2013年1月18日 星期五

Rights Group Reports on Abuses of Surveillance and Censorship Technology

 

Rights Group Reports on Abuses of Surveillance and Censorship Technology

A Canadian human rights monitoring group has documented the use of American-made Internet surveillance and censorship technology by more than a dozen governments, some with harsh human rights policies like Syria, China and Saudi Arabia.
The Citizen Lab Internet research group, based at the Munk School of Global Affairs at the University of Toronto, used computer servers to scan for the distinctive signature of gear made by Blue Coat Systems of Sunnyvale, Calif.

It determined that Egypt, Kuwait, Qatar, Saudi Arabia and the United Arab Emirates employed a Blue Coat system that could be used for digital censorship. The group also determined that Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey and Venezuela used equipment that could be used for surveillance and tracking.

The authors said they wanted to alert the public that there was a growing amount of surveillance and content-filtering technology distributed throughout the Internet. The technology is not restricted from export by the State Department, except to countries that are on embargo lists, like Syria, Iran and North Korea.

“Our findings support the need for national and international scrutiny of the country Blue Coat implementations we have identified, and a closer look at the global proliferation of dual-use information and communications technology,” the group noted. “We hope Blue Coat will take this as an opportunity to explain their due diligence process to ensure that their devices are not used in ways that violate human rights.”

A spokesman for Blue Coat Systems said the firm had not seen the final report and was not prepared to comment.

In 2011, several groups, including Telecomix and Citizen Lab, raised concerns that Blue Coat products were being used to find and track opponents of the Syrian government. The company initially denied that its equipment had been sold to Syria, which is subject to United States trade sanctions.

Shortly afterward, Blue Coat reversed itself and acknowledged that the systems were indeed in Syria, but it said that the devices had been shipped to a distributor in Dubai, and said that it thought that they had been destined for the Iraqi Ministry of Communications.

The Citizen Lab research project was led by Morgan Marquis-Boire and Jakub Dalek. Mr. Marquis-Boire, a Google software engineer, has during the last year been involved in a variety of research projects aimed at exposing surveillance tools used by authoritarian regimes. He said that he carefully segregated his work at Google from his human rights research.

Last year, Mr. Marquis-Boire used computer servers to identify the use of an intelligence-oriented surveillance software program, called FinSpy, which was being used by Bahrain to track opposition activists.

On a hunch last month, the researchers used the Shodan search engine, a specialized Internet tool intended to help identify computers and software services that were connected to the Internet. They were able to identify a number of the Blue Coat systems that are used for content filtering and for “deep packet inspection,” a widely used technology for detecting and controlling digital content as it travels through the Internet.

The researchers stressed that they were aware that there were both benign and harmful uses for the Blue Coat products identified as ProxySG, which functions as a Web filter, and a second system, PacketShaper, which can detect about 600 Web applications and can be used to control undesirable Web traffic.

“I’m not trying to completely demonize this technology,” Mr. Marquis-Boire said.

The researchers also noted that the equipment does not directly fall under the dual-use distinction employed by the United States government to control the sale of equipment that has both military and civilian applications, but it can be used for both political and intelligence applications by authoritarian governments.

“Syria is subject to U.S. export sanctions,” said Sarah McKune, a senior researcher at the Citizen Lab. “When it comes to other countries that aren’t subject to U.S. sanctions it’s a more difficult situation. There could still be significant human rights impact.”

The researchers also noted that a large number of American and foreign companies supplied similar gear in what Gartner, the market research firm, described as a $1.02 billion market in a report issued in May 2012.

The researchers said that some American security technology companies, like Websense, had taken strong human rights stands, but had declined to grapple with the issue of the possible misuse of the technology.

中國網絡審查技術:美國製造?


加拿大一家人權觀察機構發佈報告稱,有十多個國家的政府採用美國公司開發的互聯網監視和審查技術進行網絡監控,其中包括一些有着嚴苛人權政策的國家,比如敘利亞、中國和沙特阿拉伯。
這家名為“公民實驗室”(Citizen Lab)的互聯網研究機構位於多倫多大學(University of Toronto)的蒙克全球事務學院(Munk School of Global Affairs)。研究人員採用計算機服務器掃描了步立康系統公司(Blue Coat Systems)所製造的設備的專用簽名。步立康系統公位於美國加利福尼亞州的森尼韋爾(Sunnyvale)。
結果確認,埃及、科威特、卡塔爾、沙特阿拉伯和阿拉伯聯合酋長國採用了一種步立康生產的可以用來進行數字審查的系統。該研究機構還發現,巴林、中 國、印度、印度尼西亞、伊拉克、肯雅、科威特、黎巴嫩、馬來西亞、尼日利亞、卡塔爾、俄羅斯、沙特阿拉伯、韓國、新加坡、泰國、土耳其和委內瑞拉採用了可 以用來進行監視和追蹤的設備。
研究人員稱,他們希望警告大眾,互聯網上遍布着越來越多的監視和內容過濾技術。這些技術不受美國國務院的出口限制,除了敘利亞、伊朗和朝鮮等已在禁運名單中的國家。
“我們的發現證明,美國和國際社會有必要審查我們發現的採用步立康系統的國家,還有必要更密切地關注軍民兩用類的信息和通訊技術的全球擴散,”該機構稱。“我們希望,步立康抓住這次機會,解釋公司的盡職調查過程,從而保證他們的設備不被用於違反人權的領域。”
步立康的發言人稱,公司尚未看到最終報告,因而不準備予以評論。
2011年,包括“電子公社”(Telecomix)和“公民實驗室”在內的數個組織擔憂地表示,步立康的產品被敘利亞政府用於查找和追蹤反對派。一開始,步立康否認自家設備出售到了美國貿易制裁名單上的敘利亞。
不久之後,步立康轉變立場,承認有一些系統設備確實在敘利亞,但公司稱這些設備運送給了迪拜的一家分銷商,他們本以為最終的客戶是伊拉克通信部。
“公民實驗室”研究項目由摩根·馬奎斯-博伊爾(Morgan Marquis-Boire)和雅各布·達勒克(Jakub Dalek)牽頭。馬奎斯-博伊爾是谷歌公司(Google)的一名軟件工程師,去年參與了旨在揭露威權政權採用的監控工具的一系列研究項目。他稱自己小 心地將谷歌的工作與人權研究區分開來。
去年,馬奎斯-博伊爾採用計算機服務器發現了一款名為FinSpy的軟件程序的使用跡象。FinSky是以搜集情報為目的的監控軟件,被巴林用來追蹤反對派活動人士。
上個月,研究人員突發奇想,使用了Shodan搜索引擎。這種專業互聯網工具旨在協助指認聯網的計算機及軟件服務。他們發現,許多步立康的系統被用來進行內容過濾和“深度包檢測”。“深度包檢測”技術被廣泛用於監測和控制互聯網中流轉的電子內容。
研究人員強調,他們明白步立康的產品ProxySG和PacketShaper都可以用於好壞兩個方面。ProxySG的功能是網絡過濾,而PacketShaper系統不僅可以監測約600個網絡應用程序,還可以用來控制令人不快的網絡流量。
“我不是要全盤妖魔化這種技術,”馬奎斯-博伊爾說。
研究人員也注意到,這種設備並不完全符合美國政府的“兩用”定義,但它可以被威權政府用於政治和情報目的。美國政府施行“兩用”分類來控制既可以軍用、又可以民用的設備的銷售。
“公民實驗室”高級研究員薩拉·麥丘恩(Sarah McKune)說,“敘利亞適用於美國的出口制裁措施。但是,涉及到不適用於美國制裁措施的那些國家,情況就更艱難,這些設備還是會在那些地方對人權產生嚴重影響。”
研究人員還注意到,大量的美國和海外公司在這個巨大的市場中供應類似設備。跟據市場研究公司高德納(Gartner) 2012年5月發佈的一份報告,這一市場價值10.2億美元(約合63億元人民幣)。
研究人員稱,一些像網感公司(Websense)這樣的美國安全技術公司,雖然人權立場強硬,但也不願糾纏於技術可能被濫用的問題。
翻譯:黃錚

沒有留言: