ADVANCING HUMAN-RIGHTS-BY-DESIGN IN THE DUAL-USE TECHNOLOGY INDUSTRY.

• Author: Penney, Jonathon

It is no secret that technology companies have greased the wheels for human rights abuses around the world backed by a global web of private sector support and investment that has yielded significant financial returns. In April 2018, Citizen Lab published research analyzing the use of Internet filtering technology in ten countries of interest: Afghanistan, Bahrain, India, Kuwait, Pakistan, Qatar, Somalia, Sudan, United Arab Emirates, and Yemen. (1) In these countries, technology produced by a company called Netsweeper is implemented by national-level, consumer-facing Internet Service Providers (ISPs) to filter online content. Choices made by Netsweeper have a significant impact on the types of websites that users in a given country can ultimately access.

Citizen Lab researchers demonstrated through a variety of technical methods that Netsweeper's technology facilitates the blocking of digital speech protected by international human rights law--from religious content in Bahrain and political campaigns in the UAE to media websites in Yemen. News concerning Rohingya refugees was censored, information about violence against national religious minority populations blocked, and websites--from the World Health Organization to the Christian Science Monitor--were miscategorized as "Pornography" using Netsweeper's filtering tools. Pre-set categories curated by Netsweeper itself (including an "Alternative Lifestyles" category) also facilitated the miscategorization and censorship of content from LGBTQ2+ civil rights and advocacy organizations, HIV/AIDS health resources, and media and cultural groups. Netsweeper's filtering system can even be configured so that every website originating from an entire specified country can be blocked all at once.

Citizen Lab concluded that these uses of Netsweeper's technology were likely contrary to international human rights law. (2) They appeared to constitute impermissible restrictions on, among other rights, freedom of opinion and expression, minority rights, and protections against discrimination enshrined in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.

Yet Netsweeper is not an outlier. It is merely one example, operating within a complex cyber security industry increasingly financed by specialized and powerful investment firms. (4) Products like Netsweeper's Internet filtering systems are often referred to as "dual use." While they may serve legitimate societal objectives in some cases, they are also used to undermine human rights like freedom of expression and privacy. Citizen Lab research has repeatedly exposed the ways in which deep packet inspection (DPI) technology and Internet filtering software--services offered by technology companies like Sandvine and Netsweeper--can be used to censor speech and threaten freedom of expression online. (5) Research has also revealed the widespread abuse of dual-use technology in the form of malicious software, spyware, and hacking tools (like those developed by private sector security and intelligence firms, including FinFisher, Hacking Team, and NSO Group) governments with problematic human rights records use to target civil society. (6) As surveillance technology is propagated and normalized, it has crept into ordinary commercial markets, putting tools or techniques designed for use by intelligence and law enforcement into the hands of ordinary criminal actors and abusive spouses alike. (7)

These business practices would not be possible without private sector financial and investment firms bankrolling them. For example, Francisco Partners is a global private equity firm specialized in the technology sector. (8) Its portfolio companies have included Blue Coat (since acquired by Symantec), a manufacturer of dual-use technology deployed in countries with deeply problematic human rights records including Iran, Syria, and Sudan, subject to sanctions by the United States government. (9) Sandvine--a company whose PacketLogic devices were apparently used to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt--is currently a member of the Francisco Partners family. (10) And Francisco Partners has long been the controlling shareholder in an Israeli cyber-arms dealer called NSO Group." The NSO Group spyware can be directly linked to the illegal surveillance of human rights activists, journalists, and lawyers from the UAE to Mexico. (12,13)

Emerging markets for the sale of filtering, hacking, and targeted surveillance technologies, especially to repressive and authoritarian states, raise serious human rights concerns. Yet, when researchers, human rights activists, and civil society groups raise concerns and call on these companies to change course, these concerns are frequently met with vague statements, denial, and silence. (14) While the investment firms financing these business practices often pay lip service to corporate social responsibility, in practice they have done little to enforce respect for human rights. (15,16)

Investors can no longer turn a blind eye. There is now a worldwide market in the billions of...