On July 5, 2015, the Italy-based company Hacking Team, which sells technologies designed to access computer networks and collect data, was hacked. The intruders not only changed the firm’s Twitter account to “Hacked Team” but exposed some 400 gigabytes of proprietary data to the public. Subsequent media analysis shed light on Hacking Team’s client relationships with security agencies in over 20 countries, including some with dubious human rights records such as Sudan and Uzbekistan.
Yet, governments do not exclusively use technologies sold by Hacking Team and similar companies within their own borders. A federal court in Washington is currently weighing a lawsuit alleging that the Ethiopian government remotely spied on a U.S. citizen in Maryland. To do so, the Ethiopian government used commercial Internet-based technology sold by Gamma International, a company based in the United Kingdom and Germany. The surveillance was discovered not by the U.S. government, but by Citizen Lab, an academic research center based at the Munk School of Global Affairs at the University of Toronto, Canada, which has published several reports on how governments use these technologies for surveillance. That’s why, despite their often legitimate use by security agencies, these tools have become framed as “surveillance technologies.”
The two cases, and popular perceptions of them, underscore many of the complicated issues involved in recent efforts to regulate the export of digital surveillance technologies, especially to foreign governments with problematic human rights records. Now, what started out as a human rights issue flagged by academics and activists has since caught the attention of security professionals in the private sector and government, who have recognized that the same technologies can be used against a variety of targets for legitimate and illegitimate purposes, with varying outcomes.