A report issued today by the Canadian group Citizen Lab says that network security hardware made by well-known manufacturer Blue Coat Systems is being used for political censorship by the repressive governments of Iran, Syria and Sudan.
Citizen Lab – a digital media and human rights project run by the University of Toronto's Monk School of Global Affairs – says that its researchers discovered active examples of Blue Coat gear on public networks in those three nations, despite U.S. sanctions. The group dubbed the Blue Coat products involved “dual-use” - that is, suitable for both military and civilian applications.
[MORE SECURITY: Emergency broadcast equipment in US vulnerable to hackers]
Although the company is far from alone in having seen its products appear in the hands of such customers – Citizen Lab cites Gamma International, Nokia, Siemens, McAfee and Cisco, to name just a few – it's also not the first time Blue Coat's name has popped up in this type of association, having taken fire in 2011 when Syrian authorities were found to be using its ProxySG appliance.
Citizen Lab does not imply that Blue Coat is selling its products directly to Iran and Syria – overseas resellers are the likely culprits – but the group did call for increased accountability and participation from the company in efforts to keep powerful network management technology out of the hands of authoritarian regimes.
“Proactive, industry-led corporate social responsibility measures, informed by civil society input, are essential to internalizing human rights considerations in business practice, above and beyond basic regulatory compliance,” the report said.
Citizen Lab called specifically for increased attention to be paid to export regulation compliance, as well as the exploration of possible technical safeguards that could help make such hardware proof against misuse.
But it's difficult to see easy roads to reform, according to IDC analyst Phil Hochmuth.
“To some extent, it's the 'guns don't kill people' argument,” he says. “It's tough to single out one vendor … and say they're flaunting international laws.”
What's more, he adds, except for on those occasions when the issue gets into the public eye, it's not really on the radar for many companies.
“I don't think it's the kind of thing that's top-of-mind,” says Hochmuth. “I mean, they make these products primarily for the enterprise, where the rules are set by the corporation – and in a lot of senses, the products that they make … [aren't] designed to monitor or restrict an entire country's Internet access.”
Short of serial-number-level tracking and reporting, he says, there's not much that can be done from a technical standpoint to restrict the use of these devices by repressive governments.
“It's like anything – a product or a technology can be used for good or bad purposes,” says Hochmuth.
Email Jon Gold at email@example.com and follow him on Twitter at @NWWJonGold.