Reporters Put Spotlight on BAE Surveillance Sales

Journalists working for Danish newspaper Dagbladet Information and the BBC have broken a story about giant British defense contractor BAE selling Danish-developed comms surveillance technology to the governments of Saudi Arabia, the United Arab Emirates, Qatar, Oman, Morocco and Algeria. The Danish surveillance system is called ‘Evident’ and was developed by a business called ETI which was acquired by BAE in 2011. Evident is reportedly capable of advanced and widespread monitoring of internet and telephone use, as described by one former ETI employee who was quoted by the BBC.

“You’d be able to intercept any internet traffic,” he said. “If you wanted to do a whole country, you could. You could pin-point people’s location based on cellular data. You could follow people around. They were quite far ahead with voice recognition. They were capable of decrypting stuff as well.”

There is no suggestion that BAE has done anything illegal. All sales of Evident were made under Danish government export licences issued by the Danish Business Authority. However, the BBC found evidence that the decryption capabilities of Evident might have resulted in exports being blocked if they came from the UK.

The BBC has obtained a 2015 email exchange between the British and Danish export authorities in which the British side clearly expresses concern about this capability with reference to an Evident sale to the United Arab Emirates.

“We would refuse a licence to export this cryptanalysis software from the UK because of Criteria 5 concerns,” says the email.

“Criteria 5” refers to the national security of the UK and its allies.

In other words, UK authorities were worried that Evident could be used to undermine British security. There is some irony here, because the development of these technologies is largely motivated by increasing security through additional anti-terror surveillance.

Dutch MEP Marietje Schaake is one of the few European politicians willing to talk intelligently to journalists about the risks involved in exporting and encouraging the development of increasingly sophisticated comms surveillance systems.

“I think the fact that these companies are commercial players, developing these highly sophisticated technologies that could have a deep impact on our national security, on people’s lives, requires us to look again at what kind of restrictions may be needed, what kind of transparency and accountability is needed in this market before it turns against our own interest and our own principles.”

Regular Commsrisk readers may remember Schaake featured prominently in a recent Al Jazeera documentary about the export of spying tech like IMSI-catchers.

It should not be up to journalists to protect citizens from abusive surveillance. Elected governments have a responsibility to all, including the citizens of foreign countries. The hard part is showing a connection between the implementation of a system and the innocent person who suffers because they have been spied upon. However, it seems that some of the businesses and politicians who engage and support this trade are indifferent to the risks when selling to governments who were not even chosen by their people, and who may use oppressive means to remain in power. They will even go so far as to put their own country’s security at risk in order to increase revenues.

For more on this story, you can see the BBC version here, and the Dagbladet Information version here (in Danish, for subscribers only).

Eric Priezkalns
Eric Priezkalns
Eric is a recognized expert on communications risk and assurance. He was Director of Risk Management for Qatar Telecom and has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and others.   Eric was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He was a founding member of Qatar's National Committee for Internet Safety and the first leader of the TM Forum's Enterprise Risk Management team. Eric currently sits on the committee of the Risk & Assurance Group, and is an editorial advisor to Black Swan. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.   Commsrisk is edited by Eric. Look here for more about Eric's history as editor.