Internet freedom and security in EU foreign policy: The role of business

Yesterday I attended an workshop which focused on the role of business in the IT Business and Privacy world. This workshop focussed on Government spyware tools, human rights and foreign policies.

Introduction

Marietje Schaake and Jőrg Leichtfried introduced the room to the workshop. Fernando Perreau de Pinninck, Trevor Timm, Julie Evans and Taylor Reynolds were part of the Internet Freedom and Security panel. Antoneta Angelova-Krasteva and Gosia Gorska commented on the presentations.

The workshop
The workshop started good, everybody had a seat in less than 10 min and before we knew it we started about Internet Freedom and Security in EU foreign policy.

Key points
During the workshop there were some key points that got discussed.

1. Increase of information
2. Monitoring tools / government spyware tools
3. Export control
4. Internet shutdown

Increase of information
We all know that information is power. If we look back just 20 years we can see that the information technology world has changed and is changing rapidly. In the current time people have smartphones and several other multimedia tools to exchange information.

During the protests in Iran the Iranian people used smartphones to video the actions of the demonstration and the government.

With the help of these tools the protestors were not standing alone. They informed the world about the demonstrations and the actions that had been taken by the government. The people could spread the word.

This is a development that we will see more in the future. People will use each way of communication to exchange information. And with a single smartphone you can exchange a lot of information. Now imagine 10 000’s of people exchanging that information.

During the workshop we came to the conclusion that if we want to support people that are fighting for their rights – there always has to be some kind of information channel.

 Monitoring tools / government spyware tools
There is unrest in Egypt, Tunisia, Libya, Bahrain and elsewhere in the Arab world. Activists use information technology to exchange information with each other. They make agreements were to meet and how to find each other.

During the protests in Nasr, Egypt some activists found documents about a “monitor” tool FinFisher.

FinFisher

FinFisher seems to be an Intrusion and Spying software framework, developed and sold by a German company. It seems to include multiple components, including an "infection proxy" and various intrusion tools.

It's easy to imagine a case where customer would be innocent of any wrongdoing, but would be suspected for a crime he didn't commit. In such a situation he would have full expectation of his antivirus protecting him against trojans, even if those trojans would be coming from the government.

This would be even more relevant if the customer lives in a totalitarian state. If the USA's government would ask not to detect something and we would do it, then what? Should we avoid detecting hacking software used by governments… of which country? Germany? UK? Israel? Egypt? Iran?

Export control
During the workshop someone said that at the moment you are selling a tool to a country or regime you should “screen” your client.

But this does not work when a “legit” client sells it to third parties.

Internet shutdown
The 2011 Egyptian protests began on 25 January 2011. As a result, on January 25 and 26, the government blocked Twitter in Egypt  and later Facebook was blocked as well.

On January 27, various reports claimed that access to the Internet in the entire country had been shut down. The authorities responsible achieved this by shutting down the country's official Domain Name System, in an attempt to stop mobilization for anti-government protests. Later reports stated that almost all BGP announcements out of the country had been withdrawn, almost completely disconnecting the country from the global Internet, with only a single major provider, Noor Data Networks, remained up. And while Noor continued to operate for several days, its routes started to be withdrawn at 20:46 UTC on 31 January.

It was later reported that the five major Egyptian service providers—Telecom Egypt, Vodafone/Raya, Link Egypt, Etisalat Misr, and Internet Egypt—all went dark one after the other between 22:12 and 22:25 UTC (12:12–12:25 a.m. Friday 28 January Cairo time). As a result, approximately 93% of all Egyptian networks were unreachable by late afternoon. The shutdown happened within the space of a few tens of minutes, not instantaneously, which was interpreted as companies receiving phone calls one at a time, ordering them to shut down access, rather than an automated system taking all providers down at once.

Analysis by BGPMon showed that only 26 BGP routes of the 2903 registered routes to Egyptian networks remained active after the blackout was first noticed; thus an estimated 88% of the whole Egyptian network was disconnected. RIPE NCC has two graphs of routing activity from Egypt, announcements/withdrawals and available prefixes, including a snapshot of activity during the shutdown.

Shortly after the Internet shutdown, engineers at Google, Twitter, and SayNow, a voice-messaging startup company acquired by Google in January, announced the Speak To Tweet service. Google stated in its official blog that the goal of the service was to assist Egyptian protesters in staying connected during the Internet shutdown.

Users could phone in a tweet by leaving a voicemail and use the Twitter hashtag #egypt. These tweets can be accessed without an Internet connection by dialing the same designated phone numbers. Those with Internet access can listen to the tweets by visiting twitter.com/speak2tweet.

Internet service providers such as the French Data Network (FDN) provided free (zero-cost) dial-up access to Egyptians with landline (analogue) international telephone access. FDN provided the service as a matter of principle, to "contribute to the freedom of expression of the Egyptian people and allow them to keep a connection with the rest of the world.”

After the shutdown of the Internet in Egypt, the President of the United States of America, Barack Obama, released the following statement calling for an end to the Internet ban:

“The people of Egypt have rights that are universal. That includes the right to peaceful assembly and association, the right to free speech and the ability to determine their own destiny. These are human rights and the United States will stand up for them everywhere. I also call upon the Egyptian government to reverse the actions that they've taken to interfere with access to the internet, to cellphone service and to social networks that do so much to connect people in the 21st century.”

On February 2, connectivity was re-established by the four main Egyptian service providers. A week later, the heavy filtering that occurred at the height of the revolution had ended and bloggers and online activists who had been arrested were released.

Twitter
The workshop could be followed via Twitter with the hashtag #RoleICT