Germany exports surveillance technologies to human rights violators

By EDRi · September 10, 2014

From Mexico to Mozambique to Pakistan and beyond, there is now ample evidence that governments across the globe are using mass surveillance technologies to spy on their citizens. Who makes these technologies? And who benefits from their sales?

Germany is a major exporter of these technologies and , at the same time as digital communications privacy has become a red-hot topic for the German public, the country has become an ever-more central actor in this field.

By cross-referencing information from a massive data leak in mid-August with the results of a recent parliamentary inquiry in Germany, we have come to suspect that the majority of surveillance technologies produced by German companies have been bought and sold under the table – in other words, without a license. The German government requires licenses for the sale of technologies that are considered to be “dual use” – products that can be used for both good and ill.

At the centre of the inquiry lies the British-German company Gamma International, maker of the now infamous FinFisher surveillance toolset. Unsuspecting targets of surveillance typically end up downloading FinFisher unknowingly, just by clicking on a seemingly innocent link or email attachment. Once installed, the tool allows the user to access all stored information and monitor even encrypted communication. Keystrokes can be logged, Skype conversations recorded and cameras and microphones can be activated remotely.

Members of Germany’s parliament recently conducted an inquiry into the sale of surveillance technologies to foreign governments. In response, the German government stated that over the past decade, it has provided German companies with licenses to export surveillance technologies to at least 25 countries, many of which have long histories of human rights abuse.

The answers provided by the German government are difficult to interpret, as their documentation covers any IT system that includes surveillance technology “components”. For example, a complete national telephone system that is sold for 10 million USD in total might include a surveillance component that costs 2 million USD – but the product is listed in public documentation as 10 million USD worth of exported goods which include licensed surveillance technologies.

Importantly, the German government explicitly denied having received any request from Gamma for a license to export their FinFisher product to Bahrain or Ethiopia. Official German government documentation also does not mention exports to countries like Bangladesh, Netherlands, Estonia, Australia, Mongolia, Bahrain and Nigeria, yet there is ample evidence that FinFisher has been sold to these countries. Documents in the leaked FinFisher dump and analysis by Privacy International, suggest to us that Gamma has sold these technologies without any export licence at all.

What does this mean for the German trade in surveillance technologies? Sales of licensed surveillance technologies are tiny in comparison to the sales of unlicensed exports of FinFisher, let alone other surveillance products. Gamma is currently selling more surveillance tech than all of its other licensed exports combined. And this is just one single company – there are likely others in Germany following this business strategy. The significant gap between licensed and unlicensed elements of the surveillance technology industry shows the need for urgent and clear international regulation.

The German government also stated that it will further lobby to regulate surveillance technologies that harm human rights, a positive development that reflects an understanding of the seriousness of the issue. In light of these latest revelations, and the desire of certain parties to make this a key political issue, it is to be hoped that further changes can be made to prevent even more dangerous technologies from being exported to repressive regimes. Findings like these suggest to us that greater regulation is needed in this sector.

Leaked documents from FinFisher show that the company now believes they are or may soon be subject to export restrictions in Germany, a fact that appears to have prompted them to begin asking their clients for additional information about what the exports will be used for – this is the type of information they would need in order to comply with German export control regulations. This suggests that export regulations for surveillance technologies may be having an impact before becoming law

German companies are selling unlicensed surveillance technologies to human rights violators – and making millions (05.09.2014)

Tag Archives: FinFisher

Privacy International calls on HMRC to investigate Gamma International’s potential breach of UK export laws (26.12.2012)

EDRi: Turkish government to acquire a tool to censor social media? (18.06.2014)

(Contribution by Ben Wagner and Claudio Guarnieri, Centre for Internet & Human Rights, European University Viadrina)