Privacy International: 'Hacking Team's big mistake was its need for fame and glory'
For the heretical act of suggesting the Earth moved around the Sun, Galileo Galilei was condemned in 1633 by the Roman Catholic Inquisition to spend the remainder of his life under house arrest.
It would be clear to most people that his story might bear some lessons for why it's so important for society to not simply accept dogma, to allow dissent, and to allow space to challenge authority. Yet, with characteristic irony, Hacking Team, the Italian purveyor of spying machines purpose built to allow authorities to monitor individuals suspected of dissent, decided to name their spyware Galileo.
It is this self-congratulation and lack of awareness that has ultimately led to the company's likely downfall. Hacking Team doesn't necessarily make the most advanced technology, and they aren't necessarily the worst offenders in terms of facilitating human rights abuses. Even in Italy, there are two other companies peddling similar technology. Hacking Team have, however, been the most bombastic.
They made promotional videos. They have a presence on social media. They wanted media attention. At the spy trade shows they were among the most prominent and most vocal. They decided that it would be a good idea to actually call themselves Hacking Team.
But the most important thing to come out of the hack has not been the insights it has offered into Hacking Team itself. Rather, it has been details about the wider surveillance industry, about a healthy spyware industry in a buoyant mood, a market of enthusiastic customers none of whom Hacking Team had a real problem selling to, and a regulatory system incapable of effective regulation.
For anyone interested in privacy, surveillance and security in modern times, our global technological infrastructure, the security industry and about the effects of all of this on individuals, Hacking Team encapsulates all of the dangers presented by the digital revolution.
The surveillance industry
As we communicate more and create ever more personal data, that data becomes more revelatory and more valuable. As a result our data is becoming increasingly "securitised". The commercial sector, eager to meet government demand to access this data, is growing.
This sector appears to be comprised not only of the likes of Hacking Team but also, increasingly, larger players from the defence industry. Hacking Team's partners, for example, include Israel's largest listed defence manufacturer, Elbit, while Boeing and BAE, two of the world's largest defence contractors, are also interested partners.
While Hacking Team may be small enough to be finished by the hack, the technology they produce and the wider industry they belong to will continue on, largely unaffected. The surveillance industry is growing rapidly, producing more and more technologies for more and more markets. That growth must be kept in check by adopting more meaningful safeguards.
The problem of an unregulated trade in surveillance technology is exemplified by Hacking Team, who appear to be willing to sell simply to whoever will pay, regardless of how they will deploy the technology and against whom. But Hacking Team won't admit they are motivated solely by profit; the company prefers to justify its sales to some of the world's most egregious human rights abusers by insisting they are doing so to assist in the fight against terrorism and other criminality.
Egregious human rights abusers
A lot can be done in the name of counter-terrorism. However, in the case of Hacking Team, it's a very weak argument that its sales to death squads or to regimes responsible for genocide are motivated by the desire to protect people.
Surely, when the marketing teams from Hacking Team step off the plane in Uzbekistan or Kazakhstan, and meet with agents from the former KGB, or with any one of the number of security agencies in the Gulf or North Africa, does it not occur to them that their prospective clients are likely more interested in using these technologies to monitor activists, journalists or the opposition rather than international terrorists?
However, by engaging in the rhetorical tactic of Whataboutism and referring to the surveillance practices of European and North American states, it is possible to justify sales to just about anyone. But that doesn't make any of them right.
As well as selling to intelligence and law enforcement agencies in Europe, the US and Russia, Hacking Team also sold to Azerbaijan, Bahrain, Colombia, Egypt, Ethiopia, Kazakhstan, Morocco, Oman, Russia, Saudi Arabia, Sudan, Turkey, UAE and Uzbekistan. Before the leak, Hacking Team was also looking to sell to Bangladesh and the Israeli interior ministry. This is despite apparently having a human rights review process and claiming not to break any laws.
Hacking Team cannot be left to their own devices
While every state has legitimate security and criminal threats to be countered, every intrusion into privacy must be done in accordance with international and domestic law, be necessary and proportionate, and be subject to oversight and safeguards. At a minimum, products such as Galileo should not be sold to any state that doesn't respect these criteria.
Hacking Team and a commercial sector driven by profit cannot be left to self-regulate or be moral adjudicators. A comprehensive solution includes states implementing effective legal frameworks governing surveillance, and individuals having access to secure devices and knowing how to keep themselves secure. However, it is clear this must also be complemented by safeguards in the form of export restrictions put on companies. As demand for surveillance products and, by extension, the surveillance industry grows, the need for such safeguards is more urgent than ever.
Earlier in 2015, civil society in Morocco was threatened by the government after Privacy International released a report highlighting the stories of individuals affected by surveillance technology, including that of Hacking Team's. It is not acceptable to say to them that there is nothing that can be done.
The only thing that appeared to affect Hacking Team's operations was research showing the targeting of Ethiopian journalists in the US conducted by the Citizen Lab, an investigation by the UN panel monitoring the Sudan arms embargo prompted by Privacy International, and export restrictions imposed by the Italian authorities after civil society campaigning.
The fact that Hacking Team feels they have done nothing wrong is not only a damnation of a company profiting from the surveillance state while appealing to society's worst fears but also of the entire surveillance industry and the wider regulatory system, which has so far proved ineffective.
© Copyright IBTimes 2024. All rights reserved.