Press Release: Companies From The UK, The US, And Israel Provided Mass Surveillance Capabilities To Colombian Security Services
Privacy International's new report exposes the companies that have built the Colombian Government's controversial and highly invasive surveillance systems. The report “Demand/Supply: Exposing the Surveillance Industry in Colombia” shows the extensive dealings that companies from Israel, the UK, the USA, Finland, and New Zealand, among other countries, have had in supporting Colombian government agencies in purchasing surveillance equipment. Many of the company's customers were agencies that did not have lawful authority to carry out communications interception using such systems. The report is a companion piece to Privacy International's investigation “Shadow State: Surveillance, Law and Order in Colombia” released earlier this week.
The first investigation revealed the efforts of the Colombian state, specifically the Directorate of Police Intelligence (DIPOL), to build a shadow mass surveillance system in the absence of clear lawful authority. Over the past decade, the Colombian state has primarily looked to domestic Colombian companies, the USA, the UK, and Israel to supply surveillance equipment.
The US company Pen-Link and UK company Komcept were involved in the development of the Colombian Government's communications interception system, Esperanza. The Esperanza system was allegedly abused by the highly controversial Administrative Security Department (DAS), which had to be disbanded after it spied on and harassed politicians, journalists, activists, and judges of the Supreme Court opposing the Alvaro Uribe Government.
From Israel, the companies Verint Systems and NICE Systems were involved in providing network surveillance capabilities to Colombia. NICE Systems participated in the significant expansion of Colombia’s Single Monitoring and Analysis Platform (PUMA), which was put on hold in 2014 by the Attorney General due to the concerns over potential abuse of the system. Verint had contracts with the DAS, DIPOL, and Directorate of Criminal Investigation (DIJIN).
Verint’s contracts with DIPOL and DAS were for the provision of communications surveillance equipment that the agencies had no lawful authority to independently operate. Verint’s products underpin DIPOL’s Integrated Recording System. Additionally, Verint provided probes to conduct surveillance of communications networks to DAS, even after the controversial agency had been outed for its illegal activities. Historically, both companies have operated and sold to Central Asian governments with significant records of human rights abuses. Privacy International has done further investigation on this topic which can be found in the report “Private Interests: Monitoring Central Asia”.
IMSI Catchers, tactical surveillance equipment that intercepts data from mobile phones in particular areas, were supplied by the New Zealand company Spectra Group to DIPOL in 2005. As required by a separate contract in 2006, IMSI Catchers were demonstrated by bidding companies in a public shopping mall. At that time, it is not clear where DIPOL's lawful authority to operate such equipment would come from.
The report also shows that Hacking Team, an Italian company that was recently revealed to have been pursuing contracts with the Colombian government, had a presence in Colombia. In 2014, Hacking Team had a Colombian-based field engineer and an active contract with the Colombian police.
Edin Omanovic, Research Officer, Privacy International said:
"Colombia provides yet another example of how easily our privacy and other human rights can be violated by unlawful state surveillance. By enabling these practices, the surveillance industry has been found to be wholly complicit in these abuses. In the case of Verint, this includes an intelligence agency that, at the time, was embroiled in an unlawful spying scandal.
Plainly, the rise of this industry has not been met by the required protections; this report highlights the urgent need for more transparency and safeguards. It also highlights the gaping holes in government oversight over the industry, their assistance to Colombia, and Colombia's own surveillance practices."
Matthew Rice, Advocacy Officer, Privacy International said:
"This report, a companion piece to the first report, Shadow State: Surveillance, Law and Order, details the scale of support the Colombian state received from companies around the world to build the diverse surveillance capabilities the different agencies possessed.
Peering behind the veil of surveillance in Colombia, a broad international network of companies are revealed to be behind some of the most significant expansions in surveillance capabilities in the country over the past ten years.
Demonstrating a technology's interception capability in a public arena, seemingly without shopper's awareness of the demonstration or given consent, is a striking indictment of the callousness of both the agencies involved and the companies that demonstrated to them.
The two reports should work together to illustrate the cycle that countries go through in purchasing these technologies. A demand is noted, a supply chain identified and from that deals are made. These deals have a direct effect on the rights of citizens and their relationship with the state and its security services. Probing questions need to be asked about this cycle and how it can be placed within a human rights framework that guarantees that in the future it cannot be this easy for an agency to act outside the law."
Shadow State: Surveillance, Law and Order in Colombia here
Private Interests: Monitoring Central Asia here