- The Washington Times - Monday, December 5, 2011

A German company offers surveillance technology for use against political opponents.

In Russia, a startup company sells equipment to identify a single targeted voice in digital recordings of thousands of phone calls.

In China, a company boasts software that can crack the security on any Hotmail or Gmail account.

Welcome to the global marketplace for spy technology.

Specialized equipment and secret techniques that just a few years ago were the exclusive preserve of electronic government spy bureaus such as the U.S. National Security Agency are now available to the highest bidders from companies in dozens of countries.

The private companies offer equipment and services that can eavesdrop on cellphone calls, monitor Internet activity, tap into fiber-optic cable. The equipment then can search, filter and index the vast quantity of data obtained through all this surveillance.

Privacy advocates say there is nothing to stop foreign intelligence services from using the equipment to spy on their own people - or Americans.

“Even if American companies, as they claim, only sell to governments and law enforcement, there’s no real regulation of end-users, even in the United States, let alone China and Russia,” said Christopher Soghoian, an online privacy advocate and graduate fellow at the Center for Applied Cybersecurity Research at Indiana University.

“There’s nothing to stop [this equipment from] being used in the United States,” he added. “Sure it’s illegal … but you’re never going to get caught.”

He said cellphones can be monitored easily with a widely available device called an IMSI catcher because “almost all voice traffic is unencrypted.”

“What is being done to protect Americans from this technology?” asked Mr. Soghoian, “The answer is nothing.”

Privacy International, an advocacy group based in London with which Mr. Soghoian works, and the anti-secrecy website WikiLeaks last week published a database of more than 130 companies worldwide that market Internet monitoring, phone interception, computer logging or other surveillance technologies. The database is the fruit of a yearlong investigation during which Privacy International and WikiLeaks investigators infiltrated technology sales conferences and obtained promotional materials.

Based in 25 countries, the companies include well-established entities in the U.S., Israel and Europe and upstarts in countries such as Brazil, China, India and Russia.

India-based Paladion, which says it is “the fastest-growing information security company” in Asia, claims that its tools can track encrypted banking transactions and Gmail communication.

China Top Communications, a government-owned company based in Beijing, offers a package called Internet Watcher, which it claims can decrypt the secure Web connections used by Hotmail and Gmail email systems so users’ accounts can be monitored.

“They were only one of several dozen companies all making the same claims and pushing their own brand of repressive technologies,” Privacy International researcher Eric King said.

Some of the companies active in the marketplace are large computer or communications companies that have developed niche security and surveillance businesses, alongside the sale of conventional goods and services.

Chinese telecom giant ZTE, for instance, markets surveillance products in addition to its phone networks and switching equipment. Big U.S. technology companies such as Cisco Systems Inc. and Northrop Grumman Corp. also sell surveillance equipment and services, according to the database.

Many of the companies are startups in a market that did not exist a decade ago.

Elaman, a German company that sells a British-designed cybersurveillance package called FinFisher, says buyers can use its equipment to “identify an individual’s location, their associates and members of a group, such as political opponents.”

Russia’s Speech Technology Center claims its biometric voice-recognition technology can isolate and identify hundreds of individually targeted voices from daily digital recordings of thousands of phone calls.

All of the companies say they operate within the law and sell only to government and law-enforcement agencies and other authorized users.

After the Arab Spring uprisings, though, protesters in Egypt, Libya and other countries found evidence that deposed dictators had used surveillance technology to spy on anti-government activists. Syria is using sophisticated surveillance technology to intercept even secure communication channels such as Skype.

Campaigners are calling for the law to be tightened.

“When it comes to surveillance technology, merely operating within the boundaries of current legislation and regulation is insufficient,” Privacy International spokeswoman Emma Draper said. “The fact these companies are selling what are essentially tools of political control to oppressive regimes with impunity can no longer be tolerated.”

Some observers say the situation is more complicated.

“It’s too hard a problem to resolve with a knee-jerk restriction on exports,” said Stewart Baker, a former national security official.

He said the United States faces the same problem as it did with high-technology export controls.

“Except the West doesn’t really have any obvious comparative advantage over China and Russia, as far as surveillance technology is concerned,” he said.

“We could cut off exports from Europe and the United States, and that would simply mean that the market is taken over by Chinese and Russian companies.”