Dual use telecommunication technology and export controls
Stephan Urbach, Peter Piksa, Samuel Brack
= What is dual use technology =
Dual use technology is a technology that can be used for multiple purposes. The term is especially prevalent for technology that can be used for civilian and military aims.
The Wassenaar-Agreement was signed in 1996 by 33 states. It provides consistent lists to control the export of technology which could be relevant for military use. However, each of the signing governments is self-sufficient and can decide about the actual export of these technologies on its own.
This regulation does pose quite a problem, as two states can make different decisions concerning the export of one and the same technology. This means that de facto, there’s no standardized international export control.
Hard- and software for telecommunication are listed in category 5.1 of these check lists. However, the major part of this section refers to hardware which can be used for jamming telepones and radiocommunication. Category 5.2 lists hard- and software that is able to provide cryptography.
= Problem =
In particular, technology suitable to enable broad Internet surveillance and control can, when exported, be hidden inside technology with “ordinary” functions (e.g. network management software). Devices by BlueCoat which are produced for huge corporate networks can serve as an example here. Hints that e.g. Internet access can be blocked easily (few big access providers in the country, almost no connection cables to the outside world) should perhaps become a part of future assessment criteria for export regulations to certain countries. Centralistically designed networks such as GSM can be more easily censored and monitored. Therefore, technology linked with such systems should be observed with increased care.
A core problem of the dual use of digital technology is that there’s no way to know whether it is used for good or bad purposes. For instance a knife can at the same time be used for buttering bread as well as for committing a murder. Conveyed to digital technology, these multiple usages mean that, for example, an access control function can always “only” be used for recording unauthorized websites through the company management, but at the same time this technology would enable an correspondingly minded state official to apply widespread censorship.
The “Opennet Iniative” published a report about the potential misuse of censorship and surveillance technologies. This report demonstrates the way repressive regimes in the middle east used western technology to forbid Internet access to NGOs, and other similar government critics.
To provide examples it is possible to name Netsweeper and Websense, some western manufactured products. Boths products are used in democracies especially by companies which evitably try to increase the productivity of their employees this way. The same databases which are used to index – and by that categorize – webcontent, simultaneously enable regimes to supress the flow of communication in the middle east.
With catchwords like
* Social networking threat protection,
* Bandwidth management or
* Application delivery network
the company Bluecoat for example solicits a product named “ProxySG 900/9000″, a powerful platform for real-time-based analysis and blocking of webcontent. Although such products can in fact be used for legit causes, by the end of August 2011 it became evident that the Syrian government abused Bluecoat’s product to subjugate dissident communication via the Internet.
In this context, the enforceability of the requirement that such products may not be (mis)used “against the people” seems questionable. The problem is an inherent one which can’t be solved by the fact that the customer to not be “ill-meaning” at the time of purchase – as soon as the product is in use, it only requires the takeover of a new operator to invalidate this argument. In case of a government change said product formerly used “for good causes” can easily be converted into one used for repression.
A case comparable to that of Syria became public in connection with the late Libyan governor Muamar al Gaddafi: Insights gained from interception technology used by Gaddafi lead to the murdering of dissidents.
Although a trade embargo that renders the export of such hardware subject to approval has been imposed on Syria, im-/export over third party states is still possible. This problem has to be approached promptly.
= Perspective =
If there’s no increase in export controls on communication media, cases like Egypt, Syria and Libya will repeat and many people who try to communicate freely in an oppressive system will be detained from doing so or even need to fear oppression for stating their opinion. Since Germany as an important producer of those communication devices is responsible, according export regulations have to be a matter of course.
A fist and important step is the publication of technology exports to foreign countries. A transparent illustration of the exports empowers the public to follow who delivered technology to suppressing governments and is therefore an instrument to create political pressure. Let us go these first steps.
[1] http://opennet.net/sites/opennet.net/files/ONI_WestCensoringEast.pdf
[2] http://www.bluecoat.com/sites/default/files/products/datasheets/bcs_ds_fullproxy_900-9000_v5k.pdf
[3] http://www.spiegel.de/politik/ausland/0,1518,784079,00.html
Source: http://interfax.werebuild.eu/2011/11/18/dual-use-telecommunication-technology-and-export-controls/