A new Privacy International report has revealed how Western technology companies turned a profit from building up the Syrian surveillance state. But their governments are also dependent on these businesses.
Western leaders have publicly fretted about the horrific situation in Aleppo, where President Bashar al-Assad's government forces are on the verge of re-taking the city from rebels after years of slaughter of civilians there.
While US Secretary of State John Kerry is stuck in a negotiation dead-end with his Russian counterpart Sergey Lavrov, (both sides accuse the other of delaying to help their allies on the ground), German Chancellor Angela Merkel last week used a party conference speech to condemn the "disgrace" of the international community's failure in Syria.
But even though Assad is considered a friend of Russia, Western companies have long profited from helping the Syrian government, as a new report by UK-based NGO Privacy International has shown. Western businesses selling surveillance software helped Syria - and other regimes in the region - build "nationwide communications monitoring systems" in the years running up to the Arab Spring in 2011.
Privacy International's report details how Western businesses such as Italy's RCS SpA and South Africa's VASTech were "important contributors to Syria's repressive surveillance state" between 2007 and 2012.
Helping Assad, and making money too
But Germany played its part, too. The report, entitled "Open Season," pays particular attention to Advanced German Technology (AGT), a Dubai-based company with a letterbox office in Berlin, which worked together with RCS to propose the use of US equipment in a Syrian surveillance project between 2008 and 2009 - even though US export controls actually banned the sale of surveillance equipment to Syria at the time.
Privacy International obtained several documents which it says showed that the companies helped Assad buy equipment to intercept communications on the networks of a satellite internet service provider Aramsat. In response, AGT told Privacy that the project was never completed and anyway it abided by United Nations and European Union export regulations.
AGT has come to the attention of activists and journalists before. The German media outlet "Netzpolitik," which specializes in internet surveillance and privacy issues, reported in February 2015 that AGT "advertises 'massive and passive interception' as core competencies." But those specialties no longer appear on AGT's website, and the links that Netzpolitik provided are now dead. Indeed, in its response to Privacy, the company said it "does not own any surveillance technology," and has been "exiting the business of lawful interception services" for a few years.
Throughout the period leading up to the war, Assad intensified his pursuit of dissidents, and Privacy alleges that some of the "surveillance architecture" that Western businesses helped set up is still in place today. Assad's government is thought to still have control over internet and broadband access in the country.
But Germany has been doing business with Syria for some time. Since at least 2004, the German engineering giant Siemens has been supplying the Assad regime with a "Lawful Interception Management System," (created by another German company, Ultimaco) for intercepting communications.
"In August that year, cybersecurity and surveillance technology firm Utimaco sold an interception management system to Siemens Syria for 1.179 million euros ($1.248 million)," Privacy found. This allowed the Assad regime to intercept phone calls, text messages, faxes, e-mails, instant messaging and other services, and was part of the Syrian's government's security apparatus until 2009.
Controlling the uncontrollable
Frank Herrmann, a privacy spokesman for the Pirate Party, was unsurprised by the new revelations. "Basically it's not unknown, and likely, that Western surveillance companies are doing business in the entire Middle East," he told DW wearily.
But he also said that it is much more difficult to control the export of surveillance technology than it is to control weapons sales. "The software area is a lot more out of control, and not testable," he said.
For one thing, unlike tanks and guns, surveillance software is used mainly by intelligence agencies - so the trade is necessarily protected by states.
Not only that, it is easy for an international IT company to evade export controls of any particular democratic state. "We know that these companies operate worldwide, they have their offices everywhere," he said. "So they don't sell this out of Germany to the state of Syria, but another country."
In its report, Privacy called on export authorities to make sales of surveillance technologies conditional on "rigorous, independent human rights impact assessments." But that, says Herrmann, is fairly unlikely. Western governments have an interest in companies finding ways to crack computers - after all, they are customers themselves. "They're dependent on these companies," said Herrmann.
Software simply can't be controlled in the way that other products can be. "If, as a state, I know some crack in the Microsoft operating system, for example, then my secret services use it, and obviously other secret services use it," he said. "I might build my own protection against it, but I don't tell Microsoft about it, because then I wouldn't be able to use it. So I try to keep it a secret, which doesn't work. It's a spiral, and it doesn't lead to more security." The only way to combat this spiral, Herrmann argues, is to make digital security gaps public and therefore worthless.