Selling Software That Kills

The government of Syria uses made-in-California technology from BlueCoat Systems to censor the Internet and spy on its pro-democracy activists (who are regularly arrested and tortured, not to mention slaughtered wholesale.) Amesys of France and FinFisher of the UK aided brutal dictators in Egypt and Libya. Sweden’s Teliasonera allegedly took up the same cudgel in Belarus, Uzbekistan, Azerbaijan, Tajikistan, Georgia and Kazakhstan. McAfee and Nokia Siemens have done the same in Bahrain, Saudi Arabia and Kuwait.

Meanwhile, back in the USSA, Bain Capital recently bought a Chinese video-surveillance company reportedly “used to intimidate and monitor political and religious dissidents,” and Cisco “has marketed its routers to China specifically as a tool of repression.” You can’t help but be impressed by how globalized the oppression-technology industry has become.

So what privacy/surveillance story caused an eruption of outrage this week? Yes, you guessed it: SceneTap, a startup that uses facial-recognition software to (anonymously) track demographics at bars and clubs in major American cities in real time. Forget the dissidents risking their lives for democracy: what matters is that the hipsters are creeped out!

Needless to say, the companies in question tend to dodge responsibility with bland buck-passing PR patter that knowingly turns a blind eye to oppression and brutality: “Obviously what an individual customer would do with a product once they acquire it is beyond our control.” (Apparently it never crossed their minds that it’s eminently possible to build technical controls into their product, to filter the filters.) “It’s a legal business […] Ultimately people who use this technology to infringe human rights are responsible for their actions.”

This is of course complete bullshit. Whether you’re a company or a person, there’s really no excuse for helping repressive regimes to track and hunt down their dissidents, and “What? Me? Responsible? All I did was give the AK-47 to the psychotic serial killer, how was I supposed to know how he was going to use it?” is almost worse than no defense at all.

The EFF has proposed a “know your customer” process similar to that used for the Foreign Corrupt Practices act and export regulations. It has largely been ignored. Not a good sign. The oppression industry is bad enough now … but if nothing happens, it’s going to get a whole lot worse.

There’s a desperate information war going on in Syria right now, between pro-democracy dissidents and their international allies on one side, and a shadowy and remarkably sophisticated group of pro-government hackers on the other. Right now that war’s being fought mostly on the desktop. But wait until Android phones become ubiquitous in oppressed nations. (Not iPhones; too expensive.) Unlike desktops, unless they’re rooted, Androids typically are — or at least can be — essentially controlled from birth by their manufacturers and their national carriers … who will naturally be incredibly susceptible to government pressures to install hidden spyware and malware.

Imagine an authoritarian nation where everyone has a phone running a government-customized version of Android — indeed, is required to have one, because every phone is an eye and ear of the national surveillance network. (Meanwhile, SceneTap-like software ensures that dissident groups can’t meet in person.) It’s an Evgeny Morozov dystopia, and a disconcertingly plausible one. Right now, carrier bloatware and device control is just an irritation, but look just a little ways into the future, and it’s worryingly easy to envision it actually becoming a serious human rights problem … especially if Western companies keep on selling their oppression technology to all comers.