How Governments Shop for The Tools in Their Spying Kits

A catalog of tools and services to intercept, decrypt and otherwise snoop around in digital communications falls into the hands of The Wall Street Journal.

This article is from the archive of our partner .

The people who attended a "secretive surveillance conference" in Washington last month were showered with documents — brochures and prospectuses for off-the-shelf surveillance products worthy of many an intelligence service. The documents show a new niche of the national security business: selling advanced surveillance tools to eager customers.

Some of those wound up with The Wall Street Journal, which examines them at length in Saturday's paper.

Intelligence agencies in the U.S. and abroad have long conducted their own surveillance. But in recent years, a retail market for surveillance tools has sprung up from "nearly zero" in 2001 to about $5 billion a year, said Jerry Lucas, president of TeleStrategies Inc., the show's operator.

Critics say the market represents a new sort of arms trade supplying Western governments and repressive nations alike. "The Arab Spring countries all had more sophisticated surveillance capabilities than I would have guessed," said Andrew McLaughlin, who recently left his post as deputy chief technology officer in the White House, referring to the Middle Eastern and African nations racked by violent crackdowns on dissent.

The companies marketing these products say they only do so to governments and law enforcement agencies, The Journal reported, but that doesn't mean the results aren't sometimes eyebrow-raising. The paper's investigation comes after they discovered Western-designed systems for surveilling dissidents in some of the autocratic companies being rocked by democratic rebels during the Arab Spring, including Libya, Egypt, and Syria, authors Jennifer Valentino-Devries, Julia Angwin and Steve Stecklow write.

Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data. Although hacking techniques are generally illegal in the U.S., law enforcement can use them with an appropriate warrant, said Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Justice Department.

The documents show that at least three companies—Vupen Security SA of France, HackingTeam SRL of Italy and Gamma's FinFisher—marketed their skill at the kinds of techniques often used in "malware," the software used by criminals trying to steal people's financial or personal details. The goal is to overcome the fact that most surveillance techniques are "useless against encryption and can't reach information that never leaves the device," Marco Valleri, offensive-security manager at HackingTeam, said in an interview. "We can defeat that."

Representatives of HackingTeam said they tailor their products to the laws of the country where they are being sold. The firm's products include an auditing system that aims to prevent misuse by officials. "An officer cannot use our product to spy on his wife, for example," Mr. Valleri said.

Mr. Valleri said HackingTeam asks government customers to sign a license in which they agree not to provide the technology to unauthorized countries.

To glance at some of the prospectuses that conference attendees reviewed, see "The Surveillance Catalog."
This article is from the archive of our partner The Wire.