2013年1月18日 星期五

Rights Group Reports on Abuses of Surveillance and Censorship Technology


Rights Group Reports on Abuses of Surveillance and Censorship Technology

A Canadian human rights monitoring group has documented the use of American-made Internet surveillance and censorship technology by more than a dozen governments, some with harsh human rights policies like Syria, China and Saudi Arabia.
The Citizen Lab Internet research group, based at the Munk School of Global Affairs at the University of Toronto, used computer servers to scan for the distinctive signature of gear made by Blue Coat Systems of Sunnyvale, Calif.

It determined that Egypt, Kuwait, Qatar, Saudi Arabia and the United Arab Emirates employed a Blue Coat system that could be used for digital censorship. The group also determined that Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey and Venezuela used equipment that could be used for surveillance and tracking.

The authors said they wanted to alert the public that there was a growing amount of surveillance and content-filtering technology distributed throughout the Internet. The technology is not restricted from export by the State Department, except to countries that are on embargo lists, like Syria, Iran and North Korea.

“Our findings support the need for national and international scrutiny of the country Blue Coat implementations we have identified, and a closer look at the global proliferation of dual-use information and communications technology,” the group noted. “We hope Blue Coat will take this as an opportunity to explain their due diligence process to ensure that their devices are not used in ways that violate human rights.”

A spokesman for Blue Coat Systems said the firm had not seen the final report and was not prepared to comment.

In 2011, several groups, including Telecomix and Citizen Lab, raised concerns that Blue Coat products were being used to find and track opponents of the Syrian government. The company initially denied that its equipment had been sold to Syria, which is subject to United States trade sanctions.

Shortly afterward, Blue Coat reversed itself and acknowledged that the systems were indeed in Syria, but it said that the devices had been shipped to a distributor in Dubai, and said that it thought that they had been destined for the Iraqi Ministry of Communications.

The Citizen Lab research project was led by Morgan Marquis-Boire and Jakub Dalek. Mr. Marquis-Boire, a Google software engineer, has during the last year been involved in a variety of research projects aimed at exposing surveillance tools used by authoritarian regimes. He said that he carefully segregated his work at Google from his human rights research.

Last year, Mr. Marquis-Boire used computer servers to identify the use of an intelligence-oriented surveillance software program, called FinSpy, which was being used by Bahrain to track opposition activists.

On a hunch last month, the researchers used the Shodan search engine, a specialized Internet tool intended to help identify computers and software services that were connected to the Internet. They were able to identify a number of the Blue Coat systems that are used for content filtering and for “deep packet inspection,” a widely used technology for detecting and controlling digital content as it travels through the Internet.

The researchers stressed that they were aware that there were both benign and harmful uses for the Blue Coat products identified as ProxySG, which functions as a Web filter, and a second system, PacketShaper, which can detect about 600 Web applications and can be used to control undesirable Web traffic.

“I’m not trying to completely demonize this technology,” Mr. Marquis-Boire said.

The researchers also noted that the equipment does not directly fall under the dual-use distinction employed by the United States government to control the sale of equipment that has both military and civilian applications, but it can be used for both political and intelligence applications by authoritarian governments.

“Syria is subject to U.S. export sanctions,” said Sarah McKune, a senior researcher at the Citizen Lab. “When it comes to other countries that aren’t subject to U.S. sanctions it’s a more difficult situation. There could still be significant human rights impact.”

The researchers also noted that a large number of American and foreign companies supplied similar gear in what Gartner, the market research firm, described as a $1.02 billion market in a report issued in May 2012.

The researchers said that some American security technology companies, like Websense, had taken strong human rights stands, but had declined to grapple with the issue of the possible misuse of the technology.


這家名為“公民實驗室”(Citizen Lab)的互聯網研究機構位於多倫多大學(University of Toronto)的蒙克全球事務學院(Munk School of Global Affairs)。研究人員採用計算機服務器掃描了步立康系統公司(Blue Coat Systems)所製造的設備的專用簽名。步立康系統公位於美國加利福尼亞州的森尼韋爾(Sunnyvale)。
結果確認,埃及、科威特、卡塔爾、沙特阿拉伯和阿拉伯聯合酋長國採用了一種步立康生產的可以用來進行數字審查的系統。該研究機構還發現,巴林、中 國、印度、印度尼西亞、伊拉克、肯雅、科威特、黎巴嫩、馬來西亞、尼日利亞、卡塔爾、俄羅斯、沙特阿拉伯、韓國、新加坡、泰國、土耳其和委內瑞拉採用了可 以用來進行監視和追蹤的設備。
“公民實驗室”研究項目由摩根·馬奎斯-博伊爾(Morgan Marquis-Boire)和雅各布·達勒克(Jakub Dalek)牽頭。馬奎斯-博伊爾是谷歌公司(Google)的一名軟件工程師,去年參與了旨在揭露威權政權採用的監控工具的一系列研究項目。他稱自己小 心地將谷歌的工作與人權研究區分開來。
“公民實驗室”高級研究員薩拉·麥丘恩(Sarah McKune)說,“敘利亞適用於美國的出口制裁措施。但是,涉及到不適用於美國制裁措施的那些國家,情況就更艱難,這些設備還是會在那些地方對人權產生嚴重影響。”
研究人員還注意到,大量的美國和海外公司在這個巨大的市場中供應類似設備。跟據市場研究公司高德納(Gartner) 2012年5月發佈的一份報告,這一市場價值10.2億美元(約合63億元人民幣)。