Moussa
2011-12-28 04:24:10 UTC
Israel Didn’t Know High-Tech Gear Was Sent to Iran
By Ben Elgin - Fri Dec 23 18:16:25 GMT 2011
The clandestine arrangement worked smoothly for years. The Israeli company
shipped its Internet- monitoring equipment to a distributor in Denmark. Once
there, workers stripped away the packaging and removed the labels.
Then they sent it to a man named “Hossein” in Iran, an amiable technology
distributor known to them only by his first name and impeccable English, say
his partners in Israel and Denmark.
Israeli trade, customs and defense officials say their departments didn’t
know that the systems for peering into Internet traffic, sold under the
brand name NetEnforcer, had gone to a country whose leaders have called for
the destruction of the Jewish state. Israel’s ban on trade with its enemy
failed, even though a paper trail on the deals was available in Denmark.
The transactions illustrate how ineffective governments have been in
blocking a global trade in new, intrusive surveillance technologies that
authoritarian regimes can use as weapons for repression. Such gear from
Western companies -- including tools that intercept e-mails and text
messages, record Internet activity and map cell phone locations -- has been
used to track and torture dissidents in countries including Iran, Bahrain,
Syria and Tunisia, a Bloomberg News investigation this year showed. It’s
unclear who Hossein’s customers were, or how the technology may have been
used in Iran.
‘Dirty Trade’
“The fact that the most murderous regimes are using Western technologies for
surveillance highlights the fact that the current framework for controlling
this dirty trade is not working,” says Brett Solomon, executive director of
Access, a New York-based nonprofit that promotes online freedom. “How long
are the innocent people of Syria and Iran to wait before Congress and the EU
turn words into law?”
Yet there are ways to stem the flow of such technology, which can be used as
a weapon but isn’t regulated like one. Many companies selling surveillance
equipment that connects to the Internet have the ability to monitor their
own customers, and governments could require them to do so while tightening
export laws.
Anything connected to the Internet “can phone home and provide some sort of
location data,” says Jon Oltsik, senior principal analyst at Milford,
Massachusetts-based Enterprise Strategy Group, a technology consulting firm.
Companies often stay in touch with their products to send software updates,
and can also examine customers’ Internet addresses to determine where the
equipment is, he says.
The method has already proved effective, stymieing Syrian efforts to
circumvent the U.S. embargo during a crackdown that has killed more than
5,000 people.
‘Is Ignorance Bliss?’
San Diego-based Websense, Inc., a maker of Internet- filtering software,
routinely scans the Internet addresses of prospective buyers, as well as its
40,000 existing customers, in order to prevent its products from going to
embargoed countries or falling into the wrong hands, says Michael Newman,
the company’s general counsel and interim chief financial officer.
In October, Websense blocked sales to two potential buyers, who listed their
physical addresses in Switzerland and the United Arab Emirates, but who
asked for the product to be downloaded to Internet addresses that the
company traced to Syria.
“Companies should be taking these steps,” Newman says. “The question is, how
much are you trying to know? Or is ignorance bliss?”
Spotting Locations
Such steps could have helped Blue Coat Systems Inc., a Sunnyvale,
California-based maker of Web security and filtering products. Telecomix, a
group that promotes online freedom, earlier this year uncovered computer
logs that showed the company’s machines being used in Syria to filter
Internet sites.
Blue Coat says its products were illegally shipped to Syria by a distributor
and it had been unaware they were there. Spokesman Steve Schick declined
further comment on the Syria sales, citing an ongoing investigation by the
Department of Commerce.
Had Blue Coat been paying attention to the Internet addresses when
connecting with its deployed machines, it would have spotted the suspect
locations, says Peter Fein, a Chicago- based member of Telecomix.
“Claiming a lack of knowledge is no excuse anymore,” says Solomon, of
Access. “Technology can be used as a weapon and should be treated with the
same care and sold with the same due diligence.”
Violent Repression
In this growing industry, with sales estimated at $3 billion to $5 billion,
the potential for human rights abuse is profound. The 10-month investigation
by Bloomberg News documented use of Western surveillance technology in
political crackdowns and violent repression by governments across the Middle
East and North Africa.
In Bahrain, authorities used European equipment to intercept phone calls and
text messages of activists, who were confronted with details of their
communications while being arrested and tortured. Amid Syria’s uprising,
construction moved forward on a $17 million Internet surveillance system
built with U.S., French, German and Italian technology.
“Stopping this trade is a shared responsibility across government and
business,” says Meg Roggensack, an adjunct professor at the Georgetown
University Law Center in Washington, D.C., and a senior advisor to Human
Rights First, a non-profit organization based in New York and Washington.
“It is extremely urgent. This is playing out in real time with real
consequences for real people.”
Restricting Trade
Western governments are now trying to better regulate the trade. The
European Union restricted sales of the technology to Syria after Bloomberg
News exposed the project in that country. A bill introduced in the U.S.
House of Representatives on Dec. 8 would bar sales of surveillance
technologies by American companies to repressive regimes.
The U.K.’s Business Minister, Judith Wilcox, said the government was
examining a block on the sale of mobile-phone surveillance software to Iran
and Syria after Bloomberg News reported a British company sold
location-tracking technology to Iran this year for use by the regime’s law
enforcement.
Yet efforts to date have stumbled. After the U.S. Congress in 2010
prohibited government business with any company selling equipment to Iran
that would restrict the flow of information or speech of its citizens, no
companies were identified. Under current EU rules, each member state makes
its own export decisions, which allows regulatory gaps.
Trusting Distributors
“Right now, we’re not even trying,” says Marietje Schaake, a Dutch member of
the European Parliament who is pushing for EU-wide standards. “The digital
arms trade needs more scrutiny and regulations.”
Even when they impose bans, governments struggle to track surveillance
sales. Often, technology vendors rely on distributors to sell their
products, and simply trust that it isn’t falling into hands that will abuse
it.
The shipments of Internet-inspection equipment from Israel to Iran
illustrate the enforcement loopholes.
Allot Communications Ltd., a Hod Hasharon, Israel-based firm whose stock
trades on Nasdaq and the Tel Aviv Stock Exchange and which reported $57
million in sales last year, sold its systems to a Randers, Denmark-based
technology distributor.
Workers at that company, RanTek A/S, repackaged the gear and shipped it to
Iran, according to four former employees of Allot and RanTek. The shipments
were legal under Danish law.
Skirting a Ban
A sale as early as 2006 is corroborated by an export license application
filed by RanTek, though the name of the customer in Iran was redacted by
Danish authorities who provided the document to Bloomberg News.
The former employees identified the buyer as the technology distributor,
Hossein.
The sales skirted a strict Israeli ban that prohibits “trading with the
enemy,” including any shipments that reach Iran, Syria and Lebanon.
“This covers everything,” says Gavriel Bar, manager of the Middle East
department at Israel’s Ministry of Industry, Trade and Labor. “Imports,
exports, direct, indirect. An Israeli company is not allowed to trade with
Iran in any way.”
Israeli lawmaker Nachman Shai called for a parliamentary investigation
today, and the country’s Defense Ministry said it had begun to examine the
report. Allot shares fell 5.1 percent to $15.84 at 11:04 a.m. in New York,
after earlier plunging as much as 13 percent.
Three former sales employees for Allot say it was well known inside the
company that the equipment was headed for Iran. Allot officials say they
have no knowledge of their equipment going there and are looking into RanTek’s
sales.
‘Breach of Contract’
“We do not authorize any sales to Iran,” says Jay Kalish, executive director
of investor relations at Allot. If its products were shipped there by
RanTek, it would be a “breach of contract,” he says.
Kalish says it’s challenging to track where its products go after they’ve
been sold. Customers often don’t connect digitally to Allot, making
electronic tracking difficult. The company has hundreds of distributors and
their products have even appeared for sale on eBay, he says.
Allot said in a statement today that its policy is to comply fully with
Israeli and non-Israeli laws, including all applicable export laws and
regulations.
The product sold by Allot, NetEnforcer, conducts “deep- packet inspection”
of networks. The technology has commercial uses, such as helping a mobile
network operator prioritize certain types of traffic or eliminating spam.
Deep-Packet Inspection
But deep-packet inspection has also been used to snoop into e-mails in
countries including Tunisia, even allowing officials to change the contents,
Bloomberg News found. It can also prevent activists from using the Web
anonymously, leading to arrest and torture in countries such as Iran, says
Ben Wagner, of the European University Institute near Florence, Italy, who
has studied the technology.
“I cannot conceive a way that DPI could be exported to Iran without a
concern,” he says.
Allot’s Kalish says the equipment sold through RanTek was best suited for
managing a company’s Internet traffic and lacked the capacity for wide-scale
Internet surveillance.
RanTek officials didn’t respond to e-mails and phone calls seeking comment.
The lax controls on the Israeli technology shipments, which didn’t require
export licenses, contrast with tighter restrictions on weapons sales, which
do need licenses.
Companies such as Allot are almost on an honor system to comply with the
rules, says Rifat Azam, a professor of international business law at the
Interdisciplinary Center, a private university in Herzliya, Israel.
Reputational Risk
In the absence of strong laws and policing, bad press and the threat of
reputational damage has spurred companies to curb dealings with repressive
regimes.
Area SpA called off construction of the Internet surveillance system in
Syria only after Bloomberg’s story was picked up by Italy’s major newspapers
and sparked a protest by Syrian and Internet-freedom activists outside the
company’s headquarters near Milan. The coverage also spurred an online
petition by Access that gathered more than 10,000 signatures calling for a
stop to the Syria project.
Paris-based Qosmos SA, which had supplied deep-packet inspection probes for
Area’s Syria system, said when contacted for the story that it had already
decided to pull out. Qosmos’s head of marketing, Erik Larsson, later added
that the company would exit all work in interception and focus on other uses
of the technology, such as market research and network management.
Suspending Business
“We don’t want to be in that business because we don’t have the control and
there’s not enough regulation,” he said. “If you’re using it to track down
opponents and torturing them and killing them, then the technology is in the
wrong hands.”
In the case of Iran, Dublin-based AdaptiveMobile Security Ltd. had sold and
proposed systems for blocking and filtering text messages. When asked about
the Iran business for a Bloomberg News story, the company said it plans to
cease doing business in Iran when its contract is up in 2012, because
continuing in the country’s current political climate could damage its
reputation.
Measures that governments could take include examining the trade records of
foreign customers. Such checks of public records in Denmark would have
exposed the shipments of Israeli goods to Iran.
For now, self-regulation by companies may be critical to any recipe for
change.
In a Dec. 8 speech, U.S. Secretary of State Hillary Clinton said lawmakers’
efforts to employ sanctions and control surveillance exports will only go
part of the way.
Remote Shut-Down
“In the 21st century, smart companies have to act before they find
themselves in the crosshairs of controversy,” she said.
Websense says self-policing kept it from falling afoul of Syria sanctions in
October. The company also can refuse to provide updates, shutting down a
product within weeks if it moves to a location where Websense doesn’t want
it or if the company finds it’s being used for repression, Newman says.
It took such steps in 2009, for example, when it learned that two of its
customers in Yemen were using its products to carry out government
censorship of the Internet, says Newman.
In a digital arms race that pits repressive regimes against their citizens,
says Access executive director Solomon, anything that loosens the tyrants’
grip on electronic communications might just save lives.
-- With assistance from Jonathan Ferziger in Tel Aviv, Vernon Silver in Rome
and Frances Schwartzkopff in Copenhagen. Editors: Marcia Myers, Melissa
Pozsgay
To contact the reporter on this story: Ben Elgin in San Francisco at
***@bloomberg.net
To contact the editor responsible for this story: Melissa Pozsgay at
***@bloomberg.net; Marcia Myers at ***@bloomberg.net
By Ben Elgin - Fri Dec 23 18:16:25 GMT 2011
The clandestine arrangement worked smoothly for years. The Israeli company
shipped its Internet- monitoring equipment to a distributor in Denmark. Once
there, workers stripped away the packaging and removed the labels.
Then they sent it to a man named “Hossein” in Iran, an amiable technology
distributor known to them only by his first name and impeccable English, say
his partners in Israel and Denmark.
Israeli trade, customs and defense officials say their departments didn’t
know that the systems for peering into Internet traffic, sold under the
brand name NetEnforcer, had gone to a country whose leaders have called for
the destruction of the Jewish state. Israel’s ban on trade with its enemy
failed, even though a paper trail on the deals was available in Denmark.
The transactions illustrate how ineffective governments have been in
blocking a global trade in new, intrusive surveillance technologies that
authoritarian regimes can use as weapons for repression. Such gear from
Western companies -- including tools that intercept e-mails and text
messages, record Internet activity and map cell phone locations -- has been
used to track and torture dissidents in countries including Iran, Bahrain,
Syria and Tunisia, a Bloomberg News investigation this year showed. It’s
unclear who Hossein’s customers were, or how the technology may have been
used in Iran.
‘Dirty Trade’
“The fact that the most murderous regimes are using Western technologies for
surveillance highlights the fact that the current framework for controlling
this dirty trade is not working,” says Brett Solomon, executive director of
Access, a New York-based nonprofit that promotes online freedom. “How long
are the innocent people of Syria and Iran to wait before Congress and the EU
turn words into law?”
Yet there are ways to stem the flow of such technology, which can be used as
a weapon but isn’t regulated like one. Many companies selling surveillance
equipment that connects to the Internet have the ability to monitor their
own customers, and governments could require them to do so while tightening
export laws.
Anything connected to the Internet “can phone home and provide some sort of
location data,” says Jon Oltsik, senior principal analyst at Milford,
Massachusetts-based Enterprise Strategy Group, a technology consulting firm.
Companies often stay in touch with their products to send software updates,
and can also examine customers’ Internet addresses to determine where the
equipment is, he says.
The method has already proved effective, stymieing Syrian efforts to
circumvent the U.S. embargo during a crackdown that has killed more than
5,000 people.
‘Is Ignorance Bliss?’
San Diego-based Websense, Inc., a maker of Internet- filtering software,
routinely scans the Internet addresses of prospective buyers, as well as its
40,000 existing customers, in order to prevent its products from going to
embargoed countries or falling into the wrong hands, says Michael Newman,
the company’s general counsel and interim chief financial officer.
In October, Websense blocked sales to two potential buyers, who listed their
physical addresses in Switzerland and the United Arab Emirates, but who
asked for the product to be downloaded to Internet addresses that the
company traced to Syria.
“Companies should be taking these steps,” Newman says. “The question is, how
much are you trying to know? Or is ignorance bliss?”
Spotting Locations
Such steps could have helped Blue Coat Systems Inc., a Sunnyvale,
California-based maker of Web security and filtering products. Telecomix, a
group that promotes online freedom, earlier this year uncovered computer
logs that showed the company’s machines being used in Syria to filter
Internet sites.
Blue Coat says its products were illegally shipped to Syria by a distributor
and it had been unaware they were there. Spokesman Steve Schick declined
further comment on the Syria sales, citing an ongoing investigation by the
Department of Commerce.
Had Blue Coat been paying attention to the Internet addresses when
connecting with its deployed machines, it would have spotted the suspect
locations, says Peter Fein, a Chicago- based member of Telecomix.
“Claiming a lack of knowledge is no excuse anymore,” says Solomon, of
Access. “Technology can be used as a weapon and should be treated with the
same care and sold with the same due diligence.”
Violent Repression
In this growing industry, with sales estimated at $3 billion to $5 billion,
the potential for human rights abuse is profound. The 10-month investigation
by Bloomberg News documented use of Western surveillance technology in
political crackdowns and violent repression by governments across the Middle
East and North Africa.
In Bahrain, authorities used European equipment to intercept phone calls and
text messages of activists, who were confronted with details of their
communications while being arrested and tortured. Amid Syria’s uprising,
construction moved forward on a $17 million Internet surveillance system
built with U.S., French, German and Italian technology.
“Stopping this trade is a shared responsibility across government and
business,” says Meg Roggensack, an adjunct professor at the Georgetown
University Law Center in Washington, D.C., and a senior advisor to Human
Rights First, a non-profit organization based in New York and Washington.
“It is extremely urgent. This is playing out in real time with real
consequences for real people.”
Restricting Trade
Western governments are now trying to better regulate the trade. The
European Union restricted sales of the technology to Syria after Bloomberg
News exposed the project in that country. A bill introduced in the U.S.
House of Representatives on Dec. 8 would bar sales of surveillance
technologies by American companies to repressive regimes.
The U.K.’s Business Minister, Judith Wilcox, said the government was
examining a block on the sale of mobile-phone surveillance software to Iran
and Syria after Bloomberg News reported a British company sold
location-tracking technology to Iran this year for use by the regime’s law
enforcement.
Yet efforts to date have stumbled. After the U.S. Congress in 2010
prohibited government business with any company selling equipment to Iran
that would restrict the flow of information or speech of its citizens, no
companies were identified. Under current EU rules, each member state makes
its own export decisions, which allows regulatory gaps.
Trusting Distributors
“Right now, we’re not even trying,” says Marietje Schaake, a Dutch member of
the European Parliament who is pushing for EU-wide standards. “The digital
arms trade needs more scrutiny and regulations.”
Even when they impose bans, governments struggle to track surveillance
sales. Often, technology vendors rely on distributors to sell their
products, and simply trust that it isn’t falling into hands that will abuse
it.
The shipments of Internet-inspection equipment from Israel to Iran
illustrate the enforcement loopholes.
Allot Communications Ltd., a Hod Hasharon, Israel-based firm whose stock
trades on Nasdaq and the Tel Aviv Stock Exchange and which reported $57
million in sales last year, sold its systems to a Randers, Denmark-based
technology distributor.
Workers at that company, RanTek A/S, repackaged the gear and shipped it to
Iran, according to four former employees of Allot and RanTek. The shipments
were legal under Danish law.
Skirting a Ban
A sale as early as 2006 is corroborated by an export license application
filed by RanTek, though the name of the customer in Iran was redacted by
Danish authorities who provided the document to Bloomberg News.
The former employees identified the buyer as the technology distributor,
Hossein.
The sales skirted a strict Israeli ban that prohibits “trading with the
enemy,” including any shipments that reach Iran, Syria and Lebanon.
“This covers everything,” says Gavriel Bar, manager of the Middle East
department at Israel’s Ministry of Industry, Trade and Labor. “Imports,
exports, direct, indirect. An Israeli company is not allowed to trade with
Iran in any way.”
Israeli lawmaker Nachman Shai called for a parliamentary investigation
today, and the country’s Defense Ministry said it had begun to examine the
report. Allot shares fell 5.1 percent to $15.84 at 11:04 a.m. in New York,
after earlier plunging as much as 13 percent.
Three former sales employees for Allot say it was well known inside the
company that the equipment was headed for Iran. Allot officials say they
have no knowledge of their equipment going there and are looking into RanTek’s
sales.
‘Breach of Contract’
“We do not authorize any sales to Iran,” says Jay Kalish, executive director
of investor relations at Allot. If its products were shipped there by
RanTek, it would be a “breach of contract,” he says.
Kalish says it’s challenging to track where its products go after they’ve
been sold. Customers often don’t connect digitally to Allot, making
electronic tracking difficult. The company has hundreds of distributors and
their products have even appeared for sale on eBay, he says.
Allot said in a statement today that its policy is to comply fully with
Israeli and non-Israeli laws, including all applicable export laws and
regulations.
The product sold by Allot, NetEnforcer, conducts “deep- packet inspection”
of networks. The technology has commercial uses, such as helping a mobile
network operator prioritize certain types of traffic or eliminating spam.
Deep-Packet Inspection
But deep-packet inspection has also been used to snoop into e-mails in
countries including Tunisia, even allowing officials to change the contents,
Bloomberg News found. It can also prevent activists from using the Web
anonymously, leading to arrest and torture in countries such as Iran, says
Ben Wagner, of the European University Institute near Florence, Italy, who
has studied the technology.
“I cannot conceive a way that DPI could be exported to Iran without a
concern,” he says.
Allot’s Kalish says the equipment sold through RanTek was best suited for
managing a company’s Internet traffic and lacked the capacity for wide-scale
Internet surveillance.
RanTek officials didn’t respond to e-mails and phone calls seeking comment.
The lax controls on the Israeli technology shipments, which didn’t require
export licenses, contrast with tighter restrictions on weapons sales, which
do need licenses.
Companies such as Allot are almost on an honor system to comply with the
rules, says Rifat Azam, a professor of international business law at the
Interdisciplinary Center, a private university in Herzliya, Israel.
Reputational Risk
In the absence of strong laws and policing, bad press and the threat of
reputational damage has spurred companies to curb dealings with repressive
regimes.
Area SpA called off construction of the Internet surveillance system in
Syria only after Bloomberg’s story was picked up by Italy’s major newspapers
and sparked a protest by Syrian and Internet-freedom activists outside the
company’s headquarters near Milan. The coverage also spurred an online
petition by Access that gathered more than 10,000 signatures calling for a
stop to the Syria project.
Paris-based Qosmos SA, which had supplied deep-packet inspection probes for
Area’s Syria system, said when contacted for the story that it had already
decided to pull out. Qosmos’s head of marketing, Erik Larsson, later added
that the company would exit all work in interception and focus on other uses
of the technology, such as market research and network management.
Suspending Business
“We don’t want to be in that business because we don’t have the control and
there’s not enough regulation,” he said. “If you’re using it to track down
opponents and torturing them and killing them, then the technology is in the
wrong hands.”
In the case of Iran, Dublin-based AdaptiveMobile Security Ltd. had sold and
proposed systems for blocking and filtering text messages. When asked about
the Iran business for a Bloomberg News story, the company said it plans to
cease doing business in Iran when its contract is up in 2012, because
continuing in the country’s current political climate could damage its
reputation.
Measures that governments could take include examining the trade records of
foreign customers. Such checks of public records in Denmark would have
exposed the shipments of Israeli goods to Iran.
For now, self-regulation by companies may be critical to any recipe for
change.
In a Dec. 8 speech, U.S. Secretary of State Hillary Clinton said lawmakers’
efforts to employ sanctions and control surveillance exports will only go
part of the way.
Remote Shut-Down
“In the 21st century, smart companies have to act before they find
themselves in the crosshairs of controversy,” she said.
Websense says self-policing kept it from falling afoul of Syria sanctions in
October. The company also can refuse to provide updates, shutting down a
product within weeks if it moves to a location where Websense doesn’t want
it or if the company finds it’s being used for repression, Newman says.
It took such steps in 2009, for example, when it learned that two of its
customers in Yemen were using its products to carry out government
censorship of the Internet, says Newman.
In a digital arms race that pits repressive regimes against their citizens,
says Access executive director Solomon, anything that loosens the tyrants’
grip on electronic communications might just save lives.
-- With assistance from Jonathan Ferziger in Tel Aviv, Vernon Silver in Rome
and Frances Schwartzkopff in Copenhagen. Editors: Marcia Myers, Melissa
Pozsgay
To contact the reporter on this story: Ben Elgin in San Francisco at
***@bloomberg.net
To contact the editor responsible for this story: Melissa Pozsgay at
***@bloomberg.net; Marcia Myers at ***@bloomberg.net