FacebookTwitterGoogle+RedditEmail

Watching Over You

When The Wall Street Journal reporter Margaret Coker visited the Libyan government’s surveillance centre in Tripoli after the city’s fall, she saw that the authorities had been monitoring everything: the internet, mobile phones, satellite phone and internet connections. Some files included emails and online conversations between Gaddafi’s opponents. Notices on the walls revealed that the company which had installed the equipment was Amesys, a subsidiary of French firm Bull (1). The French satirical weekly Le Canard Enchainé later reported that France’s military intelligence directorate had been solicited to help train Libya’s internal spies (2).

In Syria, US equipment helps Bashar al-Assad’s regime censor the internet, and retrieve logins and passwords to access people’s emails or Facebook and Twitter pages. This tool is particularly useful for tracking the communications of opponents with internal or foreign connections.

The technology is innocuously named “deep packet inspection” (DPI). When someone sends an email, a series of servers relays it to its destination. Each server sends the message on to the next, looking only at the recipient’s address, and not at the contents. An expert on internet law, Jonathan Zittrain, explained: “It’s a bit like being at a party with polite friends. If you’re too far from the bar, or there are too many people in the way, you ask the person next to you to get you a beer. They ask the person next to them, who is a bit closer to the bar, and so on. Eventually your order reaches the bar and your beer arrives via the same route back. Since everyone is polite, no one will have drunk your beer along the way.”

But DPI is less polite. How would you feel if the person next to you analysed your order, and started lecturing you about it? Or if they tampered with your drink, adding water or something stronger? This is exactly what DPI technology can do: it allows people to read the content of internet traffic, modify it, and even send it to someone else.

Amesys is not alone in this market. US press agency Bloomberg recently reported that another French company, Qosmos, had provided DPI technology to a consortium equipping Syria to the same standard as Gaddafi’s Libya (3). DPI is also at the heart of China’s firewall, which allows the government to censor internet traffic and spy on its citizens.

‘Secret new industry’

The recent Wikileaks publication of numerous internal documents from these companies shows that monitoring communication networks is “a secret new industry spanning 25 countries … In traditional spy stories, intelligence agencies like MI5 bug the phone of one or two people of interest. In the last 10 years systems of indiscriminate, mass surveillance have become the norm” (4). A little earlier The Wall Street Journal had published more than 200 marketing documents from 36 companies offering the US anti-terrorist agency various surveillance and computer hacking tools (5).

DPI entered the spotlight in May 2006 when Mark Klein, a former technician with US internet provider AT&T, leaked the fact that the company had installed DPI technology at the heart of the county’s internet network, in cooperation with the US National Security Agency (which invented the Echelon system in the 1980s and 1990s). The technology was provided by internet surveillance company Narus (slogan “See Clearly, Act Swiftly”). Narus was set up in 1997, has 150 employees, earned $30m in 2006, and was bought up by Boeing in 2010. The Mubarak regime was reported to have installed Narus equipment in Egypt (6).

The flow of information over the internet includes the web, emails, synchronous exchanges (instant messaging) and asynchronous exchanges (blogs, discussion forums), phone conversations, video, raw data, etc. Most of this communication is not encrypted, so it is easy for both the casual hacker and state security services to monitor it.

Constraints or profits?

But some private companies are also seeing a financial advantage in this technology. Telecoms operators such as Free, SFR and Orange have started to complain that large amounts of information are being conveyed on their networks without the producer paying. Internet service providers (ISPs) are not happy about paying to transmit YouTube videos, which they are obliged to provide to their subscribers. So they came up with the idea of charging a supplement to the information’s producer or its final user, or slowing down some traffic in favour of others. But to do that they have to be able to measure precisely what is passing through their networks.

In the same way, mobile phone operators have tried to limit their infrastructure costs by restricting their customers’ access to the internet. So they prohibit smart phone users from peer-to-peer file sharing, or using vocal or video communication like Skype.

Here too, DPI allows them to monitor and manage the traffic, and allocate higher bandwidths to certain services, such as those they provide. This contradicts the notion of “network neutrality”, whereby service providers are meant to convey all requested information without discrimination.

When DPI is applied to web browsing, it can record every move a person makes online. Marketing professionals are desperate to exploit such information. Orange recently launched Orange Shots, which uses DPI technology to analyse the websites a subscriber uses (with their consent), in order to offer them ultra-targeted products. That could make ISPs as profitable as Facebook and Google, as long as these programmes attracted subscribers; it would be enough to claim that the data was anonymous to make it a perfectly marketable product.

The curious reader could check the Data Privacy page on the website of GFK, an international market research group and Qosmos shareholder: while it casually mentions web “cookies”, it fails to explain that it also tracks visitors to websites using a DPI technology which is supposedly anonymous because GFK alone knows the formula. GFK is present in more than 150 countries.

DPI is also attracting intellectual property rights and copyright holders who are trying to fight “illegal” file sharing on peer-to-peer networks (BitTorrent), or sites for uploading and downloading files directly, like Megaupload. Knowing exactly who is trying to download what film or music file, and blocking that person’s access, can only be done with “deep” surveillance infrastructure shared across all the data exchange points that the ISPs represent.

Legal surveillance

Another natural market for DPI technology is legal surveillance. In France police sometimes monitor a suspect’s communications as part of a judicial investigation, authorised by a judge and the National Committee for the Control of Security Interceptions. But this is a niche market, concerning a very small proportion of the population. Unless they were counting on another huge rise in the anti-terrorist budget, it would make sense for businesses in this sector to look for other commercial outlets.

That is where the governments of police states, which want to listen to their entire populations, come in. Surveillance software can be tested in these countries under real conditions. That is why Ben Ali’s Tunisia received a discount on systems that still had bugs. Libya provided Amesys with a real life experiment of what Eagle software could or could not do. Alcatel is doing the same in Burma. The information gathered by DPI inevitably leads to arrests. (Torture, using tried and tested methods, can do the rest.)

Puzzled, no doubt, by the high number of European companies in this sector, the European parliament has passed a resolution to ban the sale abroad of systems monitoring phone calls and text messages, or providing targeted internet surveillance, if this information is used to violate democratic principles, human rights or freedom of expression. On 1 December 2011 the EU Council tightened restrictions on Syria and banned “exports of equipment and software intended for use in the monitoring of internet and telephone communications by the Syrian regime”.

Despite this, there is little legal control over the global export of surveillance equipment. Manufacturers find it easy to slip through the net (especially since there is such a diversity of legislation), governments do not publish their permits, and this type of software is not strictly considered a weapon.

Antoine Champagne is a journalist.

Notes.

1) Paul Sonne and Margaret Coker, “Firms Aided Libyan Spies”, The Wall Street Journal, New York, 30 August 2011.

(2) “Des experts des services secrets francais ont aidé Kadhafi à espionner les Libyens” and “Secret militaire sur le soutien à Kadhafi”, Le Canard Enchainé, Paris, 7 September and 12 October 2011.

(3) “Syria Crackdown Gets Italy Firm’s Aid with US-Europe Spy Gear”, Bloomberg, 3 November 2011.

(4) WikiLeaks, “The Spy Files”, 1 December 2011.

(5) Agreement between France’s education minister Jack Lang and Max Cloupet, representing Catholic schools under contract to the state, 15 June 1992.

(6) Timothy Karr, “One US Corporation’s Role in Egypt’s Brutal Crackdown”, The Huffington Post,28 January 2011.

This article appears in the excellent Le Monde Diplomatique, whose English language edition can be found at mondediplo.com. This full text appears by agreement with Le Monde Diplomatique. CounterPunch features two or three articles from LMD every month.

More articles by:
April 26, 2018
Patrick Cockburn
As Trump Berates Iran, His Options are Limited
Daniel Warner
From May 1968 to May 2018: Politics and Student Strikes
Simone Chun – Kevin Martin
Diplomacy in Korea and the Hope It Inspires
George Wuerthner
The Attack on Wilderness From Environmentalists
CJ Hopkins
The League of Assad-Loving Conspiracy Theorists
Richard Schuberth
“MeToo” and the Liberation of Sex
Barbara Nimri Aziz
Sacred Assemblies in Baghdad
Dean Baker
Exonerating Bad Economic Policy for Trump’s Win
Vern Loomis
The 17 Gun Salute
Gary Leupp
What It Means When the U.S. President Conspicuously and Publicly Removes a Speck of Dandruff from the French President’s Lapel
Robby Sherwin
The Hat
April 25, 2018
Stanley L. Cohen
Selective Outrage
Dan Kovalik
The Empire Turns Its Sights on Nicaragua – Again!
Joseph Essertier
The Abductees of Japan and Korea
Ramzy Baroud
The Ghost of Herut: Einstein on Israel, 70 Years Ago
W. T. Whitney
Imprisoned FARC Leader Faces Extradition: Still No Peace in Colombia
Manuel E. Yepe
Washington’s Attack on Syria Was a Mockery of the World
John White
My Silent Pain for Toronto and the World
Dean Baker
Bad Projections: the Federal Reserve, the IMF and Unemployment
David Schultz
Why Donald Trump Should Not be Allowed to Pardon Michael Cohen, His Friends, or Family Members
Mel Gurtov
Will Abe Shinzo “Make Japan Great Again”?
Binoy Kampmark
Enoch Powell: Blood Speeches and Anniversaries
Frank Scott
Weapons and Walls
April 24, 2018
Carl Boggs
Russia and the War Party
William A. Cohn
Carnage Unleashed: the Pentagon and the AUMF
Nathan Kalman-Lamb
The Racist Culture of Canadian Hockey
María Julia Bertomeu
On Angers, Disgusts and Nauseas
Nick Pemberton
How To Buy A Seat In Congress 101
Ron Jacobs
Resisting the Military-Now More Than Ever
Paul Bentley
A Velvet Revolution Turns Bloody? Ten Dead in Toronto
Sonali Kolhatkar
The Left, Syria and Fake News
Manuel E. Yepe
The Confirmation of Democracy in Cuba
Peter Montgomery
Christian Nationalism: Good for Politicians, Bad for America and the World
Ted Rall
Bad Drones
Jill Richardson
The Latest Attack on Food Stamps
Andrew Stewart
What Kind of Unionism is This?
Ellen Brown
Fox in the Hen House: Why Interest Rates Are Rising
April 23, 2018
Patrick Cockburn
In Middle East Wars It Pays to be Skeptical
Thomas Knapp
Just When You Thought “Russiagate” Couldn’t Get Any Sillier …
Gregory Barrett
The Moral Mask
Robert Hunziker
Chemical Madness!
David Swanson
Senator Tim Kaine’s Brief Run-In With the Law
Dave Lindorff
Starbucks Has a Racism Problem
Uri Avnery
The Great Day
Nyla Ali Khan
Girls Reduced to Being Repositories of Communal and Religious Identities in Kashmir
FacebookTwitterGoogle+RedditEmail