With New Spying Powers On Horizon, Surveillance Companies Descend On UK

News & Analysis
With new spying powers on horizon, surveillance companies descend on UK

Surveillance companies and government officials from across the world are gathering in the UK this week at the invitation of the Home Office for the UK’s “Premier Security and Law Enforcement Event’, one week after the controversial spying legislation, entitled the Investigatory Powers Bill, had its first reading in Parliament.

Delegates and companies will be attending the three-day long ‘Security and Policing’ trade show in Farnborough, the historical centre of the UK’s aerospace industry. The trade show “exist[s] to provide the level of industry engagement needed to enable UK Government to procure and deliver its national security priorities”.

Government visitors to the event “are pre-vetted to strict Home Office criteria”, meaning that entry is not allowed for the vast majority of non-governmental employees or media, and that companies will have the “[o]pportunity to showcase cutting edge technologies in a secure environment.”

Among news stories circulated to exhibitors and delegates on the event website, is a link to factsheets describing in detail the powers contained within the UK’s controversial Investigatory Powers Bill (IP Bill).

Companies exhibiting their products include a range of international and UK companies looking to provide the technology necessary to fulfill the powers contained within the Bill.

Government hacking

One of the most controversial aspects of the proposed IP Bill are powers that will allow Government security agencies to “hack”, not only into individual devices, but also in bulk, into multiple devices and networks, such as into all mobile phones in a specific area or city. Such capabilities give authorities powers to read all data and files on a computer or mobile device, and to take control of functions of a device, such as covertly turning on the webcam or microphone.

The Government first avowed these capabilities after Privacy International challenged their use in court, relying on evidence made available by whistleblower Edward Snowden. While the most technically advanced signals intelligence agencies of the US and UK develop such capabilities themselves, the increasing use of hacking by further intelligence and law enforcement agencies, within the US and UK, as well as across the world, means there is a burgeoning commercial market for such tools that is likely to continue growing.

Hacking Team and RCS, two Italian sellers of hacking capabilities, will be exhibiting to UK and other delegates this year at Security & Policing). Hacking Team were last year themselves hacked, revealing that they had sold its hacking solution to at least 45 countries including, Azerbaijan, Bahrain, Colombia, Egypt, Ethiopia, Kazakhstan, Morocco, Oman, Russia, Saudi Arabia, Sudan, Turkey, UAE, and Uzbekistan.

Mass Interception

One of the most high profile revelations from the evidence revealed by Edward Snowden was the UK signals intelligence agency, GCHQ, was intercepting in bulk internet traffic going into and out of the UK through undersea fiber cables. The programme, known as Tempora, is subject to ongoing legal challenges by Privacy International and others.

Mass interception capabilities are advertised by several surveillance companies in attendance at Security & Policing, including UK-based GOS Systems, which advertises its “mass interception” capability, and iPS, which advertises a “system designed to acquire information from multiple service and network providers using passive, in-line or tactical probes” along with “deep packet inspection” technology used to filter the captured data.

The intelligence unit of defense contractor BAE Systems will also be exhibiting. In 2011, BAE bought a Danish surveillance company ETI for £127 million, a company which advertises how its interception solution “can be used in high-speed access lines, international gateways, and sea cables.”

Mobile phone surveillance

There is increasing evidence that police and other agencies are using technology known as an “IMSI Catcher” or “Stingray” to identify all mobile phones in a given area and intercept conversations in real time. Yet authorities in the UK are unwilling to acknowledge these capabilities. It is still unclear, despite the fact that the IP Bill is supposed to make the laws governing surveillance more accessible, under which specific law use of such technology can be authorised.

Nevertheless, a number of companies selling such surveillance technology are in attendance at Security & Policing, for example, NeoSoft, a Swiss based manufacturer. Last year, Privacy International revealed that NeoSoft had met with representatives from the Rapid Action Battalion (RAB), a Bangladesh police unit described by Human Rights Watch as a “death squad” involved in torture and extrajudicial killings. After our investigation, the company was referred to Swiss federal prosecutors for a potential violation of export control laws and the export of the technology stopped by the authorities.

Other sellers of IMSI catchers include UK-based Cellxion and Domo Tactical Communications, and Canadian EXFO Homeland Security.

Lawful Interception

Powers within the Bill replace some existing demands on telecommunications operators and Internet Service Providers, while also introducing new ones. In addition to storing ‘metadata’ (who called who, when, and where from) for up to a year, operators would now be required to store information about their user’s internet browsing histories for a year.

A wide range of companies sell technologies to telecommunications companies, and directly to governments that allow such surveillance to be carried out.

Hewlett Packard Enterprises, for example, sells such capabilities, and is a sponsor of Security & Policing. It manufacturers “a wide range of Intelligence Support Solutions” offering “a fully-integrated, real-time approach to store and capture any type of data and fulfill legal requests for communications records.” Their solutions include a probe that collects data “directly from traffic flows going through the network”, meaning that “all the collected data can be analyzed in real time”, including data related to senders and receivers of messages and calls, as well as websites visited. They further advertise a “cost-effective” solution for operators “to manage these requests; to quickly identify, locate, and retrieve data on user activity history, intercept content in real time, and deliver it securely to the authorities.”

Exhibiting at Security & Policing is also Italian company iPS, which offers“systems for the interception of traditional telephony services systems as well as the most sophisticated Internet applications”, that “can record any kind of audio, video and data content with real-time listening / viewing features.”

Netherlands-based Group 2000, also exhibiting, offers a range of “end-to-end solutions for lawfully intercepting, storing and analyzing communication content” that are “installed in 25+ countries at Government agencies, Telco Operators and Internet Service Providers.”

Promoting Exports & Imports

In addition to putting the exhibiting surveillance companies in direct connection with UK government agencies, the event will also put them in touch with invited representatives from foreign governments. Campaign Against the Arms Trade, through the use of the Freedom of Information Act, have revealed that delegates from authoritarian states with records of severe human rights abuses have been invited by the Home Office to attend, including representatives from Egypt, Israel, Saudi Arabia, United Arab Emirates, and Pakistan.

Earlier this year, Privacy International first highlighted data showing that the UK government last year granted licenses for exports of Intrusion Software that can be used for “hacking” to 11 countries, including Saudi Arabia and Egypt.

In addition, in just a nine month period in 2015, licenses worth over £10 million had been granted for the export of IMSI Catchers, including to Saudi, Egypt, Israel, and Turkmenistan, and a license worth over £6 million had been granted for equipment that can be used for mass-scale interception to the United Arab Emirates.

In addition to exhibitions, there are a range of briefing sessions promoting export opportunities at Security & Policing , which include talks by the head of export controls at GCHQ, representatives from the Foreign Office, Ministry of Defense, and Export Control Department, as well a representative from the unit responsible for promoting UK defense, security, and “cyber” export opportunities — housed within the same department as the unit responsible for approving export licenses.

Cashing in

Nowhere is the nexus between the security and defense sector and government more evident than at trade shows such as Security & Policing.

The UK and countries across the world have taken advantage of the increase in connected people and devices in order to conduct more surveillance. As they have done so, the private sector has been keen to meet the demand. Governments are in turn keen to promote exports, not solely out of economic interest, but in order to ensure that strategically aligned countries can carry out their own surveillance, of which the UK can take advantage. The fact that many surveillance companies are staffed by well-connected former Government staff further reinforces this complex.

The problem is that there is little space in these mutually-reinforcing relationships for the consideration of the needs of individuals. For example, while western nations may have an interest in the Saudi Arabian authorities being able to collect intelligence on a mass scale because the western nations can then have access to it or hack it, it doesn’t mean that this is in the best interest of Saudi people at large. Equally, it is not in the best interests of the UK people for private companies with an interest in expanding surveillance powers to attend closed events with policy makers at a time when far-reaching and controversial surveillance legislation is still being debated.