[liberationtech] Finfisher Spy Kit Revealed in Bahrain

Jacob Appelbaum jacob at appelbaum.net
Sat Jul 28 13:40:33 PDT 2012 

Pavol Luptak:
> On Fri, Jul 27, 2012 at 11:54:33PM +0200, Andre Rebentisch wrote:
>> Am 27.07.2012 12:58, schrieb Erich M.:
>>> Here is my take [German alas] on that matter including the
>>> reaction of the Social Democrat fraction in Europarl. MEP
>>> Leichtfried from .AT has been the rapporteur and the guy who
>>> managed to introduce surveillance software into the catalogue of
>>> "dual use" goods.
>>
>> Software is a service, not a good. Without discouraging the efforts:
>> While it may undermine the commercial base it won't help to stop the
>> spread of these tools.
>> The Service aspect frames it more into commercial assistence of
>> foreign espionage, here foreign domestic espionage. "Services" imply
>> that the export nations do not develop the capabilities themselves
>> and allows for all kind of trojan horses ("export versions") and
>> contacts, from which you could assess the current capabilities of
>> the regime.
>>
>> Ironic: During the 90ths we voiced strong opinions against crypto
>> export regulations, now virtually the same community seeks export
>> controls for surveillance technology.

The above statement is frankly, offensive. Most of the people fighting
the cryptowars are absent from this discussion. Please don't tarnish
their hard work with your lack of history or knowledge on the topic.

The people involved in the current debate, of which is there is some
overlap, most certainly want companies who break the law, for purposes
of committing serious crimes against humanity (eg: Syria), to be held to
account. They don't make general purpose software for everyone as a
matter of free speech, they are custom tailoring solutions for
dictatorships to murder people. When they appropriate free software,
disregarding the terms offered under copyright, denying their "users"
the code under the spirit and the letter of the rules, yeah, people are
upset with them for doing that! Are you free to use their software? Are
their users? No, often their users are not free - not free as in speech
and in some cases, not even free as in alive!

The EFF, who basically won the cryptowars outright, specifically
proposes a know your customer approach, which is about as hands off as
is possible while still being engaged.

> I am a bit skeptical about it. From the technical point of view to prohibit
> a business between EU/US companies and dictatorship countries is almost
> impossible (because they can use dozens of subcontractors in many 'grey'
> countries and they do it if they want). Therefore, it is hard to say if this 
> should be regulated by a law, I would prefer market - personally I would never
> buy anything from the company that supports a dictator regime. The most 
> companies cannot afford to do it, because otherwise their reputation can be
> endangered.

This is also ridiculous and ignoring reality. Did you have a lot of
choice in the packet routing of your email Pavol? No so much. You're not
the market's target segment and your protest won't have impact on
Cisco's market cap. The Free Market doesn't decide who buys carrier
grade surveillance equipment nor does it negotiate national data
retention data storage sales. The State does and rarely, if ever, do we
have a say about that - something we probably are both REALLY frustrated
about!

Likewise, the free market has yet to deal with Cisco, EMC, and the myrid
of companies like Nokia Siemens, Huawei and others who directly sell
surveillance, censorship and outright tracking systems. The "market" has
rewarded Cisco for their efforts with the Golden Shield project. This is
even after Cisco was caught red handed advertising it for use in hunting
down unwanted (religious) groups of people.

I don't believe that export controls or total absolute sanctions are the
right path forward. Rather, we should hold these companies to account
for their actions _in the US and Europe_ where they would not be
reasonable, legal or ethical. Specifically when they do this for a
profit and disregard the impact on society as a whole - something most
of these companies are doing without even a slight regard for human life.

I realize that my above email is perhaps a bit harsh but it is so
incredible frustrating to rehash these old arguments and these tired
debates. There are people who are being targeted for torture and even
murder in Bahrain, Syria and other places. We are able to do something
about it and we are doing something about it.

Sincerely frustrated,
Jacob

More information about the liberationtech mailing list