandterroristorganisationshavealsobeenfasttoreal‐
isethevastopportunitiespresentedbymoderntelecommunications.Whenitcomes
to fighting crime and thwarting terrorist attacks, law enforcement and government
securityagenciesneedtherightcommunicationtoolstogetresults”
(http://www.trovicor.com/en/business‐sections/lawful‐interception.html).
trovicor produces and sells a Monitoring Center (MC): “The trovicor Monitoring
Center (MC) has been specifically developed to serve the complex needs of law en‐
forcement and national security agencies worldwide. It enables them to intercept,
retain,analyse,investigateanddistributeinterceptedvoiceanddatacommunication
aswellashistoricaldata.It’susagespansfrominterceptofcommunicationsinfixed
andmobilenetworkstoNextGenerationNetworkingandInternet“
(http://www.trovicor.com/en/business‐sections/communication‐
monitoring.html).
“Inordertodeliver,storeandanalysedata,suchastelephonenumbers,date,time,
content etc. that were gained through the interception of telecommunication net‐
worksaMonitoringCenter(MC)isneeded.TheMonitoringCentercandecode,store,
viewthedataandpreparethemfortherespectiveanalysis.Theinterfacetechnology
used between the Monitoring Center and the telecommunication network is related
toitsformat,e.g.PSTN,GSM,UMTS,CDMA,IP.Additionallythenetworkproviderde‐
fines the switch technology used (Nokia‐Siemens, Ericsson, Alcatel‐Lucent, Cisco,
etc.)”
(http://www.trovicor.com/en/business‐sections/lawful‐interception.html).
Elaman’sCommunicationMonitoringproductcataloguefromOctober2007(#7_2)
contains aproduct sheet of theNokia Siemens Monitoring Center. It is described as
“makingtheworldsaferwithtrend‐settingintelligencesolutions”,“usingtelecommu‐
nicationstotargetterrorismandcrime”(#7_2).Thevisioncommunicatedis“thatour
expertisewillenhancepeaceandtherebycontributetothequalityofpeoples’lives”
(#7_2). This part of Elaman’s product catalogue holds the address and a copyright
noticebyNokiaSiemensNetworks.TheNokiaSiemensMonitoringCentercaninter‐
cept data from mobile and fixed line phone networks and the Internet (#7_2). The
taskfortheuseoftheMonitoringCenterwouldbeto“discoverhiddenpatternsand
criminal structures, anticipate and prevent crimes”, “fighting crime and thwarting
terroristattacks”because“criminalgroupsandterroristorganizationsalsohavebeen
quicktorealizethevastopportunitiespresentedbymoderncommunications”(#7_2).
AnothersystemadvertisedinElaman’sCommunication MonitoringcatalogueisSie‐
mens’IPInterceptionSystem–IPIS(#7_2)that“iscapableofinterceptingdatainthe
Internet,inotherIPbasednetworksandVoIPinNextGenerationNetworks”(#7_2).
IPdatacanbeextractedfromemail,theWWW,VoIP,andinstantmessaging(#7_2).
InApril2009,theWashingtonTimesreportedthatNokiaSiemenssoldaMonitor‐
ingCentretoIran:
The Privacy & Security Research Paper Series, Issue # 1
“Nokia Siemens Networks (NSN), a joint venture between the Finnish cell‐phone
giantNokiaandGermanpowerhouseSiemens,deliveredwhatisknownasamonitor‐
ing center to Irantelecom, Iran's state‐owned telephone company. A spokesman for
NSN said the servers were sold for ‘lawful intercept functionality,’ a technical term
used by the cell‐phone industry to refer to law enforcement's ability to tap phones,
read e‐mails and surveil electronic data on communications networks.
In Iran, a country that frequently jails dissidents and where regime opponents rely
heavily on Web‐based communication with the outside world, a monitoring center
thatcanarchivetheseinterceptscouldprovideavaluabletooltointensifyrepression.
Lily Mazaheri, a human rights and immigration lawyer who represents high‐profile
Iraniandissidents,saidshehadsuspectedthatthegovernmenthadincreaseditsca‐
pabilitytomonitoritsperceivedenemies.
Recently,oneofherclientswasarrestedbecauseofinstantmessaginghehadpar‐
ticipatedinwithMs.Mazaheri,shesaid.’Hetoldmehehadreceivedacallfromthe
MinistryofIntelligence,andthisguywhenhewenttotheinterrogation,theyputin
frontofhimprintedcopiesofhischatswithme.Hesaidhewasdumbfounded,andhe
wassenttoprison.’
[…]HadiGhaemi,spokesmanfortheInternationalCampaignforHumanRightsin
Iran,said12women´srightsactivistswerearrestedlatelastmonthataprivatemeet‐
ingtocelebratethePersianNewYear.Hesaidtheraidsuggestedthestatehadaccess
toprivatecommunications.
’This is an absolute threat to the privacy of all Iranian activists. It puts them in
dangerofbeingconstantlymonitoredbytheintelligenceservices,somethingthatwe
knowisalreadyhappening,’Mr.Ghaemisaid“(WashingtonTimes,FedContractor,Cell
PhoneMakerSoldSpySystemtoIran.April13,2009).
TheIranianjournalistIsaSaharkhizwasjailedforthreeyears“onchargesofinsult‐
ing Iran's supreme leader and spreading propaganda against the regime. […] Last
month,SaharkhizfiledalawsuitagainstNokiaSiemens,accusingthecompanyofde‐
liveringsurveillanceequipmenttoIranthathelpedtheauthoritiestracehiswherea‐
boutsthroughhiscellphone”(BBCMonitoringWorldMedia,ProminentIranianJour‐
nalistJailedforThreeYears.September30,2010).
Nokia Siemens commented on media reports: (ARD Tagesthemen, Siemens‐Nokia
ÜberwachungstechnikimIran.June24,2009.
http://www.youtube.com/watch?v=8JbydEFBx5E).“Thesystemcanonlyrecord,it
cannot identify anybody” (Stefan Zuber)11. The journalist Erich Möchel in contrast
said: “One can geographically locate with these monitoring centres, where persons
are, one can create their communication profile, with whom they communicate.
11
”DasSystemkannnuraufzeichnen,eskannniemandenidentifizieren.Esistnichtgeeignet,um
Zensurzuüben”.
The Privacy & Security Research Paper Series, Issue # 1
Groups can be investigated”12 (ibid). A product specification of the Nokia Siemens
MonitoringCenter(providedinoneofElaman’sbrochures)explainsthatitsupports
the “fully automatic recording of all data concerning all activities of the target” and
makes“nationwidemonitoringpossible”(#7_2).Sotherelevantaspectisnotthatit
does not censor the Internet, but rather that Nokia Siemens’ Monitoring Center can
monitortheactivitiesandcommunicationsofpoliticalactivists.
AformeremployeeofNokiaSiemensreportedthathewaspartoftheinstallationof
aMonitoringCentreinIran(ZDFFrontal21,Nokia‐Siemens‐NetworksimIran.Janu‐
ary 26, 2010. http://www.youtube.com/watch?v=oHqyKYa6Ffw). Siemens Board
MemebrJoeKaesersaid:“ThereistodaynoreasonforustoassumethatNSNhasact‐
ed unlawfully or unorderly”13. In the same report, the two Iranianpolitical activists
Poojan Mahmudian and Kianoosh Sanjari reported that they were imprisoned and
thattheircommunicationsweremonitored(ibid.).
InitsCorporateResponsibilityReport2009,NokiaSiemens’CEORajeevSuriwrote:
“Over the past year we have seen allegations that telecommunications technology,
includingthatprovidedby NokiaSiemensNetworks,hasbeenusedtosuppresshu‐
manrightsinsteadofenhancingthem.Thisis notasimpleissueastechnologythatis
designed to benefit society can be used for other purposes and, of course, govern‐
mentscanchangeovertime”(NokiaSiemensNetworks2009,4).Thisstatementim‐
plies that a Monitoring Center isdesignedfor benefiting society and that its use for
repressionofpoliticalopponentsisanunintendedside‐effect.Thequestionisifthe
purposeoftheuseofsuchatechnologyforrepressionisnotforeseeableifacompany
entersabusinessdealwithIran.
InastatementissuedinJune2009,NokiaSiemensarguedthatthesurveillancecen‐
treitdeliveredtoIranhad“thecapabilitytoconductvoicemonitoringoflocalcallson
itsfixedandmobilenetwork”andthatitcouldnot“providedatamonitoring,internet
monitoring,deeppacketinspection,internationalcallmonitoringorspeechrecogni‐
tion”(NokiaSiemensNetworks,ProvisionofLawfulInterceptCapacityinIran.June
22, 2009. http://www.nokiasiemensnetworks.com/news‐events/press‐room/press‐
releases/provision‐of‐lawful‐intercept‐capability‐in‐iran). It also said in the same
statement that Nokia Siemens Networks’ Intelligence Solutions was sold to Persua
GmbH on March 31st, 2009 (ibid), which now operates it under the name Trovicor
GmbH(SpiegelOnlineInternational,WesternSurveillanceTechnologyintheHandsof
Despots. December 8, 2011). In August 2011, Bloomberg reported that the impris‐
onedhumanrightsactivistsAbdulGhaniAlKhanjarwastorturedinaBahrainiprison
andthattheofficialspossessedtranscriptsofhiscommunications.Accordingtotwo
people associated with Trovicor, the company provided surveillance technology to
12
“Es können mit diesen Monitoring Centern Personen geographisch bestimmt werden, wo sie sind, es kann ihr Kommunikationsprofil erstellt werden, mit wem sie kommunizieren. Es können Gruppen ausgeforscht warden”.
13
“Es gibt heute für uns keinen Grund anzunehmen, dass NSN sich rechtswidrig oder nicht ordnungsmässig verhalten hat”.
The Privacy & Security Research Paper Series, Issue # 1
Bahrain (Bloomberg, Torture in Bahrain Becomes Routine With Help From Nokia
Siemens. August 23, 2011. http://www.bloomberg.com/news/2011‐08‐22/torture‐
in‐bahrain‐becomes‐routine‐with‐help‐from‐nokia‐siemens‐networking.html).
“Trovicor equipment plays a surveillance role in at least 12 Middle Eastern and
North African nations, according to the two people familiar with the installations.
[…] Al Khanjar says the first of his communications used in the interrogations was
interceptedinJune2009.Atthattime,theNokiaSiemensfamilyofrelatedcompanies
was the only known supplier and maintainer of monitoring centers to Bahrain, the
two people familiar with the installations say. The clusters of computers required
constantupgradesbythecompanies,theysay”(ibid.).
InApril2012,GermanmediapublishedallegationsthatNokiaSiemensalsosoldits
Monitoring Centre to Syria. “German industrial giant Siemens sold network surveil‐
lancetechnologytotheSyrianregime in2000,public broadcasterARDreportedon
Tuesdaynight.Accordingtotheirnewsshow‘Fakt’,aproductcalledthe‘Monitoring
Center’ was delivered to Syrian mobile communications company Syriatel. Nokia
SiemensNetworksconfirmedthedelivery,theyreported.
The corresponding business division at Siemens became the new joint venture
NokiaSiemensNetworksin2007.Thefollowingyear,thatcompanysignedacontract
withSyrianlandlineproviderSTE,adealthatalsoincludedthe‘MonitoringCenter’.
ThesecontractswerethentransferredinMarch2009totheNokiaSiemensNetworks
spin‐offcompanyTrovicor,whichtookoverthe‘VoiceandDataRecording’division,
ARDreported,citingdocumentstheyhadobtained.
TheMunich‐basedcompanyTrovicor,whichbelongstoafinancialinvestortoday,
declined to comment on the issue, ‘Fakt’ reported. But a human rights activist from
AmnestyInternationaltoldtheshowthatthesystematiconlinesurveillancebySyrian
security forceswaslikely playingaroleinthecapture ofoppositionmembers,who
facetortureaftertheirarrest.[…]
Internet freedom activist and Pirate Party member Stephan Urbach criticized the
export of surveillance technology from Germany. ‘We need a broader debate about
theethicalresponsibilityofcompanies’,hesaidinastatement.‘TheGermangovern‐
menthascompletelymissedthisdebate,particularlyinthewakeofrevelationsabout
suchfilteringandsurveillancesystems’.IfitbecomesunambiguouslyclearthatGer‐
man companies have delivered surveillance technology to totalitarian states, Berlin
must‘swiftlycorrectthisfailure’,headded”(SpiegelOnlineInternational,Monitoring
the Opposition: Siemens Allegedly Sold Surveillance Gear to Syria. April 11th, 2012.
http://www.spiegel.de/international/business/0,1518,826860,00.html).
Fakt interviewed a Syrian activist who fled to Germany. He said: “I provided
YouTube videos of demonstrations. When I was arrested, my exact behaviour was
readtomefromthefiles.EverysinglestepI'vetakenontheInternetwasheldaganist
The Privacy & Security Research Paper Series, Issue # 1
tomewhileIwasbeaten”14(FAKT,SyrienüberwachtmitSiemens‐Technik.April10,
2012.http://www.mdr.de/fakt/siemens106.html).
If these reports are true, then it means that Nokia Siemens first sold Monitoring
CentrestoIranandSyria,thensolditssurveillancebusinessunittoanothercompany
that renamed the business unit to trovicor and continued selling the technology to
countriesthatusethemfortracking,imprisoningandtorturingpoliticalactivists.
Erich Möchel, the first journalist who reported about Nokia Siemens relations to
Iran,commentsonthe saleofthesurveillanceunittoasmallercompanythatthere
wasnoconcernabouthumanrights,butonlyaconcernaboutimagedamage,andthat
thebusinesswith surveillancecontinues:"Meanwhilepredominates the insightthat
thecollateraldamageforcompanypolicyprobablywillbemuchsmalleriftheseMon‐
itoringCenters[...]areoutsourcedtospecialistcompaniesandoneselfprepareseve‐
rythingtechnicallysothatthisforeignequipmentsuppliedbythirdpartiescanwith‐
outproblembedockedtoone’sowntelephonenetworks.[...]Itispuremarketpoli‐
tics,nothingelse.Ithasnothingtodowithhumanrights,butonlywiththefactthat
one does not want to dirty one’s own hands. So one sends ahead somebody else –
companiesthatdonotcarebecausetheycomefromthisarea.[...]Ifyouselltoastate
acompleteGSMnetworkfamily,thenthisreallycostsmoney.That'salotofrevenue.
Well,nowonesaysstopthat,oneletsotherstakecareofit,theMonitoringCentres,
andonerathermakesthebigbusinessandnotthesmallbusinessbecausebothget
togetherbadly[...]Nokiahassufferedahugereputationaldamagebytherevelations
inIran.[...]Forthisreasononehasretreatedandsaid:Theimagelossislargerthan
theexpectedprofitwhenwecarryonfurtherthisway,sowestopit.That’sbasicallya
verywisebusinesspolicydecision"(NDR.ZAPP:InterviewmitErichMöchel.Decem‐
ber7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/moechel103.html)15.
Möchelintheinterviewpointedoutthatpublicpressure(bythemediaandcivilsoci‐
ety) on one company does not automatically stop unethical business practices, but
14
TranslationfromGerman.“IchstellteYouTubeVideosvonDemonstrationenbereit.Alsichdanach
verhaftetwurde,wurdemirmeinegenaueVorgehensweiseausdenAktenvorgelesen.Jedereinzelne
Schritt,denichimInternetunternommenhabe,wurdemirvorgehalten,währendichgeschlagen
wurde”.
15
“Inzwischen überwiegt die Einsicht, dass der Kollateralschaden für die Firmenpolitik wohl wesentlich geringer sein wird, wenn man diese Monitoring Centres […] an Spezialfirmen auslagert und man selbst be‐
reitet eigentlich nur alles dazu vor technisch, dass dieses fremde Equipment (von Dritten zugelieferte) prob‐
lemlos an die eigenen Telefonienetze andockbar ist. […] Es ist reine Marktpolitik, sonst nichts. Es hat nichts mit Menschenrechten zu tun, sondern nur damit, dass man sich selbst nicht anpatzen will damit. Sondern da schickt man jemanden anderen vor – Firmen, denen es egal ist, denn sie kommen aus dem Bereich. […] Wenn man an einen Staat ein Netz aus der kompletten GSM Familie verkauft, das kostet so richtig Geld. Das ist viel Umsatz. Naja, jetzt sagt man halt, man überlässt das anderen, die Monitoring Centres, und wir ma‐
chen lieber das große Geschäft und das kleine Geschäft nicht, denn beide Geschäfte zusammen vertragen sich schlecht. […] Nokia hat einen immensen Imageschaden durch das Auffliegen im Iran davongetragen. […] Aus diesem Grund hat man sich zurückgezogen und hat gesagt: Der Imageschaden ist grösser als der zu erwartende Gewinn, wenn wir das weiter betreiben, also hören wir auf damit. Eine sehr kluge geschäftspo‐
litische Entscheidung im Grunde ”.
The Privacy & Security Research Paper Series, Issue # 1
canresultinthesellingofbusinessunitstoothercompaniesthatengageincompara‐
blepractices.
NewsreportshavearguedthatMonitoringCentresproducedbyNokiaSiemensand
trovicorwereusedtorepresstheIranianandBahrainianopposition,peoplelikethe
journalist Isa Saharkhiz and the political activists Poojan Mahmudian and Kianoosh
Sanjari in Iran or the Bahraini human rights activist Abdul Ghani Al Khanjar. There
aredifferingreportsandviewsaboutwhattechnicalcapacitiesthecommunications
surveillancetechnologiesexportedtoIranandBahrainactuallyhad.Soalthoughthe
business practices are not entirely clear, it seems to be the case the companies like
trovicor and Nokia Siemens produced or have produced surveillance technologies
that are capable of intercepting the communications content of different forms of
communication (Internet, fixed line telephony, mobile phone communication, etc)
andthatsuchtechnologiescaninpoliticalcontextsbeusedforrepressionagainstthe
politicalopposition.
OnOctober25th,2010,theEUupdateditsexportrestrictionstoIranthatwereis‐
sued in 2007. The restriction includes an explicit restriction “on trade in dual‐use
goodsandtechnology,aswellasequipmentwhichmightbeusedforinternalrepres‐
sion”(EURegulationNo.961/2010of25October2010onRestrictiveMeasuresagainst
Iran).ThismeansthatexportsofInternetandphonesurveillancetechnologieshave
beenlegalpriortothisrestriction.TheEU’sexportrestrictionsofthatwerepassedon
November16th,2011applyforequipmentthatcanbeused“inconnectionwithavio‐
lationofhumanrights,democraticprinciplesorfreedomofspeechasdefinedbythe
CharterofFundamentalRightsoftheEuropeanUnion,byusinginterceptiontechnol‐
ogies and digital data transfer devices for monitoring mobile phones and text mes‐
sagesandtargetedsurveillanceofInternetuse(e.g.viaMonitoringCentresandLaw‐
fulInterceptionGateways)”(EURegulationNo.1232/2011oftheEuropeanParliament
and the European Council). The restriction applies only for the following countries:
Argentina,China(includingHongKongandMacao),Croatia,India,Russia,SouthAfri‐
ca,SouthKorea,Turkey,andUkraine(ibid.).Thismeansthatexportofcommunica‐
tionssurveillancetechnologytoacountrylikeBahrainisstilllegal,whereasitisnow
illegaltoexportsimilartechnologies(likeMonitoringCentres)toIran.Soiftheclaims
thattrovicorexportedcommunicationssurveillancetoolstoBahrainweretrue,then
it would definitely be the case that “trovicor complies with all export and customs
controls in all regions where business is conducted” (#9, 7). The question that can
howeverbeposedisnotonlyiflegalstandardshavebeenrespectedoriffundamental
ethicalprinciplesarerespected(suchasthehumanrightoffreedomofassemblyand
expression)andiftrovicor’sbusinesspracticesrespecttheethicalgoalthatithasset
itselfinitsCodeofBusinessConduct(#9)andthatisnotprimarilyalegalgoal,name‐
ly that “trovicor’s business ethics goal is, as an industry leader, to be among the
world’s best in corporate responsibility, corporate governance, promoting fair com‐
petition, adapt internationally recognized standards whenever feasible, and practic‐
inggoodcorporatecitizenshipwhereveritdoesbusiness”(#9,4).
The Privacy & Security Research Paper Series, Issue # 1
Being asked if trovicor exported communications surveillance technology to Bah‐
rain,trovicorofficials“wereonlywillingtostatethattheycouldnotpubliclydiscuss
customersandthedetailsofagreements”(SpiegelOnlineInternational,WesternSur‐
veillanceTechnologyintheHandsofDespots.December8,2011)and“BirgittFisch‐
er‐Harrow, Trovicor’s head of marketing communications, said Trovicor’s contracts
preventitfromdisclosingitscustomersorthecountrieswhereitdoesbusiness.She
declinedtocommentfurther”(ArabianBusiness,WesternSpyToolsAidinCrackdown
on Arab Dissent. August 28, 2011). That businesses refuse to comment on their ex‐
portsshowsthatunderthecurrentlegalcircumstancesintheEUitisdifficulttoob‐
taintransparencyaboutwhichsurveillancetechnologieshavebeenexportedandsold
towhichcountriesandorganizationsbyEuropeansecuritycompanies.
Insomeofthecasespresentedthusfar,companiesengagingintheexportofcom‐
munications surveillance withdrew their projects or plans only after the media and
civilsocietycriticizedthempublicly,inothercasescompaniesdeclinedtocomment.
Thisshowsthecircumstancethatthereisalackoftransparencyofthebusinessprac‐
ticesofsecuritycompanies.
The Privacy & Security Research Paper Series, Issue # 1
10.Digitask
Placeofbusiness:Haiger,Germany
Website:http://www.digitask.de
Self‐description:
“We are a leading company for the system‐integrating realization of data investiga‐
tion‐andassessmentsystemsintheareaoftelecommunications.Nationalandinter‐
nationalcompaniesandsecurityagenciesareamongourcustomers”16
(http://www.digitask.de/index.php?option=com_content&view=frontpage&Itemid=1
).
Analysis
Digitask says that it is the “market leader for LI [lawful interception] in Germany”
(#10_1,1).DigitaskarguesthatthereisdatathatmightgetlostinLI,suchasinstant
messages,encryptedcommunication,WWWdatatransmittedoverthesecureproto‐
col https, encrypted e‐mail data (TLS, SSL), VPN connections, traffic encrypted with
softwarelikeTororJAP,dataencryptedonharddisks,dataof“nomadictargets”that
seekopenWLANs(#10_1).“Everythingmaybelost.Withafewhourseffort,today’s
LIsystemscanbeturnedblindanddeaf”(#10_1,11).Asa solution,DigiTaksoffers
“RemoteForensicSoftware”,whichis“stealthsoftwareinstalledon[the]computerof
[the] target to overcome encryption, handle nomadic targets, monitor activity for
criminal investigations [and] intelligence gathering” (#10_1, 12). This software is a
so‐called Trojan horse that is secretly installed on a computer and gathers infor‐
mationabouttheuser’sactivitywithouthis/herknowledge.Accordingtoapresenta‐
tion,thesoftwarecanalsocollectaudiodata,screenshots,keylogs,registrysettings,
andsearchforfiles(#10_1,13).
Other products includes systems for the analysis of intercepted data (DigiBase,
DigiNet)(#10_2).DigiNetcandecode“allstandardInternettrafficprotocols”(#10_2,
3;SUCHAS:HTTP,POP3,SMTP,IMAP,FTP,Telnet,VoIP,webmail,IRC,ICQ,MSN,etc,
see: #10_2, 7) and provides the opportunity of “mass storage” of intercepted data
(#10_2,4).Anotherproduct istheWiFi‐Catcher,a“modular unitforinterceptionof
WLANtraffic”(#10_2,14).Digitask’sproductsalsoenable“deepviewintopacketsof
intercepteddata”(#10_2,13).Itisamobilesystemthatcancapture,filterandvisual‐
izedatathatisobtainedfromaWiFihotspot(#10_3,11).It“canbeusedundercover
onpublichotspotsbybringingjustasmallreceiverunitclosetothetargetandana‐
lyzingthetrafficfromthedistanceorwithbiggerdirectionalantennasfromthedis‐
tance”(#10_2,12).
16
“WirsindeinführendesUnternehmenfürdiesystemintegrierteRealisierungvonDatenerhebungs‐
undBewertungssystemenimBereichderTelekommunikation.FirmenundSicherheitsbehördenaus
demIn‐undAuslandzählenzuunserenKunden”.
The Privacy & Security Research Paper Series, Issue # 1
InJanuary2008,WikiLeakspublishedadocument(#10_5)that,ifauthentic,seems
tobeanofferofDigitasktotheBavarianStateMinistryofJusticeforasoftwarethatis
a “Skype capture unit” (#10_5). The German Internet portal Heise argued that the
document“suggeststheuseofTrojanstowiretapInternetphonecallsonprivatePCs
by the police”17 (Heise Online, Ein “Bayerntrojaner” zum Abhören von Internet‐
Telefonie?January24,2008).ThedevelopmentoftheRemoteForensicSoftwarewas
in Germany publicly discussed in the context of the “Bundestro‐
janer”/”Staatstrojaner”‐debate(“federalTrojan”,“stateTrojan”)ifitisappropriateof
aprivacyviolationifthepoliceusessoftwaresecretlyinstalledonsuspects’comput‐
ers in order to collect data (Heise Online, Einsatz des Staatstrojaners: Zwischen feh‐
lendem Rechtsrahmen und Verfassungswidrigkeit. October 11, 2011).The Austrian
news magazine profil reported in October 2010 that one of Digitask’s lawyers con‐
firmedthatthecompanysolditsRemoteForensicSoftwarethatservesthepurposeof
online investigations to Austrian authorities and that online investigation software
hasbeenusedinAustriabythepolice(Profil,TrojanischeSitten.DerBundestrojaner
wurde ohne rechtliche Grundlage eingesetzt. October 22, 2010). The German news
magazineDerSpiegelreportedthatinoneofthecasesthesoftwaretransmittedSkype
conversations and automatically taken pictures of the user to the police (Spiegel
Online,Fahnder:MassiverEingriff.February28,2011).
InGermany,theLawfortheDefenceagainstThreatsofInternationalTerrorismby
the Federal Criminal Police Office (Gesetz zur Abwehr von Gefahren des internatio‐
nalen Terrorismus durch das Bundeskriminalamt) allows the “covert use of technical
means”18for“thedefenceoftheexistenceorsecurityofthestateoraperson’sbody,
lifeorfreedomorthingsofsignificantvalue,whosepreservationisinthepublicin‐
terest, against an urgent threat”19 (Gesetz zur Abwehr von Gefahren des internatio‐
nalenTerrorismusdurchdasBundeskriminalamt,§20h).DerSpiegelarguedthatinone
specific case where online investigation was used, there was no capital offence, but
rather the suspicion of the illegal export of narcotic substances (Spiegel Online,
Fahnder: Massiver Eingriff. February 28, 2011). In October 2011, Der Spiegel wrote
that Digitask delivered its online investigation software to several German federal
states and the Zollkriminalamt (Customs Criminological Office; Spiegel Online, Digi‐
task: Trojaner‐Hersteller beliefert etliche Behörden und Bundesländer. October 11,
2011).DerSpiegelreportedthatonlineinvestigationsoftwarewasusedmorethan50
17
“EinbislangunbestätigtesSchreibendesbayerischenJustizministeriums,dasderPiratenparteinach eigenen AngabenindieHändegeratenist,legtdenEinsatzvonTrojanernzumAbhörenvonInternet‐
TelefonatenaufprivatenPCsdurchdiePolizeinahe”.
18
“verdeckten Einsatz technischer Mittel” “Das Bundeskriminalamt kann zur Abwehr einer dringenden Gefahr für den Bestand oder die Sicher‐
heit des Staates oder für Leib, Leben oder Freiheit einer Person oder Sachen von bedeutendem Wert, deren Erhaltung im öffentlichen Interesse geboten ist, durch den verdeckten Einsatz technischer Mittel in oder aus Wohnungen 1. das nichtöffentlich gesprochene Wort einer Person abhören und aufzeichnen, […] 2. Lichtbilder und Bildaufzeichnungen über diese Person herstellen, wenn die Abwehr der Gefahr auf andere Weise aussichtslos oder wesentlich erschwert wäre”. 19
The Privacy & Security Research Paper Series, Issue # 1
times in Germany (Spiegel Online, Innere Sicherheit: Trojaner im Abo. October 17,
2011). The Chaos Computer Club analysed a used online investigation tool, about
whichDigitasksaidthatitislikelythatitisoneofitsproductsandfoundthatbyre‐
mote control the software can activate the full functionality of searching, reading,
writing and manipulating files (Spiegel Online, Staatstrojaner: Digitask wehrt sich
gegenInkompetenz‐Vorwurf.October12,2011).TheGermanFederalConstitutional
Court(Bundesverfassungsgericht)arguedthatextensivepartsofprivatelifecantake
placeonlineorbestoredonacomputerandthatthisneedstobetakenintoaccount
inthecaseofonlineinvestigations.InadecisionfromFebruary2008,itsaidthat“the
secretinfiltrationofaninformationsystemthatallowsthesurveillanceofthesystem
andreadingitsstoragemediaisonlyconstitutionallylegitimateifactualevidenceofa
concrete danger for an outstandingly important legal interest are given”20 (Bun‐
desverfassungsgericht,LeitsätzezumUrteildesErstenSenatsvom27.Februar2008).
This means that the use of online investigation tools that have the capability of not
onlyinterceptingactualcommunication,butaccessingstoreddata,isunconstitutional
accordingtoGermanlaw(SpiegelOnline,Schnüffel‐Software:BayernsInnenminister
stoppt Trojaner‐Einsatz. October 11, 2011). In November 2011, the Bavarian Data
ProtectionCommissionerThomasPetriannouncedtoinvestigateif22cases,inwhich
online investigation software was used to monitor suspects, respected data protec‐
tion policies or not (Heise Online, Datenschützer prüft alle 22 Trojanereinsätze in
Bayern.November24,2011).
Digitaskproducestoolsthatallowinterceptingwirelessnetworks,thedeeppacket
inspectionofInternetcontentandtheonlineinvestigationofactivitiesofusersbythe
installationofaTrojanhorseontheircomputers.Thelatterkindoftoolshaveresult‐
edinaheavypublicdebateabouttheconstitutionalityof“stateTrojans”inGermany.
Online investigation tools have especially in cases, where suspects encrypt their e‐
mailsoruseSkype,beenused.Theconstitutionalityofsuchtoolsandtheactualuse
bythepoliceareheavilydisputedinGermany.
20
“DieheimlicheInfiltrationeinesinformationstechnischenSystems,mittelsdererdieNutzungdes
SystemsüberwachtundseineSpeichermedienausgelesenwerdenkönnen,istverfassungsrechtlich
nurzulässig,wenntatsächlicheAnhaltspunkteeinerkonkretenGefahrfüreinüberragendwichtiges
Rechtsgutbestehen”.
The Privacy & Security Research Paper Series, Issue # 1
11.ipoque
Placeofbusiness:Leipzig,Germany
Website:http://www.ipoque.com/
Self‐description:
“ipoqueprovidesnetworkintelligenceandpolicycontrolsolutionshelpingfixedand
mobilebroadbandoperatorstobetterunderstandtrafficpatterns,monetizenewdata
servicesandimprovethequalityofexperiencefortheirsubscribers.Ourapplication
classification andanalysisengine enablesbandwidthand congestioncontrol,priori‐
tizedqualityofservicedeliveryanddetailednetworkvisibility.ipoquewasfounded
in2005inLeipzig,Germany,andhasbecomeaRohde&Schwarzcompanyin2011.
Over200broadbandoperatorcustomersinmorethan60countriesacrosstheglobe
rely on ipoque's policy control solution to limit equipment and operating expendi‐
tures, increase profitability and maximize subscriber satisfaction. In addition, many
network equipment providers use ipoque's deep packet inspection technology in
theirnetworksecurity,WANoptimizationandnetworkmanagementproductstoana‐
lyzedatatrafficofhundredsofmillionsofInternetusers”
(http://www.ipoque.com/en/company/company‐profile).
Analysis
ipoquesaysthatitis“theleadingEuropeanproviderofdeeppacketinspection(DPI)
solutionsforInternettrafficmanagementandanalysis”
(http://www.ipoque.com/en/company). It offers various DPI systems. PRX Traffic
Manager“detectsapplicationswithacombinationoflayer‐7deeppacketinspection
(DPI) and behavioral traffic analysis. All major protocols including peer‐to‐peer file
sharing (P2P), instant messaging (IM), media streaming and Internet telephony
(VoIP) are supported. The integrated quality of service (QoS) management allows
prioritization,shapingandblockingofclassifiedtraffic”
(http://www.ipoque.com/en/products/prx‐traffic‐manager).
Itallows“toprioritize,shape,blockandlogtrafficofindividualapplicationseither
in total or for individual users or user groups” and can “enforce legal file sharing”
(ibid.),whichmeansthatitcandetectandblockillegalfilesharing.
Net Reporter works based on PRX Traffic Manager and “collects, aggregates and
stores“networkdatathatPRXTrafficManagerextractswiththehelpofDPIfroma
network(#11_3).Italso“presentsthemviaitsWeb‐basedgraphicaluserinterface“
(ibid.).DPXNetworkProbe“isapassiveIPprobeforlawfulinterception,massinter‐
ceptionandnetworkmonitoring.Itusesipoque’sDeepPacketInspection(DPI)tech‐
nology to identify and filter network flows according to their application protocol.
Target triggers comprise protocol‐specific filtering criteria including network ad‐
dresses, user names, protocol‐specific attributes and arbitrary content keywords“
The Privacy & Security Research Paper Series, Issue # 1
(#11_2).Itsupportsalmost200differentprotocolsandenableskeywordsearchinall
interceptedcontentinordertofilteroutcertainmessages(#11_2).
PACE (Protocol & Application Classification Engine) “is a software library which
detects and classifies protocols and applications from a network packet stream. It
uses a wide range of deep packet inspection (DPI) technologies, including pattern
matching,behavioral,statisticalandheuristicanalysis“(#11_4).ItprovidesDPItech‐
nologythat“isabletoidentifytheprotocolofnetworktrafficbasedonacombination
ofdeeppacketinspection(DPI)andbehavioralanalysis”(#11_1).
ipoque produces DPI technologies both for the commercial use (e.g. by Internet
ServiceProviders)andtheusebylawenforcement.Ithasrealizedthatthereisacriti‐
caldebateaboutDPIandhasreactedtoitbypublishingthewhitepaper“DeepPacket
Inspection:Technology,Applications&NetNeutrality”(#11_5).ipoquearguesinthis
paper that also relatively accepted technologies such as spam and virus filters and
firewallsuseDPI.ThecompanyespeciallydiscussestheuseofDPIfornetworkman‐
agementandconcernsaboutthescanningofcontent.Itsaysthat“DPIinbandwidth
managementdoesnotreadallpackets”and“isnotautomaticallyaprivacyviolation”
(#11_5,3).ipoquearguesthatDPIneedstobeusedbyISPinordertooptimizethe
useofthenetwork.Differentprotocolsanddifferentapplicationsmakedifferentuse
oftheInternet.Soe.g.VoIP(suchasSkype)hasalowuseofthenetwork,whereasfile
sharinginpeer‐to‐peernetworksmakesheavyuseoftheInternet.ipoquearguesthat
anadvantageofDPI‐basedbandwidthmanagementisthatit“canimprovetheaver‐
ageperformanceforInternetusers”(#11_5,5)by“assignmentofprioritiestodiffer‐
entapplication classes“, e.g. “giving voice traffic a higher priority than P2P“(#11_5,
7).
ipoquedefinesnetneutralityastheprinciple“thatallIPpacketsshouldbetreated
equallyonabesteffortbasis“(#11_5,6)andsaysthattodaynetneutralitydoesnot
existbecause“lessthan20percentofnetworkusersgenerateover80percentofthe
traffic“,whichwouldbeunfair(#11_5,6).ThemediareformgroupFreePressdefines
netneutralityastheprinciple“thatInternetserviceprovidersmaynotdiscriminate
betweendifferentkindsofcontentandapplicationsonline.Itguaranteesalevelplay‐
ingfieldforallwebsitesandInternettechnologies“
(http://www.savetheinternet.com/faq).TheUSFederalCommunicationCommis‐
sion (FCC) says that “reasonable network management”, which is network manage‐
mentthatis“tailoredtoachievingalegitimatenetworkmanagementpurpose“(FCC
2010, 48)and forwhichDPImaybeused, isnoproblem.Unreasonablediscrimina‐
tion of users that violates net neutrality would e.g. be the discrimination of certain
applications(suchasVoIP),hinderinguserstoaccesscertaincontent,servicesorap‐
plications, or the slow down of a service or website that a ISP disagrees with (FCC
2010,42).TheFCC(2010,43)alsosaysthat“payforpriority”islikelytoviolatenet
neutrality.ipoquesaysthatanadvantageofDPI‐basedbandwidthmanagement“can
provideruserswithatailoredservice,including‘soft’QoS[qualityofservice]guaran‐
tees, at a higher or lower price, depending on the required service level; users that
onlyuseWebande‐mailwouldgetalowerprice;everyonepaysonlyforwhatthey
The Privacy & Security Research Paper Series, Issue # 1
use”(#11_5,5).MediareformgroupshavearguedthatthecreationofatieredInter‐
netisarisk.
TheFCCandmediareformgroupstendtoagreewithipoque’sargumentthatnet‐
workmanagementbyISPscanhelpimprovingtheirservice,butatthesametimethey
much warn against transforming DPI bandwidth management into a commodity by
creatingatieredInternet,whereusershavetopayforpriority.
Oneargumentadvanced by FreePress, theConsumer Federation of America and
theConsumersUnion(2006)isthatgivingupnetneutralitywouldgiveInternetser‐
vice providers a lot of power and would discriminate certain services so that their
ownfavouredcontentandapplications(thattheyeitherprovidethemselvesoroffer
inco‐operationwithspecificmediacontentproviders)wouldbeadvantagedandoth‐
ersdisadvantaged:“FACT#2:Networkdiscriminationthrougha’tieredInternet’will
severely curtail consumer choice, giving consumer control over the Internet to the
networkowners.Theideaofadiscriminatoryor‘tiered’Internetisbasedonasimple
concept:thenetworkownerintervenesbetweentheconsumerandthecontentpro‐
vidertochargefeesfordelivery.Undertheoldneutralityrules,thenetworkowners
couldchargethecustomerforcommunicationsservices,andanyapplicationorcon‐
tentthatwouldworkwithinthatlevelofservicehadtobeallowedtoflow–noques‐
tions(oradditionalfees)asked.[...]WithoutNetworkNeutrality,thenetworkopera‐
torhastotalcontrol.Differentfeescanbechargedbasedonthetypeofservice(voice,
videoordata);differentfeescanbechargedbasedonthetypeofprovider(individu‐
al,smallbusinessorbigbusiness);differentfeescanbechargedbasedontheaffilia‐
tionoftheproviderwiththenetworkoperator;differentfeescanbechargedtoguar‐
antee delivery at aparticular rate of speedor quality;differentfees can be charged
basedonpoliticalaffiliationorthedayoftheweek.Infact,withoutneutralityrules,
thenetworkownerscanchargewhatevertheywanttowhomevertheywantforany
reasontheychoose.Theycancreate’fastlanes’and’slowlanes’anddecidewhogets
tobeineach.ThereisnothingtostopAT&Tfrompushingcontentprovidersintoex‐
clusivedealsdeniedtoComcastorTimeWarnersubscribers.Thereisnothingtostop
Verizonfrom slowingdownWebsitestheydislikeandspeedingupotherswithim‐
punity. [...] Network Neutrality keeps telephone companies off of consumers’ backs
andoutofourwallets(FreePress,ConsumerFederationofAmericanandConsumers
Union2006,9).
AsecondwarningisthatatieredInternetisastratifiedsystem,inwhichrichplay‐
ers(likebigcompanies)useafastInternetandeverydaypeople,whodonothaveso
much money, a slow Internet: “FACT #4: Network discrimination through a ’tiered
Internet’ will fundamentally alter the consumer’s online experience by creating fast
andslowlanesforInternetcontent.Theprocessofnetworkprioritizationisazero‐
sum game. The fact is that every time one Web site or service is sped up, another
mustbesloweddown.Whowillbeintheslowlane?Anyonewithoutthecashorthe
connectionstonegotiatefastlanedealswitheverynetworkoperatorinthecountry
(each of which has their own regional fiefdoms). Basically, anyone that lacks deep
pockets or high volume will be relegated to the slow lane, while the big corporate
The Privacy & Security Research Paper Series, Issue # 1
Websiteswillgainpremiumtreatment,capturingalargerpercentageofusersbyvir‐
tueoftheirhigherqualityofservice“(FreePress,ConsumerFederationofAmerican
andConsumersUnion2006,11).
ipoqueargues:“DPIassuchhasnonegativeimpactononlineprivacy.Itis,again,
only the applications that may have this impact. Prohibiting DPI as a technology
wouldbejustasnaiveasprohibitingautomaticspeechrecognitionbecauseitcanbe
usedtoeavesdroponconversationsbasedoncontent.AlthoughDPIcanbeusedasa
basetechnologytolookatandevaluatetheactualcontentofanetworkcommunica‐
tion,thisgoesbeyondwhatweunderstandasDPIasitisusedbyInternetbandwidth
management–theclassificationofnetworkprotocolsandapplications.Otherapplica‐
tionsofDPI,forinstancelawfulinterceptionandtargetedinjectionofadvertisements,
doindeedgofurther,buttheyarebeyondthescopeofthispaper“(#11_5,7).ipoque
initsdiscussionfocusesprimarilyontheissuesofnetneutralityandbandwidthman‐
agementwhendiscussingDPI,privacyconcernsabouttheuseofDPIinrelationtothe
surveillance and repression of political opponents and targeted advertising are not
discussed. Also the whole range of arguments in the net neutrality debate (for an
overview see: Free Press, Consumer Federation of American and Consumers Union
2006)isnotdiscussed.
In another white paper, titled “Copyright Protection in the Internet” (#11_6),
ipoque discusses countermeasures against the “illegitimate sharing of copyright‐
protected material“ that “has a negative economical impact both on a national and
international scale“ (#11_6, 1). The solutions that the authors find most feasible in‐
cludetheuseofDPIforblockingillegalsharing:“Newbusinessmodelsareinevitable.
In the long run, this will make illegitimate sharing of copyright‐protected material
through the Internet a lot less interesting. Until then, two of the discussed counter‐
measurespromisetobethemosteffectiveandviableones:hash‐baseddetectionof
copyrightedfilesandthepreventionoftheirtransferinthenetwork;andtheactive
monitoring combined with the prosecution of infringers“ (#11_6, 8). Hash‐based
blocking“canbeimplementedusingcurrentlyavailabletrafficmanagementsystems
based on deep packet inspection deployed at network access or peering points. [...]
BlacklistingbasedonfilehashesorotherfileIDscanprovideaviablewaytoseverely
limit the distribution of copyright‐protected content“ (#11_6, 5). ipoque on the one
handmentionstechnicalsolutions,ontheotherhandsolutionsatthelevelofsociety.
Thelatterincludethecultureflatrate,digitalrightsmanagement,andcheaperoffers
(#11_6, 8). However, the solution suggested by some, such as the Pirate Party21, to
21
“Theofficialaimofthecopyrightsystemhasalwaysbeentofindabalanceinordertopromotecul‐
turebeingcreatedandspread.Todaythatbalancehasbeencompletelylost,toapointwherethecopy‐
rightlawsseverelyrestricttheverythingtheyaresupposedtopromote.ThePiratePartywantsto
restorethebalanceinthecopyrightlegislation.Allnon‐commercialcopyinganduseshouldbecom‐
pletelyfree.Filesharingandp2pnetworkingshouldbeencouragedratherthancriminalized.Culture
andknowledgearegoodthings,thatincreaseinvaluethemoretheyareshared.TheInternetcould
becomethegreatestpubliclibraryevercreated.Themonopolyforthecopyrightholdertoexploitan
aestheticworkcommerciallyshouldbelimitedtofiveyearsafterpublication.Today'scopyrightterms
aresimplyabsurd.Nobodyneedstomakemoneyseventyyearsafterheisdead.Nofilmstudioorrec‐
The Privacy & Security Research Paper Series, Issue # 1
decommodifydigitalcultureandlegalizefilesharingisnotatmentionedasanoption,
whichshowsthatipoqueisthinkingonlyaboutacertainlimitedrangeofalternatives.
ipoquesellsdeepinspectiontechnologies(DPI)fornetworkandbandwidthman‐
agement,commercialpurposesandlawenforcement.Itisawareofthecircumstance
thatDPIisacontroversialtechnology.Theanalyseddocumentshavelimitedthedis‐
cussion of DPI to network neutrality, bandwidth management, and file sharing,
whereas topics like the surveillance of political activists and targeted advertising
haveratherbeenneglected.Theanalyseddiscussionsofnetneutralityandfileshar‐
ing have not engaged with the full range of criticisms made in the debate by media
reformgroups.
ordcompanybasesitsinvestmentdecisionsontheoff‐chancethattheproductwouldbeofinterestto
anyoneahundredyearsinthefuture.Thecommerciallifeofculturalworksisstaggeringlyshortin
today'sworld.Ifyouhaven'tmadeyourmoneybackinthefirstoneortwoyears,youneverwill.Afive
yearscopyrighttermforcommercialuseismorethanenough.Non‐commercialuseshouldbefree
fromdayone.WealsowantacompletebanonDRMtechnologies,andoncontractclausesthataimto
restricttheconsumers'legalrightsinthisarea.Thereisnopointinrestoringbalanceandreasontothe
legislation,ifatthesametimewecontinuetoallowthebigmediacompaniestobothwriteandenforce
theirownarbitrarylaws”(http://www.piratpartiet.se/international/english).
The Privacy & Security Research Paper Series, Issue # 1
12.UtimacoSafeware
Placeofbusiness:Aachen,Germany
Website:http://lims.utimaco.com/en/home/
Self‐description:
“Since1994Utimacohasbeenprovidinglawfulinterceptionsystemsformobileand
fixednetworkoperatorsandInternetserviceproviders.TheUtimacoDataRetention
SuitewasintroducedinresponsetotheEUdirective2006/24/ECandattherequest
oftelecomcustomersforintegratedLIandDRsolutions.Withmorethan160installa‐
tionsin60countries,UtimacoisaleadingglobalsupplierintheLImarket.Since1994
Utimaco has been developing hardware based security solution. Today, Utimaco is
oneoftheworld’sleadingmanufacturersofinnovativeandprofessionalsolutionsfor
hardwaresecuritymoduletechnology”
(http://lims.utimaco.com/en/company/about‐utimaco).
Analysis
Utimacoexplainstheneedforcommunicationssurveillancewiththeuseofcommuni‐
cationtechnologybycriminalsandterrorists:“Thisworldwideexplosionofcommu‐
nicationtechnologiescreatessignificantchallengesforlawenforcementagenciesand
national security organizations responsible for battling various forms of crime and
terrorism.Thesophisticationofcriminalenterprisesinexploitingemergingcommu‐
nicationchannelshasincreasedwiththerisingpopularityofthesechannels,posinga
very real challenge to organizations responsible for protecting public safetyand re‐
ducingtheimpactofcrimeoncommunities.Giventhebroadavailabilityofcommuni‐
cation options and the relative ease with which criminal networks and terrorist
groups can exchange information across these channels – by both data and voice
communication–theimpetustointerceptillicitexchangesandtracktheoperations
of criminal enterprises is strong and compelling“ (#12_4, 5). “Countries around the
world have responded to the threats of terrorism and criminal activity by enacting
legislationthatprovidesthelegalbasisforlawfulinterception“(#12_4,6).
UtimacoDRSisadataretentionsystemthatcollectscommunicationdataandsub‐
scriberdata,retainsthem,allowsfastsearchindatarecordsand“automatesrequest
processinganddeliversdatatoauthorizedagenciesbyfax,e‐mail,orsecureIPinter‐
faces”(#12_2).Thecompanyexplainstheneedfordataretentionbysayingthatitcan
helptofightcrimeand terrorism:“Telecommunicationsdataretentionreferstothe
processofstoringcalldetailrecordsandsubscriberdataforvarioustelecommunica‐
tions services for a period of months and years. […] Law enforcement agencies and
intelligence services regard the access to retained telecom data as a pillar of crime
investigation and the prevention of terrorism. Retained electronic data is regularly
usedtoidentifyandtracesuspects,uncoverterrorists’socialnetworks,ortocollect
admissible evidence for court proceedings. […] Many countries around the world
havepassed laws to definetheauthorityofpoliceandintelligenceagenciesandthe
The Privacy & Security Research Paper Series, Issue # 1
responsibility of service providers. In Europe, for instance, the EU directive
2006/24/ECwasintroducedinMarch2006asaresponsetothecoordinatedterror
attacksinMadrid2004andLondon2005”
(http://lims.utimaco.com/en/solutions/data‐retention‐suite).
Ultimacoalsosells“lawfulinterceptionsolutions”thatmakeuseofDPI.“Utimaco
Lawful Interception Management System (LIMS™) is a comprehensive solution that
provides state‐of‐the‐art surveillance capabilities for fixed and mobile communica‐
tionnetworksandforvariouscommunicationservices,includingtelephony,messag‐
ingandIP‐basedserviceslikee‐mailandVoIP”
(http://lims.utimaco.com/en/solutions/lawful‐interception‐management‐
solution/).Utimacoexplainstheneedforthistechnologybysayingthatitcanhelpto
fight crime and prevent terrorism. “Lawful Interception (LI) is the legally approved
surveillanceoftelecommunicationsservices.Ithasbecomeanimportanttoolforlaw
enforcementandintelligenceagenciesaroundtheworldforinvestigatingandprose‐
cutingcriminalactivitiesandterrorism”(ibid.).
“The main functions of any LI solution are to access Interception‐Related Infor‐
mation (IRI) andContent of Communication (CC)fromthe telecommunications net‐
workandtodelivertheinformationinastandardizedformatviathehandoverinter‐
facetooneormoremonitoringcentersoflawenforcementagencies“(12_3,3).
“Citizens of many countries are rightfully wary of governments and law enforce‐
mentbodiesintrudingontheirprivateactivities.Becauseofthis,ethicalconcernsand
essentialprivacyrightsmustbecentralconsiderationsinanylawfulinterceptionso‐
lution.[...]Adelicatebalanceexistsbetweenthecapabilitiesofthegovernmenttode‐
tectandpreventcrimeandterrorism–assupportedbythelawsandprevailingregu‐
lationsinacountry–andtheindividualrightsandprivacyconcernsofthecitizensof
thatcountry.Aresponsible,ethicallygroundedlawfulinterceptionsolutionrecogniz‐
esthatthisbalancecanonlybeachievedbygivingequalweighttoboththelegalities
ofthelawenforcementtasksathandandtheindividualrightsofthecitizens.Achiev‐
ingthisbalanceinasolutionrequirescarefulconsiderationofboththetechnological
aspectsofthechallenge,aswellasthelegalandethicalissuesthatareintricatelyas‐
sociatedwiththemonitoringofanyformofcommunication“(#12_4,14).
InNovember2011,therewerenewsreportsthattheItalianfirmAreaSpaplanned
to equip the Syrian intelligence with surveillance technologies (project “Asfador”)
thatcanbeusedformonitoringthepoliticalopponentsofBasharal‐Assad’sgovern‐
ment and that Utimaco was also involved. “Area is using equipment from American
andEuropeancompanies,accordingtoblueprintsandotherdocumentsobtainedby
Bloomberg News and the person familiar with the job. The project includes
Sunnyvale, California‐based NetApp Inc. (NTAP) storage hardware and software for
archivinge‐mails;probestoscanSyria’scommunicationsnetworkfromParis‐based
Qosmos SA; and gear from Germany’s Utimaco Safeware AG (USA) that connects
tapped telecom lines to Area’s monitoring‐center computers” (Bloomberg, Syria
Crackdown Gets Italy Firm’s Aid With U.S.‐Europe Spy Gear. November 4, 2011.
The Privacy & Security Research Paper Series, Issue # 1
http://www.bloomberg.com/news/2011‐11‐03/syria‐crackdown‐gets‐italy‐firm‐s‐
aid‐with‐u‐s‐europe‐spy‐gear.html).
“The Syrian secret service appears to be monitoring the country's protest move‐
mentusingtechnologyfromtheGermanfirmUtimaco,basedinOberursel,asuburb
ofFrankfurt.ContactedbySpiegelreportersonFriday,thecompanysaidithadsold
noproductsdirectlytoSyrianTelecom,theregime‐ownedtelecommunicationspro‐
vider. The company had instead delivered products to the Italian firm Area, with
which is has conducted business for years. The company said it could not confirm
whetherAreahadthenresoldgoodstoSyriandictatorBasharAssad’sregime”(Spie‐
gelOnlineInternational,IsSyriaMonitoringProtesterswithGermanTechnology?No‐
vember8,2011).
Utimacoreactedtothemediareports:“ItisthoughtthatGermansurveillancetech‐
nologyhasalsobeendeliveredtoSyria,aspartofasurveillancesystemmadebythe
ItalianfirmArea.Foryears,theItalianshaveusedspecializedsoftwarebytheGerman
firm Utimaco in their systems. But as Utimaco senior executive Malte Pollmann in‐
sists,Areaonlybuiltatestversion,andtheItalianshavejustcancelledtheentirepro‐
ject.‘Oursoftwarewasnotused,’saysPollmann”(SpiegelOnlineInternational,West‐
ernSurveillanceTechnologyintheHandsofDespots.December8,2011).Inastate‐
ment on its website, Utimaco declared: “Utimaco and its majority shareholder, So‐
phos,haverecentlybeenincludedinmediareportsaboutanItalianOEMreseller(Ar‐
eaS.p.A.)allegedlysellingUtimaco’sLIMStechnology to Syria. Wetakeglobaltrade
compliance very seriously and require all of our partners to adhere to the German,
European Union (EU) export regulations and United Nations embargo lists. We are
thoroughlyinvestigatingthematterandhavestoppedanyfurtheractivitieswithArea
untilwereceivefullclarificationfromthem”
(http://lims.utimaco.com/en/company/newsevents/statement‐on‐recent‐media‐
reports‐from‐utimaco‐safeware‐ag/).
Utimaco’s Internet surveillance technologies support Deep Packet Inspection and
canbeimplementedinawaythatallowsthesurveillanceofpoliticalopponents.Ina
WhitePaper(#12_4),Utimacoshowssomeconcernsaboutprivacyaspects.Itseems
to be aware of discussions of potential privacy violations by Internet surveillance
technologies.Itdoeshowevernotaddressthepracticalproblemofhowexactlyone
shouldpreventthatDPIisusedforviolatingtheprivacyofpoliticalactivists,consum‐
ers, and citizens. The plan of the export of DPI technology to Syria shows that this
technology is difficult to control. Utimaco reacted to the media reports about Area
Spa’s project by ending its business relations with this company. This move came
howeveronlyaftercivilsocietypressure.Thequestioniswhatwouldhavehappened
if no investigative journalists and activists had intervened. This problem is fortified
bythecircumstancethattradedealsinthesecurityindustryhaveahighlevelofse‐
crecy.Thereishardlypublicaccountabilityandtransparencyofwhosellswhichsur‐
veillancetechnologiestowhom.
The Privacy & Security Research Paper Series, Issue # 1
13.NETI
Placeofbusiness:Budapest,Hungary
Website:http://www.neti.hu/
Self‐description:
“NETIisapioneerinthedevelopmentofsystemsbasedoncustomdesignedapplica‐
tionssupportinganalyticsecuritysolutions.–Thesesystemsprovideourcustomers
withrobustandefficienttoolsforthehandlingofmassivedataflowmonitoringin
variousareas”(http://www.neti.com/en/services/services).
Analysis
NETIsaysthattheInternetisunpredictable,dynamicallygrowing,andbringsabout
many new data types (#13, 4). This would pose challenges for law enforcement. A
solutionwouldbeNETI’sBONGOmonitoringcentrethatis“fine‐tunedfortheneeds
ofLaw‐EnforcementandNationalSecurityAgenciesaswellasTelecomandInternet
ServiceProviders”(#13,11).
BONGOisadvertisedas“MonitoringSolutionforEverydaySecurity”
(http://www.neti.com/en/products/bongo).“Thesysteminheriteditsnamefrom
theBongoantelope,theelusivekingoftheEquatorialRainForest,whofindshisway
easily and undetected in the thickest of jungles, while can see and hear everything.
Today’smonitoringtasksarenolesschallenging.Thesystemshavetobecapableof
fastandreliablenavigation,selection,storageandpresentationofthevaluablepieces
of information out of the massive and ever‐growing jungle of networks and data
masses of the Twenty‐first Century” (ibid.). It “can intercept huge amount of data
fromawidearrayoftelecomandIPnetworksandotherinformationsources.[…]The
structure of BONGO can be realized on a single workstation, but it can unleash its
greatpowerasalarge,orevennationalsystemwithhundredsofserversandopera‐
tors.[…]Thesystemisreadytohandlemassiveamountofdatainterceptedfromtele‐
comandIPsystems.Theeffectivehandlingofgreatmassesofdataisassuredbythe
complexsetofbackgroundprocesseswithstrongsupportprovidedtotheoperators’
processingtasks”(ibid.).BONGOcanmonitorboththeInternetandphonenetworks.
Itcanfilterdataaccordingto“phonenumber,IMEI,IMSI,radiusidentification,IPad‐
dress,e‐mailaddress,MACaddress,etc”(ibid).
NETIproducesandsellsmonitoringcentresthatcaninterceptcontentofbothtele‐
communications and the Internet. The BONGO system is a deep packet inspection
surveillancetechnology.Wecouldfindnodiscussionsofprivacyandotherconcerns
aboutDPIintheanalyseddocumentsandonNETI’swebsite(accessedonFebruary5,
2012).
The Privacy & Security Research Paper Series, Issue # 1
14.AreaSpa
Placeofbusiness:VizzolaTicino,Italy
Website:http://www.area.it
Self‐description:
“From1996untiltoday,AREAhasconstantlypursuedtheobjectivesofcuttingedge
technologyandqualitativeexcellenceintheLIsector.AsthefirstoperatorinItalyto
introducea multi‐channelaudiodigitalrecordingsystem basedonstandardmarket
components and featuring total accessibility through IP networks, the company is
nowthenationalleaderinthissector,withover300installationsofitsMCRSystem
aroundtheworld”
(http://www.area.it/irj/portal/anonymous?NavigationTarget=navurl://6fff78b6f13
c2127ce9b4fe3c17cf995)
Analysis
Areacommitsitselfformallytobothsurveillanceandtherespectofprivacy:“Intelli‐
gence is an extremely complex and delicate process, called upon to meet the new
challengesintroducedbythegrowingtechnologicalcomplexityoftelecommunication
systems and the need to guarantee the utmost protection and respect of privacy,
while simultaneously offering concrete support in the analysis of data and infor‐
mation”
(http://www.area.it/irj/portal/anonymous?NavigationTarget=navurl://6fff78b6f13
c2127ce9b4fe3c17cf995).
ThecompanyproducesandsellsMonitoringCentres:“MCRSystemsatisfiesallop‐
erationalandstrategicrequirementsofmonitoringactivities.TheMCRSystemoffers
asingleintegratedplatformtocaptureandanalysedatacomingfromanytransmis‐
sionsourceandtoobtainacomprehensiveoverviewprovidingaddedvaluetoinves‐
tigative work. With its high scalability and customisation, MCR is able to transform
any installation into a unique and valuable project. MCR complete systems are im‐
plementedthroughasolidnetworkingarchitecture,toallowthemaximumoperation
efficiencyandsecurity.Thus,informationflowsmaybemonitoredonaglobalscale,
maximisingLItimes,avoidinglossofinformationandneverendangeringthesafetyof
thewholeprocess”
(http://www.area.it/irj/portal/anonymous?NavigationTarget=navurl://cbecc21b
801cae301af69b4db9e8c152).TheMCRsystemcancapturedata“fromnetworksand
unconventionalsources”anditcanrecordandanalysethisdata
(http://www.area.it/irj/portal/anonymous?NavigationTarget=navurl://cbecc21b
801cae301af69b4db9e8c152). MCR is a technology that can monitor different data
sourcesandintercepttheircontent.ContentinterceptionisalsopossibleforInternet
communication,whichmeansthatMCRisadeeppacketinspectionsurveillancetech‐
nology.
In November 2011, there were media reports that said that Area Spa started in‐
stalling Internet surveillance technologies in Syria, a country where hundreds of
The Privacy & Security Research Paper Series, Issue # 1
membersofthepoliticaloppositionhavebeenkilledbythegovernmentthattriesto
repressproteststhatstartedinJanuary2011.“EmployeesofAreaSpA,asurveillance
companybasedoutsideMilan,areinstallingthesystemunderthedirectionofSyrian
intelligenceagents,who'vepushedtheItalianstofinish,sayingtheyurgentlyneedto
trackpeople,apersonfamiliarwiththeprojectsays.TheAreaemployeeshaveflown
intoDamascusinshiftsthisyearastheviolencehasescalated,saystheperson,who
hasworkedonthesystemforArea.[…]AreaisusingequipmentfromU.S.andEuro‐
pean companies, according to blueprints and other documents obtained by Bloom‐
bergandthepersonfamiliarwiththejob.TheprojectincludesSunnyvale,Calif.‐based
NetAppInc.storagehardwareandsoftwareforarchivinge‐mails;probestoscanSyr‐
ia'scommunicationsnetworkfromParisbasedQosmosSA;andgearfromGermany's
UtimacoSafewareAGthatconnectstappedtelecomlinestoArea'smonitoring‐centre
computers. […] When the system is complete, Syrian security agents will be able to
followtargetsonflat‐screenworkstationsthatdisplaycommunicationsandwebuse
in near‐real time alongside graphics that map citizens' networks of electronic con‐
tacts,accordingtothedocumentsandtwopeoplefamiliarwiththeplans.Suchasys‐
tem is custom made for repression, says Mark Dubowitz, executive director of the
WashingtonbasedFoundationforDefenseofDemocracies[…]Area,aprivatelyheld
companythatgotitsstartin1996furnishingphonetapstoItalianlawenforcement,
hascodenamedthesystem‘Asfador,’anodtoaMr.Asfadorwhocold‐calledthecom‐
pany in 2008 asking it to bid on the deal, according to one person knowledgeable
abouttheproject”(TheCalgaryHerald,ItalianFirmHelpingSyriaSpyonE‐Mails.Sys‐
temMadeforRepression,saysThink‐Tank.November5,2011).
According to media reports, “Area chief executive Andrea Formenti says he can't
discussspecificclientsorcontracts,andthatthecompanyfollowsalllawsandexport
regulations”(ibid.).Later,Area’sCEOwasquotedinthepresssayingthatthesurveil‐
lanceprojecthasnotbeenactivated:“Inresponse,AreaSpA'sCEO,AndreaFormenti,
wasquotedinItaly'sCorrieredellaSeranewspaperthismonthannouncingthathis
companyhadnoemployeesinSyriaandthattheprojecthadnotmadeanyprogress
in the last two months. […] ‘The interception system has never been activated and
cannot be under current circumstances. There has been no repression carried out
thankstoourequipment,’FormentitoldCorrieredellaSera”(CNNOnline,Cyberwar
ExplodesinSyria.November20,2011).
“’WehaveacontractinplacewithSyria,thistrue;buteverythinghasbeenhalted
fortwomonths,andtherearenoneofourtechniciansinDamascus.’Afterfivedaysof
silence, there is a statement by Andrea Formenti, chairman of Area SpA, the Italian
softwarehousethathasbecomeaninternationalcasebecauseitisinstallinganinter‐
ceptsystemofInternettrafficonbehalfof[SyrianPresident]BasharAssad’sregime.
Formenti, 42, explains his having ‘landed’ in Syria: ‘We won a international bidding
contest in 2008, outbidding 4 European countries, and other non‐European compa‐
nies.Asinterlocutors,wehaveneverhadpeopleeitherinthemilitaryorintheintel‐
ligenceservices,butofthelocaltelephoneprovider.’Area'schairmanstatedthatthe
contractwasworth13millioneuros,butdeniedcurrentlyhavingpersonnelatwork
The Privacy & Security Research Paper Series, Issue # 1
intheMiddleEastcountry.‘Fortwomonthseverythinghasbeenhalted,andIwould
like to point out that the eavesdropping system has never been operated, and as
thingsnowstand,itneverwill.’Thefutureisuncertain:‘Wehavecontractualagree‐
mentsthatareverybinding,andwhich,ifnothonoured,wouldforceustopayhefty
penalties.Ontheotherhand,wearefollowingthesituationinSyriaasitevolves.We
wantnopartofbeingaccomplicestorepression.Wehopetherewillbesomeformof
interventionbytheinternationalauthoritiestosortthingsout.’Yesterday,aprotest
washeldinfrontofAreaheadquartersbyanti‐AssadrepresentativeswholiveinIta‐
ly. Beside them were activists of the Italian Pirates Party” (BBC Monitoring Europe,
Italian Software Company Denies Complicity in Syrian President’s Repression. No‐
vember9,2011).
AreaSpaisproducingandsellingMonitoringCentres.Ithasobtainedacontractfor
implementing anInternet surveillance system in Syria. The company has reacted to
allegationsaftertheyweremadepublicbythemedia,sayingthatthesystemhasnev‐
er been activated. The case is an example of how first surveillance technologies are
sold to countries or organisations that are considered problematic by human rights
groupsandonlyafterinformationaboutithasbeenmadepublicdocompaniesreact
totheallegations.Thequestionthatarisesiswhathappensinthosecases,wherecivil
societywatchdogorganizationsdonotfindoutabouttheexistenceofspecificcasesor
donothavetheresourcestoengageininquiries.
The Privacy & Security Research Paper Series, Issue # 1
15.Innova
Placeofbusiness:Trieste,Italy
Website:http://www.innovatrieste.it
Self‐description:
“Innovaisatechnologybasedcompanythatmarketsintegratedinterceptionsystems
forlawfulactivitiesandintelligenceoperations.[…].Thankstoadeepexpertisein
telecommunicationappliedtosecuritysector,InnovaproductssupportPublicProse‐
cutor’sOfficesandLawEnforcementAgenciesinanytypeofmonitoringactivitywith
advancedtechnologyfor:
*fixedandmobiletelephoneinterception
*wiredandwirelesscommunicationdecoding
*mobiletargetstracking
*highqualityaudiomonitoring
*dataanalysisandinformationmanagement”
(http://www.innovatrieste.it/eng/azienda.htm).
Analysis
Innova produces and sells surveillance technologies, including tools for monitoring
theInternet.OneofthissystemsiscalledEGO.Itis“anadvancedinterceptionsystem,
whichmanagestelephone,internetandaudiotargetsonthesameuser‐interfaceand
caninterceptupto1000targetssimultaneously.[…]Egoenablestointercept,decode
and restore on the same interface all types of IP communication, such as Video‐
communications, MMS, internet key, e‐mail and webmail, etc. […]A huge data base
together with integrated advanced data analysis tools can be used to elaborate re‐
search activities, information matching operations (phone records, telephone calls,
numbersetc),datacrosscomparisonsandforimmediatereportcreation”(#15).EGO
isaflexible communicationssurveillancetechnologythatcanmonitordifferentnet‐
works(telephone,Internet,etc)andinspectthecontent.IntermsofInternetsurveil‐
lance,itcanbeclassifiedasadeeppacketinspectiontechnology.
Innova explains the need of its Internet surveillance business by saying that the
“developmentofIPnetworkandtheincreasinguseofinternet‐basedservicesledLaw
Enforcement Agencies to new investigation needs and to theuse ofadvanced prod‐
uctsforIPcommunicationinterception”(#15).Wecouldfindnodiscussionofprivacy
concerns of Internet surveillance in the analysed documents (#15, Innova website
accessedonFebruary8,2012).
The Privacy & Security Research Paper Series, Issue # 1
16.IPS
Placeofbusiness:Aprilia,Italy
Website:http://www.ips‐intelligence.com
Self‐description:
“IPSdesignsandmanufacturesproductsandsolutionsforthemostdiversifiedappli‐
cationsintheCommunicationSecurityandElectronicSurveillancedomains.[…]The
CompanysolutionsportfolioincludesLawfulInterceptionandElectronicSurveillance
systems, Monitoring Centre and special solutions for monitoring and intercepting
Web2.0applications.[…]Ourvalues:…Tocarryoutanindustrialproject,bydevelop‐
ing innovative technologies, with the aim of strengthening the customer’s trust,
thankstothecontinuousgrowthofthecompanyanditspeople,placinghonestyand
reliability as fundamental values, beyond any business opportunities”
(http://www.resi‐group.eu/ips/?page_id=2&lang=en).
Analysis
MonitoringCentresareoneofthetechnologiesthatIPSproducesandsells.“GENESI
MonitoringCentreisaninnovativecentralizedsystem,supportingtheLawEnforce‐
ment Agencies investigations to manage in a unified manner audio, video and data
interceptionaswellastelephoneCallDetailRecordsandLogFilesanalysis”(#16_1).
It can “view in real time and off‐line data communications” (Fax, Sms, Videoconfer‐
ence, Internet, etc.)” (#16_1). GENESI’s Network Interception Platform “is a system
withreal‐timemonitoringandinterceptingcapabilitiesforthetrafficbeinggenerated
byIPnetworkusers”(#16_3).Itcan“monitorandinterceptInternettrafficdata[…]
ofdifferenttypesofInternetContentandServices(i.e.e‐mailmessages,Webaccess‐
es, Chat sessions, etc.)” (#16_3). The system works with probes that are placed in
specific networks and then intercept the traffic. Interception criteria include user
names,theMACaddressofacomputer,IPaddresses,IPaddressranges,andthefilter‐
ingofcontentby“identifyingtheInternettrafficcontainingspecifictextstringswith‐
in the protocol header (i.e. URL, e‐mail account etc.) or the application content (i.e.
keywords inside e‐mail messages or Web pages, etc.)” (#16_3). The GENESI system
caninterceptcontentofInternetcommunicationandothernetworks.IntermsofIn‐
ternetsurveillanceitcanbeclassifiedasaDeepPacketInspectionsurveillancetech‐
nology.
IPShasalsospecializedinprovidingweb2.0surveillancetechnologies:“Web2.0has
broughttotheInternetusersalargesetofnewapplicationsincreasingthecommuni‐
cationandcollaborationcapabilitiesthusprovidinganewwayofinteracting,sharing
informationandorganizingactivities.WebMails,SocialNetworksandBlogsarecur‐
rentlylargelyadoptedbycommonpeopleandcompaniesforcommunicationpurpos‐
es.Alsocriminalorganizationsexploittheseapplicationstakingadvantageofthean‐
The Privacy & Security Research Paper Series, Issue # 1
onymitygrantedbytheInternet.SocialNetworksmonitoringorWebMailsintercep‐
tioncangathertheintelligencehelpingtoidentifypeopleinvolvedincriminalactivi‐
ties,andtodetectrelevanteventsinadvance.IPSinnovativesolutionsareespecially
designedtosupportthistasksbydeliveringanewlevelofintelligencecapability,in‐
cludingactiveandpassivenetworksystems,complementingtraditionalLawfulinter‐
ception infrastructure and analysis tools which can be even integrated in existing
MonitoringCentres”(http://www.resi‐group.eu/ips/?page_id=210&lang=en).
Target Profiling is a Facebook surveillance software that “allows you to analysing
communications, klick in detail and make an analysis of relations of the people in‐
volved.[…]Theapplicationlistsalluserswhocomeintocontactwiththeusersinter‐
ceptedhighlightingthefollowingfeatures:profilephoto,nameassignedonFacebook,
userIDFacebook[…],thenumberofmessagesexchangedwithotherregisteredus‐
ers”.Thesystemcanalsochartrelationshipsofmonitoredusersanddisplaythecon‐
tentofexchangedmessages”(#16_3).
IPSexplainstheneedofitssurveillancetechnologiesbyarguingthat“TelecomOpera‐
tors as well as any Communication Service Provider have to support the investiga‐
tions
needs
of
Law
Enforcement
Agencies”
(http://www.resi‐
group.eu/ips/?page_id=32&lang=en).Initsself‐descriptionitsaysthatitsvaluesare
beinganindustrialprojectthatsatisfiescustomersanddevelopsinnovativetechnolo‐
gies.Theidentifiedgoalsareeconomic,technological,andlawenforcementneeds.In
theanalyseddocumentswecouldnotfindanengagementwithpotentialrisksofand
privacyconcernsregardingInternetsurveillance.
The Privacy & Security Research Paper Series, Issue # 1
17.Group2000
Placeofbusiness:Almelo,TheNetherlands
Website:http://www.group2000.eu
Self‐description:
“Group2000istheleadingandinnovativepartnerforNetworkForensics,Communi‐
cationServicesandICTServices.OurapproachandsolutionshelpTelecommunica‐
tionServiceOperators,Internetserviceproviders,Governments,industriesandbusi‐
nessServicestosolvecommunicationandsecurityissues“
(http://www.group2000.eu/en/g2k/about_group_2000).
“NetworkForensicsfocusesoninterceptingdigitalcommunicationstosupportlegal
and/orcriminalinvestigations.Group2000coverstheentirescope,includingtele‐
phonenetworksandtheinternetaaswellaswirelessvoiceanddatanetworks.We
haveover15yearsofexperienceprovidingcarriergradesystemsthatenableourcli‐
entstopinpointthecommunicationstheyareafter−amidstthevastamountofdata
traversingtoday'snetworks−andtheneasilytapin,withtheoptionofstoringinter‐
ceptedcontent”(http://www.group2000.eu/en/network_forensics).
Analysis
Group2000seesDataRetention,duetotheEU’sDataRetentionDirective,asoneim‐
portant challenge (#17_1). Data retention technologies must support the collection,
preparation, storage, management, retrieval, hand‐over and destruction of data
(#17_1).TheLIMADRSsystemisadataretentionsystemthatcollects“communica‐
tionsdata[...]andsubscriberdatafromanytelecommunicationsnetwork“,itretains
“large amounts of data in a powerful and secure data warehouse“, provides “fast
searchandanalyticsformillionsofdatarecords“automates“requestprocessingand
deliversdatatoauthorizedagenciesbye‐mail,orsecureIPinterfaces“(#17_5).
Lawful interception is considered as another challenge (#17_2, #17_3). Group
2000sellsthesystemtheLawfulInterceptionMediationArchitecture(LIMA,#17_4).
The LIMA DPI Monitor (#17_7) “uses deep packet inspection (DPI) technology to
classify network flows according to their application protocol. Based on user‐
definable rules, content and signalling data of these flows can be recorded and for‐
wardedtoexternaldevicessuchasmediationsystemsforfurtherprocessing.These
rules comprise target information including IP addresses, user names, protocol‐
specific filtering criteria, and arbitrary content keywords. This combination of DPI
andflexibletargetrulesdelivershighqualityinterceptionavoidingthecapturingofa
largervolume ofunnecessarynetworktraffic“ (#17_7).Theintercepted data canbe
managed with the help of the LIMA Management System (#17_6). Group 2000 also
sellstechnologiesthatmakeuseofDPIforbandwidthmanagementbyInternetSer‐
viceProviders(#17_9,#17_10,#17_11).
Group 2000 reacted with a press release to the publication of the WikiLeaks
SpyFiles, in which it was mentioned as provider of communications surveillance
The Privacy & Security Research Paper Series, Issue # 1
technologies. The company says that “Wikileaks Spy Files benefits Group 2000” be‐
causealthough“theexpertiseandtoolingfromGroup2000hasdrawnattentionfrom
countrieslikeIranandSyria”,ManagingDirectorRichardCoppenssays:“weclearly
rejectanyformofrelationwithsuchkindof‘customers’.Westrivetoopenness.Asa
companywecomplywithLegislationanddorespecthumanrights.Oursolutionsare
for instance deployed in Latin America to track down drug trafficking”.
(http://www.group2000.eu/en/g2k/news/news_december/press_release/).
“AccordingtoCoppenstheSpyFilesareincompleteandpoorlyjustified”(ibid.).As
surveillance technology producers are not complied to release their customers and
salespublicly,dataaboutwhatthesecompaniesaredoing,islikelytobeincomplete
becausethecompaniesthemselvesoftentreatitasasecret.TheSpyFilesmakeavail‐
ablesomeofthisdata.Intheend,itisoftennotclear,whichcommunicationssurveil‐
lancetechnologiesaresoldbywhichcompaniestowhom.Notmuchisknownaboutit
andonlysurfacesoccasionallyastheresultofinvestigativejournalism.
The Privacy & Security Research Paper Series, Issue # 1
18.PineDigitalSecurity
Placeofbusiness:TheHague,TheNetherlands
Website:https://www.pine.nl
Self‐description:
“Since 1997, Pine Digital Security takes care of (digital) availability and security for
companiesandgovernmentagencies.Thespecificfocusonthetechnicalsideofcom‐
puter security is the driving force behind our security services”
(https://www.pine.nl/over‐pine).
Analysis
PineDigitalSecurityproducesandsellstheEVELawfulInterceptionSolution.Itcan
beused“fortheinterceptionofIPdata,(e‐)mailmessagesandVoiceoverIPtelepho‐
ny.OurcustomersareInternetServiceProviders(ISPs)andtelecommunicationcom‐
panies” (http://www.lawfulinterception.com). Pine provides a Deep Packet Inspec‐
tionInternetsurveillancetechnology(EVE).It saysthatthistechnologyis primarily
sold to the communication industry. According to the company’s self‐presentation,
governments or law enforcement are not important customers. On Pine’s websites
(https://www.pine.nl,http://www.lawfulinterception.com),wecouldnotfindadis‐
cussionofpotentialrisksandprivacylimitationsofthecommercialuseofDPIsurveil‐
lance.
The Privacy & Security Research Paper Series, Issue # 1
19.GammaGroup
Placeofbusiness:Andover,UK
Website:https://www.gammagroup.com
Self‐description:
“GammaTSEisagovernmentcontractortoStateIntelligenceandLawEnforcement
AgenciesforTurnkeySurveillanceProjectsproducinghighqualitySurveillanceVans
andCarsandTechnicalSurveillanceEquipment”
(https://www.gammagroup.com/gammatse.aspx).
Analysis
Gammaexplainsitsproductionandsellingofcommunicationssurveillancetechnolo‐
gieswiththreatstonationalsecurity.“Intoday’shigh‐techcyberenvironmentcom‐
puters,mobilephonesorPDAsarebeingusedtotransmitandsupplyinformation
thatcouldpotentiallythreatennationalsecurity.Theincreaseofcybercrimeboth
throughterrorism,intimidationandindustrialespionageareconstantlyontherise,
andillegalactivitiesareaidedbyavailabletechnologies[…]Conventionalintercep‐
tiontechnologiescannolongercopewiththesechallenges.GovernmentAgencies
requirenewmission‐criticalintelligencetechnologiestoenhanceexistingcapabilities
which,todate,areinsufficientwithinmostgovernmentproductportfolios”(#19).
Gamma’sFinFisherisaso‐called“Trojanhorse”,asoftwarethatonceinstalledal‐
lowstheintruderremoteaccess.FinFishercaninfectcomputers,mobilephones,local
networksandISPnetworksandextractdatafromthesesystems(#7_10,4‐10).The
productandtrainingwasadvertisedinEleman’sCommunicationsMonitoringcata‐
loguefromOctober2007(#7_2).FinFishercane.g.betarnedasasoftwareupdate
thatissenttoacomputerormobilephone(NDR.ZAPP:GermanySpywareforDicta‐
tors.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).“FinFisher
istheleadingoffensiveITIntrusionprogramthroughwhichGammaprovidescom‐
plementarysolutions,productsandadvancedtrainingcapabilitiestoGovernment
end‐userswhoareseekingworldclassoffensivetechniquesforinformationgathering
fromsuspectsandtargets”(#19).
Accordingtomediareports,GammaofferedtosellitsFinSpysoftwaretoEgyptian
securityauthorities(EUobserver.com,EUcompaniesbannedfromsellingspywareto
repressiveregimes.October11,2011).“Egyptiananti‐regimeactivistsfoundastar‐
tlingdocumentlastmonthduringaraidinsidetheheadquartersofthecountry'sstate
securityservice:ABritishcompanyofferedtosellaprogramthatsecurityexpertssay
couldinfectdissidents'computersandgainaccesstotheiremailandothercommuni‐
cations.[…]Amidthescatteredpapers,interrogationdevicesandrandomfurniture
foundduringtheraid,theactivistsuncoveredaproposedcontractdatedJune29from
theBritishcompanyGammaInternationalthatpromisedtoprovideaccesstoGmail,
Skype,HotmailandYahooconversationsandexchangesoncomputerstargetedbythe
The Privacy & Security Research Paper Series, Issue # 1
InteriorMinistryofoustedPresidentHosniMubarak.TheproposalfromGammaIn‐
ternationalwaspostedonlinebyCairophysicianMostafaHussein,abloggerwhowas
amongtheactivistswhoseizedtheministry'sdocuments.‘Itisimportantevidenceof
theintentofthestatesecurityandinvestigationdivisionnottorespectourprivacy,’
Mr.Husseinsaid.‘Thisproposalwassenttoanotoriousdepartmentknownfortor‐
ture,spyingoncitizenstohelpMubarak'sregime,’Mr.Husseinsaid,referringtothe
StateSecurityInvestigationsService.‘ThecompanyGamma,Iconsiderthemtobe
partnersinthecrimeoftryingtoinvadeourprivacyandarrestactivists’”(Washing‐
tonTimes,BritishFirmOfferedSpySoftwaretoEgypt:ActivistsSayTheyWerethe
Targets.April26,2011).
AlsotheGermanregionalpublicserviceTVstationNDRreportedaboutasecretof‐
ferofGammatotheEgyptianstatefortheFinFishertechnology(NDR.ZAPP:Germa‐
nySpywareforDictators.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html).TheEgyp‐
tianbloggerMostafaHussein,whodiscoveredthedocuments,arguedintheNDRre‐
portthatthissoftwareis“exactlylikeweapons”(ibid.).TheEgyptianInternetactivist
IsraaAbdelFattahwasinterviewed,sayingthatthissoftwareis“helpingthedictators
[…]to[…]attacktheactivism”(ibid.).HerownInternetcommunicationwassur‐
veilledbytheEgyptiangovernment.Shesaidthatsurveillancecompanies“onlythink
aboutmoney”(ibid.).NDRalsodescribesGamma’sattemptstosellsurveillancetech‐
nologiestoTurkmenistanandOman(ibid.).TheAustrianITjournalistErichMöchel
saidthatsurveillancetechnologycompaniesencourage“repressionandtorture”
(ibid.).
Gammareactedtotheaccusationspartlybyrefusingtocommentandpartlyby
denyingthem:“PeterLloyd,anattorneyforGammaInternational,toldTheWashing‐
tonTimesthatthecompanyneversoldtheFinFishersoftwaretotheEgyptiansecuri‐
tyministry.Butthelawyerdeclinedtoanswerquestionsaboutthecompany'smal‐
waredivision,orthedetailedproposalfoundintheEgyptianministry.‘Gammacom‐
pliesinallitsdealingswithallapplicableU.K.lawsandregulations,’Mr.Lloydsaid.
‘GammadidnotsupplytoEgyptbutinanyeventitwouldnotbeappropriatefor
Gammatomakepublicdetailsofitstransactionswithanycustomer’”(Washington
Times,BritishFirmOfferedSpySoftwaretoEgypt:ActivistsSayTheyWeretheTar‐
gets.April26,2011).
Gammaexplainstheneedofsurveillancetechnologiesbythreatstonationalsecu‐
rity.TheEgyptianrevolutioncertainlywasathreattothenationalsecurityoftheold
Mubarakregime.Thequestionthatarisesisifagovernmentthatisquestionedin
massdemonstrationsbyitsownpopulationhasthemoralrighttodefendnational
securitywiththehelpofsurveillancetechnologiesthatareusedtospyon,imprison,
tortureorkillopponents.OntheonehandthereareclaimsthatGammaofferedto
supplyInternetsurveillancetechnologiestoEgypt,ontheotherhandthecompany
hasdeniedthis.FinFisherdefinitelyisatechnologythathasthepotentialtobeused
forthesurveillanceofandrepressionagainstpoliticalopponents.
The Privacy & Security Research Paper Series, Issue # 1
The Privacy & Security Research Paper Series, Issue # 1
20.TelesoftTechnologies
Placeofbusiness:Blandford,UK
Website:http://www.telesoft‐technologies.com/
Self‐description:
“TelesoftTechnologiesisatrusted,leadingglobalsupplierofreliable,costeffective
signaling,mediaandpacketprocessingsolutionstoserviceproviders,governments
andOEMdevelopersworldwide”(https://www.gammagroup.com/gammatse.aspx).
Analysis
TelesoftTechnologiesarguesthatDPItechnologiesareneededbothforlawenforce‐
mentandcommercialpurposes:“Networkoperatorsandlawenforcementagencies
needtheabilitytoidentify,sortandblockselectedpacketsinIPandconvergednet‐
works.Packetfilteringisalsobecomingthebasisofanewsetofrevenue‐generating
applicationsasthedeploymentofnetworkpolicysolutionsaccelerates.Telesoft's
rangeofpacketfilteringsolutionsperformcanbedeployedtoperformmonitoring,
filteringandgroomingofpacketsacrossarangeofnetworkinterfaces”
(http://www.telesoft‐technologies.com/products/packet‐filtering).
Thecompanyofferspacketfilteringcardsaswellasprobesthatprovide“lawen‐
forcementandintelligenceagencieswithreal‐timeaccesstocontent”byusing“Ad‐
vancedDeepPacketInspectioncapabilities”that“enabletheidentificationofspecific
communicationcontentatfullpacketratesfrommultiplexeddatastreams”
(http://www.telesoft‐technologies.com/products/network‐monitoring‐security‐
control/deep‐packet‐inspection).“TheSIP&GTPProbesupportsDeepPacketInspec‐
tionfromLayers5to7,enablingdeliveryofspecifiedcontentforspecificsubscribers,
basedonSIP‐URI,emailaddress,telephonenumber,MSISDNandIMEI,forexample”
(ibid.).
TelesoftTechnologiessaysthatDPIis“anessentialtoolforpreservingnetwork
healthandintegrity“(20_4).Furthermoreitseeseconomicadvantagesforcompanies:
“DPIisalsobeingdeployedtodeliverinnovative,revenue‐generatingpolicyservices.
Policycontrolwillenablethenextgenerationofpersonalisedservices,optimisedfor
individualusersandsubscribersandbasedonspecificoffersandchargingplans“
(20_4).Itwoulddeliver“optimiseduserexperienceandmanagessessionsaccording
tochargingandpersonalprofiles“.
The Privacy & Security Research Paper Series, Issue # 1
References
Babbie,Earl.2010.Thepracticeofsocialresearch.Belmont,CA:Wadsworth.
Ball,KirstieandFrankWebster,ed.2003.Theintensificationofsurveillance.Crime,
terrorismandwarfareintheinformationage.London:PlutoPress.
Bendrath,RalfandMiltonMueller.2011.Theendofthenetasweknowit?Deep
packetinspectionandInternetgovernance.NewMedia&Society13(7):1142‐
1160.
Bennett,Colin.2008.Theprivacyadvocates.Cambridge,MA:MITPress.
Bennett,ColinandCharlesRaab.2006.Thegovernanceofprivacy.Cambridge,MA:
MITPress.
Berleur,Jacques.1999.EthicsandgovernanceoftheInternet.Introductionandrec‐
ommendationsofIFI‐SIG9.2.2.InEthicsandgovernanceoftheInternet,ed.Jacques
Berleur,PennyDuquenoyandDianeWhitehouse,9‐19.Laxenburg:International
FederationforInformationProcessing.
Berleur,JacquesandMaried’Udekem‐Gevers.2001.Codesofethics/Conductforcom‐
putersciences.TheexperienceofIFIP.InTechnologyandethics.AEuropeanquest
forresponsibleengineering,ed.GoujonPhilippeandHeriardDubreuilBertrand,
327‐350.Leuven:Peeters.
Bigo,Didier.2010.Deliveringlibertyandsecurity?Thereframingoffreedomwhen
associatedwithsecurity.InEurope’s21stcenturychallenge.Deliveringliberty,ed.
DidierBigo,SergioCarrera,ElspethGuildandR.B.J.Walker,263‐287.Farnham:
Ashgate.
Bigo,Didier,ElspethGuildandR.B.J.Walker.2010.ThechanginglandscapeofEuro‐
peanlibertyandsecurity.InEurope’s21stcenturychallenge.Deliveringliberty,ed.
DidierBigo,SergioCarrera,ElspethGuildandR.B.J.Walker,1‐27.Farnham:Ash‐
gate.
CentreforIrishandEuropeanSecurity.2012.Societalimpactexpertworkinggroup.
EuropeanCommissionDGEnterpriseReport.
Clarke,Roger.1988.Informationtechnologyanddataveillance.Communicationsofthe
ACM31(5):498‐512.
Comer,DouglasE.2004.ComputernetworksandInternets.UpperSaddleRiver,NJ:
Pearson.
Cooper,Alissa.2011.DoingtheDPIdance.AssessingtheprivacyimpactofDeep
PacketInspection.InPrivacyinAmerica.Interdisciplinaryperspectives,ed.William
AsprayandPhilipDoty,139‐165.Plymouth:ScarecrowPress.
Daly,Angela.2010.Thelegalityofdeeppacketinspection.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1628024
Fishman,MarkandGrayCavender,ed.1998.Entertainingcrime:Televisionreality
programs.Hawthorne,NY:AldinedeGruyter.
Foucault,Michel.1977.Discipline&punish.NewYork:Vintage.
Foucault,Michel.2007.Security,territory,population.Basingstoke:PalgraveMac‐
millan.
Foucault,Michel.2008.Thebirthofbiopolitics.LecturesattheCollègedeFrance1978‐
1979.Basingstoke:PalgraveMacmillan.
Fuchs,Christian.2008.Internetandsociety.Socialtheoryintheinformationage.New
York:Routledge.
The Privacy & Security Research Paper Series, Issue # 1
Fuchs,Christian,KeesBoersma,AndersAlbrechtslundandMarisolSandoval.2012.
Introduction:Internetandsurveillance.InInternetandsurveillance,ed.Christian
Fuchs,KeesBoersma,AndersAlbrechtslundandMarisolSandoval,1‐28.NewYork:
Routledge.
Gandy,OscarH.2009.Comingtotermswithchance.Engagingrationaldiscrimination
andcumulativedisadvantage.Farnham:Ashgate.
Graham,StephenandDavidWood.2003.Digitizingsurveillance:categorization,
space,inequality.CriticalSocialPolicy23(2):227‐248.
Hall,Stuartetal.1978.Policingthecrisis.Basingstoke:PalgraveMacmillan.
Hayes,Ben.2009.NeoConOpticon.TheEUsecurity‐industrialcomplex.Amsterdam:
TransnationalInstitute/Statewatch.
http://www.statewatch.org/analyses/neoconopticon‐report.pdf
Hayes,Ben.2010.“Fullspectrumdominance”asEuropeanUnionsecuritypolicy.On
thetrailofthe“NeoConOpticon”.InSurveillanceanddemocracy,ed.KevinD.
HaggertyandMinasSamatas,148‐169.Oxon:Routledge.
InformationandPrivacyCommissionerofOntario.2009.CreationofaGlobalPrivacy
Standard.http://www.ipc.on.ca/images/Resources/gps.pdf
Jason,Andreas.2011.Thebasicsofinformationsecurity.Waltham,MA:Syngress.
Jewkes,Yvonne.2011.Media&crime.London:SAGE.Secondedition.
Kling,Rob,HowardRosenbaumandSteveSawyer.2005.Understandingandcom‐
municatingsocialinformatics.Medford,NJ:InformationToday.
Landau,Susan.2010.Surveillanceorsecurity?Therisksposedbynewwiretapping
technologies.Cambridge,MA:MITPress.
Lister,Martin,JonDovey,SethGiddings,IainGrantandKieranKelly.2003.Newme‐
dia:acriticalintroduction.NewYork:Routledge.
Lyon,David.1994.Theelectroniceye.Theriseofsurveillancesociety.Cambridge:Poli‐
ty.
Lyon,David.1998.Theworldwidewebofsurveillance.TheInternetandoff‐world
power‐flows.Information,Communication&Society1(1):91‐105.
Lyon,David.2001.Surveillancesociety:monitoringeverydaylife.Buckingham:Open
UniversityPress.
Lyon,David.2003a.SurveillanceafterSeptember11.Cambridge:Polity.
Lyon,David.2003b.SurveillanceafterSeptember11,2011.InTheintensificationof
surveillance.Crime,terrorismandwarfareintheinformationage,ed.KirstieBall
andFrankWebster,16‐25.London:PlutoPress.
Lyon,David.2003c.Surveillanceassocialsorting:computercodesandmobilebodies.
InSurveillanceassocialsorting,ed.DavidLyon,13‐30.NewYork:Routledge.
Lyon,David,ed.2006.Theorizingsurveillance,ed.DavidLyon,23‐45.Portland,OR:
Willan.
Lyon,David.2007.Surveillancestudies.Anoverview.Cambridge,UK:Polity.
MacKenzie,DonaldandJudyWajcman.1999a.Introductoryessay:thesocialshaping
oftechnology.InThesocialshapingoftechnology,ed.DonaldMacKenzieandJudy
Wajcman,3‐27.Maidenhead:OpenUniversityPress.
MacKenzie,DonaldandJudyWajcman.1999b.Prefacetothesecondedition.InThe
socialshapingoftechnology,ed.DonaldMacKenzieandJudyWajcman,xiv‐xvii.
Maidenhead:OpenUniversityPress.
The Privacy & Security Research Paper Series, Issue # 1
Marx,GaryT.1988.Undercover.PolicesurveillanceinAmerica.Berkeley,CA:Universi‐
tyofCaliforniaPress.
McStay,Andrew.2011.ProfilingPhorm.Anautopoieticapproachtotheaudience‐as‐
commodity.Surveillance&Society8(3):310‐322.
Monahan,Torin.2010.Surveillanceinthetimeofinsecurity.NewBrunswick:Rutgers
UniversityPress.
Nagenborg,MichaelandRafaelCapurro.2010.Ethicalevaluation.EUFP7ETICAPro‐
ject–EthicalIssuesofEmergingICTApplications,Deliverable3.2.2.
Parsons,Christopher.2008.Deeppacketinspectioninperspective:tracingitslineage
andsurveillancepotentials.Version1.2.
http://www.sscqueens.org/sites/default/files/WP_Deep_Packet_Inspection_Parso
ns_Jan_2008.pdf
Posner,RichardA.1978/1984.Aneconomictheoryofprivacy.InPhilosophicaldi‐
mensionsofprivacy,ed.FerdinandDavidSchoeman,333‐345.Cambridge,MA:
CambridgeUniversityPress.
Poster,Mark.1990.Themodeofinformation.Cambridge:Polity.
Raab,CharlesandDavidWright.2012.Surveillance.Extendingthelimitsofprivacy
impactassessment.InPrivacyimpactassessment,ed.DavidWrightandPaulDe
Hert,363‐383.NewYork:Springer.
Ramos,Anderson.2007.Deeppacketinspectiontechnologies.InInformationsecurity
managementhandbook,ed.HaraldF.TiptonandMickiKrause,2195‐2202.Sixth
edition.BocaRaton,FL:Auerbach.
Riley,ChrisM.andBenScott.2009.Deeppacketinspection.TheendoftheInternetas
weknowit?Florence,MA:FreePress.
http://www.freepress.net/files/Deep_Packet_Inspection_The_End_of_the_Internet
_As_We_Know_It.pdf
Quinn,Michael.2006.Ethicsfortheinformationage.Boston:Pearson.
Shade,LeslieRegan.2003.Technologicaldeterminism.InEncyclopediaofnewmedia,
ed.SteveJones,433‐434.ThousandOaks,CA:Sage.
Smith,Gavin.2004.Behindthescreens:Examiningconstructionsofdevianceandin‐
formalpracticesamongCCTVcontrolroomoperatorsintheUK.Surveillance&
Society2(2/3):376‐395.
Stahl,BerndCarsten.2011.ITforabetterfuture.Howtointegrateethics,politicsand
innovation.JournalofInformation,CommunicationandEthicsinSociety9(3):140‐
156.
Stallings,William.2006.Dataandcomputercommunications.EaglewoodCliffs,NJ:
Prentice‐Hall.
Stallings,William.1995.Operatingsystems.EaglewoodCliffs,NJ:Prentice‐Hall.Second
edition.
Stengel,LisaandMichaelNagenborg.2010.ReconstructingEuropeanethics.EUFP7
ETICAProject–EthicalIssuesofEmergingICTApplications,AnnexItodeliverable
D.3.2.2.
SurveillanceStudiesNetwork.2006.Areportonthesurveillancesociety.Wilmslow:
OfficeoftheInformationCommissioner.
SurveillanceStudiesNetwork.2010.Thesurveillancesociety.Anupdatereportonde‐
velopmentssincethe2006ReportontheSurveillanceSociety.Wilmslow:Officeof
theInformationCommissioner.
The Privacy & Security Research Paper Series, Issue # 1
Turow,Joseph.2008.Nicheenvy.Marketingdiscriminationinthedigitalage.Cam‐
bridge,MA:MITPress.
Webb,Maureen.2007.Illusionsofsecurity.Globalsurveillanceanddemocracyinthe
post‐9/11world.SanFranciso,CA:CityLights.
Wright,David.2011.Shouldprivacyimpactassessmentsbemandatory?Communica‐
tionsoftheACM54(8):121‐131.
Wright, David and Emilio Mordini. 2012. Privacy and ethical impact assessment. In
Privacyimpactassessment,ed.DavidWrightandPaulDeHert,397‐418.NewYork:
Springer.
Reports, Interviews, News Articles and other Documents
80/20Thinking,PrivacyImpactAssessmentforPhorm.
http://www.phorm.com/assets/reports/Phorm_PIA_Final.pdf
Amesys,Pressrelease.September1,2011.
http://www.wcm.bull.com/internet/pr/new_rend.jsp?DocId=673289&lang=en
ArabianBusiness,WesternSpyToolsAidinCrackdownonArabDissent.August28,
2011.
ARDTagesthemen,Siemens‐NokiaÜberwachungstechnikimIran.June24,2009.
http://www.youtube.com/watch?v=8JbydEFBx5E
BBCMonitoringWorldMedia,ProminentIranianJournalistJailedforThreeYears.
September30,2010.
BBCMonitoringEurope,ItalianSoftwareCompanyDeniesComplicityinSyrianPresi‐
dent’sRepression.November9,2011
Berners‐Lee,Tim.2009.NoSnooping.
http://www.w3.org/DesignIssues/NoSnooping.html
Bloomberg,SyriaCrackdownGetsItalyFirm’sAidWithU.S.‐EuropeSpyGear.No‐
vember4,2011.http://www.bloomberg.com/news/2011‐11‐03/syria‐
crackdown‐gets‐italy‐firm‐s‐aid‐with‐u‐s‐europe‐spy‐gear.html
Bloomberg,IranianPoliceSeizingDissidentsGetAidofWesternCompanies.October
30,2011.http://www.bloomberg.com/news/2011‐10‐31/iranian‐police‐seizing‐
dissidents‐get‐aid‐of‐western‐companies.html
Bloomberg,TortureinBahrainBecomesRoutineWithHelpFromNokiaSiemens.Au‐
gust23,2011.http://www.bloomberg.com/news/2011‐08‐22/torture‐in‐bahrain‐
becomes‐routine‐with‐help‐from‐nokia‐siemens‐networking.html
BrandRepublicNewsReleases,EUtoTakeUKtoCourtoverInternetPrivacyRules.
October4,2010.
Bundesverfassungsgericht,LeitsätzezumUrteildesErstenSenatsvom27.Februar
2008.
http://www.bundesverfassungsgericht.de/entscheidungen/rs20080227_1bvr037
007.html
change.org.HowWeWon.December1,2011.
http://www.change.org/petitions/demand‐us‐and‐european‐cos‐stop‐supporting‐
deadly‐syria‐net‐surveillance
CharterofFundamentalRightsoftheEuropeanUnion.
http://www.europarl.europa.eu/charter/pdf/text_en.pdf
The Privacy & Security Research Paper Series, Issue # 1
CNETUK,VirginMediaandCViewtoRifleThroughYourPackets.November27,2009.
http://crave.cnet.co.uk/software/virgin‐media‐and‐cview‐to‐rifle‐through‐your‐
packets‐49304424
CNNOnline,CyberwarExplodesinSyria.November20,2011.
CouncilofEurope.TheEuropeanConventiononHumanRights.
http://www.hri.org/docs/ECHR50.html
DataProtectionCommissionerofIreland.2011.FacebookIrelandLtd.ReportofAudit.
21December2011.
http://dataprotection.ie/viewdoc.asp?m=f&fn=/documents/Facebook%20Report
/final%20report/report.pdf
ElectronicFrontierFoundation(EFF),Anti‐CounterfeitingTradeAgreement.Whatis
ACTA?https://www.eff.org/issues/acta
ElectronicPrivacyInformationCenter(EPIC),DeepPacketInspectionandPrivacy.
http://epic.org/privacy/dpi/
EURegulationNo.961/2010of25October2010onRestrictiveMeasuresagainstIran
andRepealingRegulation(EC)No.423/2007.http://eur‐
lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:281:0001:0077:EN:PDF
EURegulationNo.1232/2011oftheEuropeanParliamentandtheEuropeanCouncilof
AmendingCouncilRegulation(EC)No428/2009SettingupaCommunityRegime
fortheControlofExports,Transfer,BrokeringandTransitofDual‐Useitems.
http://trade.ec.europa.eu/doclib/docs/2011/december/tradoc_148465.pdf
EURegulationNo.267/2012of23March2012ConcerningRestrictiveMeasures
AgainstIran.http://eur‐
lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2012:088:0001:0112:EN:PDF
EUobserver.com,EUCompaniesBannedfromSellingSpywaretoRepressiveRegimes.
October11,2011.http://euobserver.com/1018/113791
EUobserver.com,EUtoPressfor‘RightToBeForgotten’Online.November4,2010.
http://euobserver.com/851/31200
EUobserver.com,NewEULawstoTargetFacebook.January28,2010.
http://euobserver.com/871/29367
EuropeanCommission,Telecoms:CommissionLaunchesCaseagainstUKoverPrivacy
andPersonalDataProtection.Pressrelease.April14,2009.
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/570
EuropeanParliamentNews,ControllingDual‐UseExports.September27th,2011.
http://www.europarl.europa.eu/news/en/pressroom/content/20110927IPR275
86/html/Controlling‐dual‐use‐exports
EuropeanUnionDirectiveontheProtectionofIndividualswithRegardtothePro‐
cessingofPersonalDataandontheFreeMovementofSuchData(Directive
95/46/EC).http://eur‐
lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML
Eurostat.http://epp.eurostat.ec.europa.eu/portal/page/portal/eurostat/home/
FAKT,SyrienüberwachtmitSiemens‐Technik.April10,2012.
http://www.mdr.de/fakt/siemens106.html
FCC(FederalCommunicationsCommission).2010.ReportandOrderintheMatterof
PreservingtheOpenInternet.AdoptedonDecember21,2010.
The Privacy & Security Research Paper Series, Issue # 1
FIDH(InternationalFederationforHumanRights),FIDHandLDHFileaComplaint
ConcerningtheResponsibilityoftheCompanyAMESYSinRelationtoActsofTor‐
ture,October19,2011.http://www.fidh.org/FIDH‐and‐LDH‐file‐a‐complaintLDH
FreePress,ConsumerFederationofAmericanandConsumersUnion.2006.WhyCon‐
sumersDemandInternetFreedom.NetworkNeutrality:Factvs.Fiction.
http://www.freepress.net/files/nn_fact_v_fiction_final.pdf
GesetzzurAbwehrvonGefahrendesinternationalenTerrorismusdurchdasBun‐
deskriminalamt.http://www.buzer.de/gesetz/8578/index.htm
HeiseOnline,Datenschützerprüftalle22TrojanereinsätzeinBayern.November24,
2011.http://www.heise.de/newsticker/meldung/Datenschuetzer‐prueft‐alle‐22‐
Trojanereinsaetze‐in‐Bayern‐1384410.html
HeiseOnline,Ein“Bayerntrojaner”zumAbhörenvonInternet‐Telefonie?January24,
2008.http://www.heise.de/newsticker/meldung/Ein‐Bayerntrojaner‐zum‐
Abhoeren‐von‐Internet‐Telefonie‐182553.html
HeiseOnline,EinsatzdesStaatstrojaners:ZwischenfehlendemRechtsrahmenund
Verfassungswidrigkeit.October11,2011.
http://www.heise.de/newsticker/meldung/Einsatz‐des‐Staatstrojaners‐Zwischen‐
fehlendem‐Rechtsrahmen‐und‐Verfassungswidrigkeit‐1358601.html
HildebrandInteractive,AboutUs.
http://www.hildebrandinteractive.com/aboutus.html
HidebrandInitiative,EliminatingDigitalExclusion.
http://www.hildebrand.co.uk/ourwork/digitalbridge.html
Lessig,LawrenceandRobertW.McChesney,NoTollsontheInternet.TheWashington
Post.June8,2006.
MaghrebConfidential.Alcatel‐Lucent.May9,2008.
Möchel,Erich.DatenjagdaufDissidenten.April7,2008.http://www.fuzo‐
archiv.at/artikel/268868v2/).
Morozov,Evgeny.PoliticalRepression2.0.NewYorkTimes.September1,2011.
NDR(NorddeutscherRundfunk).ZAPP:GermanySpywareforDictators.December7,
2011.http://www.ndr.de/fernsehen/sendungen/zapp/media/zapp4923.html
NDR(NorddeutscherRundfunk).ZAPP:InterviewmitErichMöchel.December7,2011.
http://www.ndr.de/fernsehen/sendungen/zapp/media/moechel103.html
NewYorkTimesOnline,U.S.ApprovalofKillingofClericCausesUnease.May13,2010.
http://www.nytimes.com/2010/05/14/world/14awlaki.html
NewYorkTimesOnline,E.U.toTightenWebPrivacyLaw,RiskingTrans‐AtlanticDis‐
pute.November9,2011.http://www.nytimes.com/2011/11/10/technology/eu‐
to‐tighten‐web‐privacy‐law‐risking‐trans‐atlantic‐dispute.html?pagewanted=all
NokiaSiemensNetworks.2009.CorporateResponsibility2009.Espoo:NSN.
http://www.nokiasiemensnetworks.com/file/12186/corporate‐responsibility‐
2009?download
NokiaSiemensNetworks,ProvisionofLawfulInterceptCapacityinIran.June22,
2009.http://www.nokiasiemensnetworks.com/news‐events/press‐room/press‐
releases/provision‐of‐lawful‐intercept‐capability‐in‐iran
OfficeofthePrivacyCommissionerofCanada,ReviewoftheInternetTrafficManage‐
mentPracticesofInternetServiceProviders.February18,2009.
http://www.priv.gc.ca/information/pub/sub_crtc_090728_e.cfm
The Privacy & Security Research Paper Series, Issue # 1
PrivacyInternational,OnlineBehaviouralTargetedAdvertising–PrivacyInternation‐
al’sPosition.April19,2009.https://www.privacyinternational.org/article/online‐
behavioural‐targeted‐advertising‐%E2%80%93‐privacy‐
international%E2%80%99s‐position
PrivacyInternational,PIWarnsthatNewISPInterceptionPlansWillBeIllegal.No‐
vember26,2009.https://www.privacyinternational.org/article/pi‐warns‐new‐
isp‐interception‐plans‐will‐be‐illegal
PrivacyInternational,SurveillanceWho’sWho.
https://www.privacyinternational.org/big‐brother‐incorporated/countries
Profil,TrojanischeSitten.DerBundestrojanerwurdeohnerechtlicheGrundlageeing‐
esetzt.October22,2010.
http://www.profil.at/articles/1142/560/310153/bundestrojaner‐trojanische‐
sitten
ProposaloftheEuropeanParliamentandoftheCouncilontheProtectionofIndividuals
withRegardtotheProcessingofPersonalDataandontheFreeMovementofSuch
Data(GeneralDataProtectionRegulation).http://ec.europa.eu/justice/data‐
protection/document/review2012/com_2012_11_en.pdf
Qosmos,QosmosStatementaboutRecentMediaReporting.November22,2011.
http://www.qosmos.com/news‐events/qosmos‐statement‐about‐recent‐media‐
reporting
ReadWriteWeb,Facebook’sZuckerbergSaystheAgeofPrivacyisOver.January9,
2010.
http://www.readwriteweb.com/archives/facebooks_zuckerberg_says_the_age_of_
privacy_is_ov.php
SpiegelOnline,Digitask:Trojaner‐HerstellerbeliefertetlicheBehördenundBun‐
desländer.October11,2011.
http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791112,00.html
SpiegelOnline,Fahnder:MassiverEingriff.February28,2011.
http://www.spiegel.de/spiegel/0,1518,748110,00.html
SpiegelOnline,InnereSicherheit:TrojanerimAbo.October17,2011.
http://www.spiegel.de/spiegel/print/d‐81015404.html
SpiegelOnline,Schnüffel‐Software:BayernsInnenministerstopptTrojaner‐Einsatz.
October11,2011.
http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791193,00.html
SpiegelOnline,Staatstrojaner:DigitaskwehrtsichgegenInkompetenz‐Vorwurf.Octo‐
ber12,2011.http://www.spiegel.de/netzwelt/netzpolitik/0,1518,791251,00.html
SpiegelOnlineInternational,IsSyriaMonitoringProtesterswithGermanTechnology?
November8,2011.
SpiegelOnlineInternational,WesternSurveillanceTechnologyintheHandsofDes‐
pots.December8,2011.
SpiegelOnlineInternational,MonitoringtheOpposition:SiemensAllegedlySoldSur‐
veillanceGeartoSyria.April11th,2012.
http://www.spiegel.de/international/business/0,1518,826860,00.html
Techopedia.DeepPacketInspection(DPI).
http://www.techopedia.com/definition/24973/deep‐packet‐inspection‐dpi
TelecomWorldwide.Alcatel‐LucenttoProvideFibre‐OpticBackboneNetworkCon‐
tractforLibya.July12,2007.
The Privacy & Security Research Paper Series, Issue # 1
TheCalgaryHerald,ItalianFirmHelpingSyriaSpyonE‐Mails.SystemMadeforRe‐
pression,saysThink‐Tank.November5,2011).
TheHuffingtonPost,GoogleCEOonPrivacy.March18,2010.
http://www.huffingtonpost.com/2009/12/07/google‐ceo‐on‐privacy‐
if_n_383105.html
TheHuffingtonPost,EricSchmidtDreamsofaFutureWhereYou’reNeverLonely,
Bored,orOutofIdeas.September28,2010
http://www.huffingtonpost.com/2010/09/28/eric‐schmidt‐techcrunch‐
disrupt_n_742034.html
TheLocal,EricssonRejectsClaimsofAidingIran.November11,2011.
http://www.thelocal.se/37098/20111101
TheLocal,PirateBaytoLaunchFleetof“AerialServerDrones”.March21,2012.
http://www.thelocal.se/39796/20120321/
TheRegister,LondonEstateBroadbandOffers'SpottheASBOSuspect'TVChannel.
December30,2005.
http://www.theregister.co.uk/2005/12/30/shoreditch_digital_bridge/
TheTimes,WestTriestoCoverUpLibyaDeals:TheRaceisOntoSeekOutandDe‐
stroyAnyIncriminatingEvidence.October7,2011.
WallStreetJournalOnline,FirmsAidedLibyanSpies.FirstLookInsideSecurityUnit
ShowsHowCitizensWereTracked.August30,2011.
http://online.wsj.com/article/SB10001424053111904199404576538721260166
388.html
WallStreetJournalOnline,Iran’sWebSpyingAidedbyWesternTechnology.June22,
2009,http://online.wsj.com/article/SB124562668777335653.html
WashingtonTimes,FedContractor,CellPhoneMakerSoldSpySystemtoIran.April
13,2009.http://www.washingtontimes.com/news/2009/apr/13/europe39s‐
telecoms‐aid‐with‐spy‐tech/?page=all
WashingtonTimes,BritishFirmOfferedSpySoftwaretoEgypt:ActivistsSayThey
WeretheTargets.April26,2011.
WiredMagazineOnline,EUCourtRulesthatContentOwnersCan’tForceWebFilters
onISPs.November24,2011.http://www.wired.co.uk/news/archive/2011‐
11/24/eu‐rules‐on‐filtering
WiredMagazineOnline,SocialNetworksDon’tHavetoPoliceCopyright,RulesEU.
February16,2012.http://www.wired.co.uk/news/archive/2012‐02/16/eu‐
social‐networks‐copyright
ZDFFrontal21,Nokia‐Siemens‐NetworksimIran.January26,2010.
http://www.youtube.com/watch?v=oHqyKYa6Ffw
ZDNetUK,VirginMediaPutsCViewPacketSniffingTrialonHold.September30,
2010.http://www.zdnet.co.uk/news/security‐threats/2010/09/30/virgin‐media‐
puts‐cview‐packet‐sniffing‐trial‐on‐hold‐40090353/