Is a U.S. Company Assisting Egyptian Surveillance?

by on February 6, 2011 · 15 comments

Boeing subsidiary Narus reports on its Web site that it “protects and manages” a number of worldwide networks, including that of Egypt Telecom. A recent IT World article entitled “Narus Develops a Scary Sleuth for Social Media” reported on a Narus product called Hone last year:

Hone will sift through millions of profiles searching for people with similar attributes — blogger profiles that share the same e-mail address, for example. It can look for statistically likely matches, by studying things like the gender, nationality, age, location, home and work addresses of people. Another component can trace the location of someone using a mobile device such as a laptop or phone.

Media advocate Tim Karr reports that “Narus provides Egypt Telecom with Deep Packet Inspection equipment (DPI), a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway.”

It’s very hard to know how Narus’ technology was used in Egypt before the country pulled the plug on its Internet connectivity, or how it’s being used now. Narus is declining comment.

So what’s to be done?

Narus and its parent, The Boeing Company, have no right to their business with the U.S. government. On our behalf, Congress is entitled to ask about Narus’/Boeing’s assistance to the Mubarak regime in Egypt. If contractors were required to refrain from assisting authoritarian governments’ surveillance as a condition of doing business with the U.S. government, that seems like the most direct way to dissuade them from providing top-notch technology capabilities to regimes on the wrong side of history.

Of course, decades of U.S. entanglement in the Middle East have created the circumstance where an authoritarian government has been an official “friend.” Until a few weeks ago, U.S. unity with the Mubarak regime probably had our government indulging Egypt’s characterization of political opponents as “terrorists and criminals.” It shouldn’t be in retrospect that we learn how costly these entangling alliances really are.

Chris Preble made a similar point ably on the National Interest blog last week:

We should step back and consider that our close relationship with Mubarak over the years created a vicious cycle, one that inclined us to cling tighter and tighter to him as opposition to him grew. And as the relationship deepened, U.S. policy seems to have become nearly paralyzed by the fear that the building anger at Mubarak’s regime would inevitably be directed at us.

We can’t undo our past policies of cozying up to foreign autocrats (the problem extends well beyond Egypt) over the years. And we won’t make things right by simply shifting — or doubling or tripling — U.S. foreign aid to a new leader. We should instead be open to the idea that an arms-length relationship might be the best one of all.

  • Michael Anderson

    Perhaps Narus could adopt some catchy corporate motto, say “Don’t be evil,” and then everything would be OK.

  • Anonymous

    Any device can be used for good or bad. A computer and a router can be used to form the Internet or snoop on the Internet. A network sniffer could be used to detect worm or virus activity and it could also be misused against citizens in the hands of government. Just because a company sells some computing and networking equipment to foreign governments doesn’t make them responsible for the Egyptian shutdown. Furthermore, the shutdown had nothing to do with DPI equipment.

  • Anonymous

    Let me be very clear that the shutdown had nothing to do with DPI. It involved removing all Egyptian routing tables in the core routers such that all of the mapping information on the Internet needed to reach Egypt were wiped. This is a very low level attack and had nothing to do with higher level information snooping that the Egyptian government may have also been engaged in.

  • Jim Harper

    @Michael – LOL.

    @George – Nothing I read of Karr suggested that Narus was involved in the shutdown, and I meant to suggest that the issue with Narus was distinct from the shutdown when I said “It’s very hard to know how Narus’ technology was used in Egypt before the country pulled the plug on its Internet connectivity, or how it’s being used now.” (Reports had Egypt’s Internet coming back up on the 2nd.)

    I also didn’t say that Narus was responsible for anything else going on in Egypt. But we are entitled to ask questions. If a U.S. provider is selling its product indifferent to its use overseas (or here at home, for that matter), that’s something worth investigating and talking about.

    The Narus Web page I linked to at “terrorists and criminals” says “[T]errorists and criminals are utilizing IP services to communicate and coordinate, leading to a variety of government mandates.” The word “variety” has an anything-goes, not-our-problem flavor that piqued my curiosity. They didn’t say “legally required intercepts” or use any other language suggesting they are holding themselves to working within a rule-of-law environment.

    Don’t over-read that as implying that there should be some particular action taken on learning more about Narus’ work with Egypt. It would depend on what we learn. But a technology seller that works at cross-purposes to U.S. government policy or to liberty generally doesn’t have a right to the business of the U.S. government or anyone else.

    I hope this clarifies.

  • Anonymous

    @Jim Harper

    Any technology that can be used by police for legitimate anti-crime or anti-terror purposes can be misused against political dissidents by authoritarian governments. Attacking the technology or the company that makes it is misguided.

    Furthermore, it was Cisco and/or Juniper router technology used shut down the Internet in Egypt. That’s right, the very same technology used to build and support the Internet in Egypt. Are you going to demand that we have hearings against Cisco and Juniper and ask them why they’re selling technology to Egypt? And if you got your wish and Cisco and Juniper stopped selling routers to Egypt, do you not see the irony of this?

  • Ryan Radia

    The U.S. government may well have the legal power to refuse to contract with U.S. firms that facilitate the Mubarak regime (or other repressive foreign governments). But I’m not sure it follows that libertarians should support the state throwing around its weight to influence private firms’ behaviors in ways that we’d probably otherwise consider to be in violation of freedom of contract.

    In the world we envision, of course, the U.S. government would have so few substantial commercial relationships with private businesses that its contracting process wouldn’t have much sway over those businesses’ other activities. In the statist society we live in, however, Congress could easily dissuade many major U.S. tech firms from doing business with repressive regimes simply by threatening to yank their lucrative government contracts.

    But why should we trust Congress in the first place to rationally determine whether a particular business is engaged in transactions that undermine global freedom – or, for that matter, which regimes are unacceptably repressive? While the United States may be the freest nation on the planet, we also have the world’s highest incarceration rate and the strictest penalties against victimless crimes in the developed world. Every day, innocent Americans are jailed and their belongings are wrongfully seized by an overreaching government. Shouldn’t we expect Congress to show some real progress toward making the United States itself less repressive before calling on our legislators to “ask about Narus’/Boeing’s assistance to the Mubarak regime in Egypt?”

    Moreover, even if Narus and Boeing are being just plain evil, does the same hold true for all U.S. firms that comply with the demands of oppressive governments? Microsoft and Google have at times censored politically sensitive results from their search engines in China; does that mean that those companies too should lose their government contracts on account of facilitating repression? (I wrote about that issue last year here http://seattletimes.nwsource.com/html/opinion/2012397847_guest20radia.html)

  • Jim Harper

    Again, the subject here is not the shutdown. I’m sorry if I’ve been unclear.

    I’m not sure this can be productive as you’ve imputed to me a “wish” that Cisco and Juniper would not sell routers to Egypt, though I specifically disclaimed having a any one outcome in mind, and I did not have that outcome in mind.

  • Anonymous

    You’re asking for government hearings against Narus which is a company whose technology had nothing to do with the government shutdown. What’s the purpose of hearings? Isn’t it to pressure american companies from selling technology to the Egyptian government (which BTW is an ally that has helped maintain peace in the Mid East). As Ryan Radia said in response to you, why are Libertarians calling for more government hearings and government action?

  • Anonymous

    Jim, let me correct myself, you’re asking for something more specific than hearings. You’re asking the government to stop buying products from Narus and Boeing because they might have had a hand in the Egyptian shutdown. Since it was Cisco and Juniper technology used, and if we went with your logic, you’re asking the US government to stop buying Cisco and Juniper technology.

    Now you say you didn’t have Cisco or Juniper in mind, but that’s besides the point. The fact is that you haven’t really given a lot of thought to this and you’re espousing a knee-jerk government intervention solution before examining the facts or considering the consequences.

  • Pingback: Digital Society » Blog Archive » Conflating DPI with Egypt to exploit a crisis

  • Jim Harper

    Thanks for the comment, Ryan, which is well directed at what I actually said.

    Yes, this post is very much about the world we’ve got and not the world we’d like. In the world we’ve got, the U.S. government does a heckuva lot of technology purchasing that either wouldn’t be done or that would be done by private actors. That gives it a role in the marketplace that we are entitled to use to dissuade companies from doing things that are contrary to our interests — just like if we as individual purchasers decided to boycott a company.

    That is harder to administer through Congress than it would be in markets — tough cookies to us — but that’s not a reason not to do it. And it in no sense violates their freedom of contract. What it does is put companies to a choice: sell to dictators and risk losing U.S. government business, or don’t sell to dictators and maintain U.S. government business. The choice is pretty easy, and the policy I suggested — no assisting authoritarian governments’ surveillance — would probably result in less assistance to authoritarian governments’ surveillance.

    (I’m not with you on the idea that the U.S. should have to perfect itself before pressuring other governments, though I’m happy to see Narus lose business because it facilitated warrantless wiretapping domestically.)

    It’s easy to over-read what I wrote, apparently, and I’m not saying “don’t do business in authoritarian countries.” Adam and I did a colloquy here and on C|Net about Google and China where I came down in favor of Google doing business there despite having to participate in censorship on behalf of the state. That’s different from “facilitating repression,” which is a much broader category of behavior.

    http://news.cnet.com/Debating-high-techs-China-challenge/2010-1028_3-6030009.html

    I wrote tentatively — and avoided saying precisely where to draw these lines — precisely because I’m not prepared to draw them. It’s tough to decide which things a technology provider might do and which it might not to stay in the good graces of its buyers in the U.S.

    I’m OK if technology providers have to worry about that. Indeed, I posted this to get that process started, to make them worry about the cost of doing business with repressive regimes when it might advance the goals of repression more than it advances communication among elements of civil society.

    Libertarians aren’t pro-business. We’re pro-freedom. If that’s tough on business, and if we have to work with Congress because it does a lot purchasing today and because it is our actual representative on the international scene, so be it.

  • Ryan Radia

    That’s a fair point, Jim. It’s a remarkably tough line-drawing exercise, as you observed in your CNET dialogue. I certainly don’t think we should blindly support U.S. firms that do business with repressive regimes, and I’m all for voluntary institutions playing an active role in punishing U.S. companies that really do belong to the “dark side.” But I’m also deeply concerned about the error costs stemming from government trying to distinguish bad conduct from good conduct – especially when they tend to look alike (i.e. antitrust disputes). In the case of selling surveillance tools to foreign governments, how do we know when engagement by U.S. businesses is a better alternative to foreign government simply buying surveillance tools elsewhere?

    That’s not to say that Congress, in its efforts to promote freedom in repressive foreign nations, may well bring to light truly bad actors from time to time. But I suspect this exercise results in many false positives and, as such, may actually end up deterring U.S. firms from engaging in activities that promote global freedom on net. Why, then, should we focus on “building a better legislator” when we can instead work to ensure that Congress is as far removed as possible from a position of influence over the behaviors of private businesses? The former approach may be more feasible than the latter, to be sure, but I fear that it may also make freedom less attainable in the long run.

  • Ryan Radia

    That’s a fair point, Jim. It’s a remarkably tough line-drawing exercise, as you observed in your CNET dialogue. I certainly don’t think we should blindly support U.S. firms that do business with repressive regimes, and I’m all for voluntary institutions playing an active role in punishing U.S. companies that really do belong to the “dark side.” But I’m also deeply concerned about the error costs stemming from government trying to distinguish bad conduct from good conduct – especially when they tend to look alike (i.e. antitrust disputes). In the case of selling surveillance tools to foreign governments, how do we know when engagement by U.S. businesses is a better alternative to foreign government simply buying surveillance tools elsewhere?

    That’s not to say that Congress, in its efforts to promote freedom in repressive foreign nations, may well bring to light truly bad actors from time to time. But I suspect this exercise results in many false positives and, as such, may actually end up deterring U.S. firms from engaging in activities that promote global freedom on net. Why, then, should we focus on “building a better legislator” when we can instead work to ensure that Congress is as far removed as possible from a position of influence over the behaviors of private businesses? The former approach may be more feasible than the latter, to be sure, but I fear that it may also make freedom less attainable in the long run.

  • Anonymous

    Isn’t libertarianism about finding something other than government solutions?

    You keep asking for a government boycott because a private company is legally selling technology to a government that is officially an ally to us. Isn’t that beating around the bush to what you really want? If you want to declare the Egyptian government an authoritarian regime that deserves to be on the export ban list, do that. Try to change the laws if that’s how you feel about it, but punishing companies that abide the law is a dangerous precedent.

    The real problem with your analysis is that all technologies are dual use. Dual in the sense that they can be used for good or misused against freedom. When you impose an export ban on products that are commonly available in most of the world, you only restrict the good use of that technology. Authoritarian regimes and terrorists go right on ahead and obtain the technology elsewhere. Result is that you’ve done nothing good but you’ve harmed legitimate commerce.

    I’ve written an updated response to you here. http://www.digitalsociety.org/2011/02/conflating-dpi-with-egypt-to-exploit-a-crisis/

  • Pingback: 아랍 혁명과 페이스북 ‘반’혁명 | 풀뿌리 기술문화 연구집단

Previous post:

Next post: