FinSpy, a surveillance tool designed to enable law enforcement to monitor computers in criminal investigations, is being used by governments around the world to spy on activist activity, a new report from Citizen Lab revealed Wednesday.
The U.K.-based Gamma Group markets and sells the software to law enforcement ostensibly with the sole purpose of lawfully monitoring the computers of criminals -- including pedophile rings, human traffickers and organized crime syndicates. The tool has, as Citizen Lab found, been put to broader and more nefarious uses by governments in countries including Bahrain, Ethiopia and Vietnam with "strong indications of politically-motivated targeting."
It was first discovered last year by Citizen Lab researchers that the Bahraini regime was using the espionage software to spy on dissidents. "The apparent use of the spyware to monitor Bahraini activists, none of whom had any criminal history, suggested that it had been used more broadly," the New York Times reported last August. The Times noted too that "in March 2011 ... protesters raided Egypt’s state security headquarters and discovered a document that appeared to be a proposal by the Gamma Group to sell FinSpy to the government of President Hosni Mubarak for $353,000. It is unclear whether that transaction was ever completed."
Wednesday's report found FinSpy in 25 countries, including the U.S. and a number of countries "with troubling human rights records." Researchers highlighted evidence that FinSpy was being used by the governments in Ethiopia and Vietnam to track political opposition.
"These findings call into question claims by Gamma International that previously reported servers were not part of their product line, and that previously discovered copies of their software were either stolen or demo copies," the report authors noted. The report notes too that the list of newly discovered FinSpy servers -- evidencing a global proliferation of the tool -- is likely incomplete.
Citizen Lab urged greater oversight of firms like Gamma Group and the export of surveillance tools to repressive regimes:
While the sale of such intrusion and surveillance software is largely unregulated, the issue has drawn increased high-level scrutiny. In September of last year, the German foreign minister, Guido Westerwelle, called for an EU-wide ban on the export of such surveillance software to totalitarian states. In a December 2012 interview, Marietje Schaake (MEP), currently the rapporteur for the first EU strategy on digital freedom in foreign policy, stated that it was “quite shocking” that Europe companies continue to export repressive technologies to countries where the rule of law is in question.
We urge civil society groups and journalists to follow up on our findings within affected countries. We also hope that our findings will provide valuable information to the ongoing technology and policy debate about surveillance software and the commercialisation of offensive cyber-capabilities.