FacebookTwitterGoogle+RedditEmail

Watching Over You

When The Wall Street Journal reporter Margaret Coker visited the Libyan government’s surveillance centre in Tripoli after the city’s fall, she saw that the authorities had been monitoring everything: the internet, mobile phones, satellite phone and internet connections. Some files included emails and online conversations between Gaddafi’s opponents. Notices on the walls revealed that the company which had installed the equipment was Amesys, a subsidiary of French firm Bull (1). The French satirical weekly Le Canard Enchainé later reported that France’s military intelligence directorate had been solicited to help train Libya’s internal spies (2).

In Syria, US equipment helps Bashar al-Assad’s regime censor the internet, and retrieve logins and passwords to access people’s emails or Facebook and Twitter pages. This tool is particularly useful for tracking the communications of opponents with internal or foreign connections.

The technology is innocuously named “deep packet inspection” (DPI). When someone sends an email, a series of servers relays it to its destination. Each server sends the message on to the next, looking only at the recipient’s address, and not at the contents. An expert on internet law, Jonathan Zittrain, explained: “It’s a bit like being at a party with polite friends. If you’re too far from the bar, or there are too many people in the way, you ask the person next to you to get you a beer. They ask the person next to them, who is a bit closer to the bar, and so on. Eventually your order reaches the bar and your beer arrives via the same route back. Since everyone is polite, no one will have drunk your beer along the way.”

But DPI is less polite. How would you feel if the person next to you analysed your order, and started lecturing you about it? Or if they tampered with your drink, adding water or something stronger? This is exactly what DPI technology can do: it allows people to read the content of internet traffic, modify it, and even send it to someone else.

Amesys is not alone in this market. US press agency Bloomberg recently reported that another French company, Qosmos, had provided DPI technology to a consortium equipping Syria to the same standard as Gaddafi’s Libya (3). DPI is also at the heart of China’s firewall, which allows the government to censor internet traffic and spy on its citizens.

‘Secret new industry’

The recent Wikileaks publication of numerous internal documents from these companies shows that monitoring communication networks is “a secret new industry spanning 25 countries … In traditional spy stories, intelligence agencies like MI5 bug the phone of one or two people of interest. In the last 10 years systems of indiscriminate, mass surveillance have become the norm” (4). A little earlier The Wall Street Journal had published more than 200 marketing documents from 36 companies offering the US anti-terrorist agency various surveillance and computer hacking tools (5).

DPI entered the spotlight in May 2006 when Mark Klein, a former technician with US internet provider AT&T, leaked the fact that the company had installed DPI technology at the heart of the county’s internet network, in cooperation with the US National Security Agency (which invented the Echelon system in the 1980s and 1990s). The technology was provided by internet surveillance company Narus (slogan “See Clearly, Act Swiftly”). Narus was set up in 1997, has 150 employees, earned $30m in 2006, and was bought up by Boeing in 2010. The Mubarak regime was reported to have installed Narus equipment in Egypt (6).

The flow of information over the internet includes the web, emails, synchronous exchanges (instant messaging) and asynchronous exchanges (blogs, discussion forums), phone conversations, video, raw data, etc. Most of this communication is not encrypted, so it is easy for both the casual hacker and state security services to monitor it.

Constraints or profits?

But some private companies are also seeing a financial advantage in this technology. Telecoms operators such as Free, SFR and Orange have started to complain that large amounts of information are being conveyed on their networks without the producer paying. Internet service providers (ISPs) are not happy about paying to transmit YouTube videos, which they are obliged to provide to their subscribers. So they came up with the idea of charging a supplement to the information’s producer or its final user, or slowing down some traffic in favour of others. But to do that they have to be able to measure precisely what is passing through their networks.

In the same way, mobile phone operators have tried to limit their infrastructure costs by restricting their customers’ access to the internet. So they prohibit smart phone users from peer-to-peer file sharing, or using vocal or video communication like Skype.

Here too, DPI allows them to monitor and manage the traffic, and allocate higher bandwidths to certain services, such as those they provide. This contradicts the notion of “network neutrality”, whereby service providers are meant to convey all requested information without discrimination.

When DPI is applied to web browsing, it can record every move a person makes online. Marketing professionals are desperate to exploit such information. Orange recently launched Orange Shots, which uses DPI technology to analyse the websites a subscriber uses (with their consent), in order to offer them ultra-targeted products. That could make ISPs as profitable as Facebook and Google, as long as these programmes attracted subscribers; it would be enough to claim that the data was anonymous to make it a perfectly marketable product.

The curious reader could check the Data Privacy page on the website of GFK, an international market research group and Qosmos shareholder: while it casually mentions web “cookies”, it fails to explain that it also tracks visitors to websites using a DPI technology which is supposedly anonymous because GFK alone knows the formula. GFK is present in more than 150 countries.

DPI is also attracting intellectual property rights and copyright holders who are trying to fight “illegal” file sharing on peer-to-peer networks (BitTorrent), or sites for uploading and downloading files directly, like Megaupload. Knowing exactly who is trying to download what film or music file, and blocking that person’s access, can only be done with “deep” surveillance infrastructure shared across all the data exchange points that the ISPs represent.

Legal surveillance

Another natural market for DPI technology is legal surveillance. In France police sometimes monitor a suspect’s communications as part of a judicial investigation, authorised by a judge and the National Committee for the Control of Security Interceptions. But this is a niche market, concerning a very small proportion of the population. Unless they were counting on another huge rise in the anti-terrorist budget, it would make sense for businesses in this sector to look for other commercial outlets.

That is where the governments of police states, which want to listen to their entire populations, come in. Surveillance software can be tested in these countries under real conditions. That is why Ben Ali’s Tunisia received a discount on systems that still had bugs. Libya provided Amesys with a real life experiment of what Eagle software could or could not do. Alcatel is doing the same in Burma. The information gathered by DPI inevitably leads to arrests. (Torture, using tried and tested methods, can do the rest.)

Puzzled, no doubt, by the high number of European companies in this sector, the European parliament has passed a resolution to ban the sale abroad of systems monitoring phone calls and text messages, or providing targeted internet surveillance, if this information is used to violate democratic principles, human rights or freedom of expression. On 1 December 2011 the EU Council tightened restrictions on Syria and banned “exports of equipment and software intended for use in the monitoring of internet and telephone communications by the Syrian regime”.

Despite this, there is little legal control over the global export of surveillance equipment. Manufacturers find it easy to slip through the net (especially since there is such a diversity of legislation), governments do not publish their permits, and this type of software is not strictly considered a weapon.

Antoine Champagne is a journalist.

Notes.

1) Paul Sonne and Margaret Coker, “Firms Aided Libyan Spies”, The Wall Street Journal, New York, 30 August 2011.

(2) “Des experts des services secrets francais ont aidé Kadhafi à espionner les Libyens” and “Secret militaire sur le soutien à Kadhafi”, Le Canard Enchainé, Paris, 7 September and 12 October 2011.

(3) “Syria Crackdown Gets Italy Firm’s Aid with US-Europe Spy Gear”, Bloomberg, 3 November 2011.

(4) WikiLeaks, “The Spy Files”, 1 December 2011.

(5) Agreement between France’s education minister Jack Lang and Max Cloupet, representing Catholic schools under contract to the state, 15 June 1992.

(6) Timothy Karr, “One US Corporation’s Role in Egypt’s Brutal Crackdown”, The Huffington Post,28 January 2011.

This article appears in the excellent Le Monde Diplomatique, whose English language edition can be found at mondediplo.com. This full text appears by agreement with Le Monde Diplomatique. CounterPunch features two or three articles from LMD every month.

More articles by:
July 17, 2018
Conn Hallinan
Trump & The Big Bad Bugs
Robert Hunziker
Trump Kills Science – Nature Strikes Back
John Grant
The Politics of Cruelty
Kenneth Surin
Calculated Buffoonery: Trump in the UK
Jim Kavanagh
Fighting Fake Stories: The New Yorker, Israel and Obama
Daniel Falcone
Chomsky on the Trump NATO Ruse
W. T. Whitney
Oil Underground in Neuquén, Argentina – and a New US Military Base There
Doug Rawlings
Ken Burns’ “The Vietnam War” was Nominated for an Emmy, Does It Deserve It?
Rajan Menon
The United States of Inequality
Thomas Knapp
Have Mueller and Rosenstein Finally Gone Too Far?
Cesar Chelala
An Insatiable Salesman
Dean Baker
Truth, Trump and the Washington Post
Mel Gurtov
Human Rights Trumped
Binoy Kampmark
Putin’s Football Gambit: How the World Cup Paid Off
July 16, 2018
Sheldon Richman
Trump Turns to Gaza as Middle East Deal of the Century Collapses
Charles Pierson
Kirstjen Nielsen Just Wants to Protect You
Brett Wilkins
The Lydda Death March and the Israeli State of Denial
Patrick Cockburn
Trump Knows That the US Can Exercise More Power in a UK Weakened by Brexit
Robert Fisk
The Fisherman of Sarajevo Told Tales Past Wars and Wars to Come
Gary Leupp
When Did Russia Become an Adversary?
Uri Avnery
“Not Enough!”
Dave Lindorff
Undermining Trump-Putin Summit Means Promoting War
Manuel E. Yepe
World Trade War Has Begun
Binoy Kampmark
Trump Stomps Britain
Wim Laven
The Best Deals are the Deals that Develop Peace
Kary Love
Can We Learn from Heinrich Himmler’s Daughter? Should We?
Jeffrey St. Clair
Franklin Lamb, Requiescat in Pace
Weekend Edition
July 13, 2018
Friday - Sunday
Brian Cloughley
Lessons That Should Have Been Learned From NATO’s Destruction of Libya
Paul Street
Time to Stop Playing “Simon Says” with James Madison and Alexander Hamilton
Jeffrey St. Clair
Roaming Charges: In the Land of Formula and Honey
Aidan O'Brien
Ireland’s Intellectuals Bow to the Queen of Chaos 
Michael Collins
The Affirmative Action Silo
Andrew Levine
Tipping Points
Geoff Dutton
Fair and Balanced Opinion at the New York Times
Ajamu Baraka
Cultural and Ideological Struggle in the US: a Final Comment on Ocasio-Cortez
David Rosen
The New McCarthyism: Is the Electric Chair Next for the Left?
Ken Levy
The McConnell Rule: Nasty, Brutish, and Unconstitutional
George Wuerthner
The Awful Truth About the Hammonds
Robert Fisk
Will Those Killed by NATO 19 Years Ago in Serbia Ever Get Justice?
Robert Hunziker
Three Climatic Monsters with Asteroid Impact
Ramzy Baroud
Europe’s Iron Curtain: The Refugee Crisis is about to Worsen
Nick Pemberton
A Letter For Scarlett JoManDaughter
Marilyn Garson
Netanyahu’s War on Transcendence 
Patrick Cockburn
Is ISIS About to Lose Its Last Stronghold in Syria?
Joseph Grosso
The Invisible Class: Workers in America
FacebookTwitterGoogle+RedditEmail