Where did they get the information from?
How could they know what he had told his friends on the phone?
Only when interrogators showed Abdul Ghani al Khanjar the transcripts of his text messages, the Bahraini activist began to understand; the state obviously had been intercepting and neatly recording his entire mobile communication. And because the 39-year-old teacher refused to answer the security agents’ questions, they beat him up with plastic pipes over and over again.
When finally released, al Khanjar found out how Bahrain’s security forces had been able to read all his SMS. Indeed, the authorities had used sophisticated surveillance technology to spy on him. More precisely, the Bahraini secret service had utilized a so-called Monitoring Center, a popular interception module originally produced by the German company Siemens.
In 2007, Nokia Siemens Networks (NSN) took over from Siemens, and continued to provide autocratic regimes like the one in Tehran with critical monitoring components. NSN, in turn, sold its spyware branch in 2009 to the Munich-based Trovicor GmbH, formerly a branch of Siemens itself, which is today one of the leading suppliers of surveillance equipment worldwide. Speaking to Members of the European Parliament in 2011, NSN Group Manager Barry French explained: “Monitoring Centers have a risk of raising issues related to human rights that we are not adequately suited to address.” I agree, but honestly doubt that Trovicor is more able to deal with it.
This holds true for any of the numerous companies earning good money by delivering spyware to authoritarian regimes. French company Amesys, for instance, is said to have sold monitoring systems to Muammar Gaddafi’s regime in Libya. Gamma, based in Great Britain and producing in Germany, sold their software FinFisher to Hosni Mubarak and his security apparatus in.
Traces of FinFisher were also found on servers in Brunei, Turkmenistan, Ethiopia, Latvia, Estonia, the Netherlands, Australia, the Czech Republic, Indonesia, Mongolia, Qatar and the United Arab Emirates. And Utimaco, another enterprise from Germany, is reported to have delivered IT products via Italy to Syria products that could facilitate wide-spread real-time monitoring of targeted individuals and groups.
European technology thereby allows secret services around the world to practically monitor any digital communication, on a daily basis. A combination of voice recognition and GPS tracking software makes it possible to assign vocal recordings to the movement pattern of one’s target subject. Cross-linking different surveillance data sets allows security forces to detect meetings or demonstrations on the spot, and to dissolve them before they actually start. As a result, activists are arrested and imprisoned; they disappear and become victims of torture.
According to Trovicor’s official slogan, surveillance companies are “making the world a safer place”.
“Persecution made in Europe” is what I would call it legally made in Europe, I should add.
Indeed, even though more and more cases of torture and disappearances come to the surface every day, there is still no binding European export regulation or any kind of control system in place that would prevent Trovicor, Gamma or Utimaco from freely selling their products. Of course, controlling the trade in spyware and other digital surveillance systems is more complicated than controlling conventional armament deals.
This is because surveillance technology belongs to the group of dual-use goods, which can be used for both civilian and military purposes to track terrorist combatants, for instance, but also human-rights activists. Nevertheless, an efficient control system is entirely possible, and the European Union has the necessary legislative power. Only, this would require the political willingness to do so. A majority of EU and national politicians, however, seem to prefer unrestricted trade and lax requirements.
As a consequence, even though an EU dual-use regulation exists, most monitoring technologies are not listed in its annex. Asked why, conservative and liberal politicians argue that spyware is used by police and intelligence services, not by the army, and therefore does not fall under the official dual-use definition. Simultaneously, they have made sure that legal requirements only apply to software that contains cryptologic components, allowing companies such as Trovicor or Gamma to deliberately design their software accordingly. To make it worse, the EU dual-use regulation initially applied to countries like Australia, Japan or Canada only. In 2008, it was extended to include China, Russia or the United Arab Emirates; still, many other authoritarian regimes are missing. And even though we as Greens in the European Parliament tried to do so, no effective human-rights or democracy clause, no ex-anti control system could be added to the text not least due to the direct intervention of the German ministry of economics, headed by the liberal FDP politician Rainer Brüderle at the time. His reasoning: the Green idea of an ex-ante control system would weaken the German export economy and cause “significant bureaucratic burdens” for exporters and the administration. For victims such as Abdul Ghani al Khanjar, this kind of reasoning must be painful to read. And it proves that, once again notwithstanding the principles proudly stipulated in all EU treaties and documents economic interests are given priority over democratic considerations and a cautious, human-rights-based foreign policy.
In the meantime, European technology continues to flood the global market. In Germany, for example, it is sufficient for exporters to kindly inform the Federal Office of Economics and Export Control of their wish to sell spyware to, say, the Omani secret service; they don’t need to request any kind of authorisation, and no one asks why and what for. German parliament, the Bundestag, is not informed of anything, neither are the citizens. There are even signs that the federal Government of Germany has supported such exports with export credit guarantees, so-called Hermes covers, destined at protecting German companies in the event of non-payment by foreign debtors.
But protest and public awareness are rising. Beginning of this year, the European Center for Constitutional and Human Rights as well as Reporters Without Borders and Privacy International filed a formal complaint at the Organization for Economic Cooperation and Development (OECD) against Trovicor and Gamma. The complaint asks the UK and German national OECD contact points to verify whether the technology companies have breached the organisation’s Guidelines for Multinational Enterprises by exporting surveillance products to Bahrain. To support such endeavours, my Green colleague Konstantin of Notz and I have launched an online campaign under www.frieden2punkt0.de soon to be translated, extended and re-launched in English.
Experience has shown that we cannot rely on companies to take on their social responsibility voluntarily. It needs clear rules in order to hold them accountable. Therefore, we must insist that the dual-use regulations be extended to all kinds of surveillance technologies. In this context, ex-ante control procedures are paramount. Each and every export must be checked and authorised by the European Commission before the slightest component leaves the EU, and the Commission should inform the European Parliament, national parliaments and the general public in regular reports. Most importantly, however, we need unambiguous human-rights clauses. If there is the slightest risk that European surveillance technology might be used to censor, control or persecute political movements or peaceful activists, the export must be prohibited. Non-observance must be severely sanctioned, according to principles defined by the European Union, including Parliament.
This is the least we can do to support people like Abdul Ghani al Khanjar, who fight for human rights and democracy in their countries. Actually, we have taxed their patience far too long already.