Israeli tech companies are allegedly supplying advanced monitoring systems to authoritarian Central Asian governments to spy on their citizens and continue the crackdown on dissidents and political opponents, a report has disclosed.
Secretive countries such as Kazakhstan and Uzbekistan, with a dire human rights record and a reputation for cracking down on dissents, adopted surveillance systems provided by foreign companies, the largest of which have offices in Israel. Verint Israel and NICE Systems were accused of supplying monitoring centres to Kazakhstan's KNB and Uzbekistan's SNB, two security agencies implicated in human rights abuse.
While the KNB was involved in torture and ill-treatment allegations, the SNB was established in 1991 as the official successor to the feared KGB.
"Monitoring centres are capable of mass interception of telephone, mobile, and IP networks," Kenneth Page of Privacy International, which released the massive investigative report, told IBTimes UK. "Monitoring centres intercept and retain all data collected in an easy to use interface for the Law Enforcement Agency. They can also 'look back' into history due to the vast capability to retain such quantities of data."
"This allows the security and law enforcement agencies to have direct and unchecked access to phones calls and internet activity on a mass, and indiscriminate scale," Page continued.
Spying on citizens
The report cites interviews with dozens of political activists and journalists. In one case, an Uzbek citizen, Fazliddin Zayniddinov, used Skype to contact a fellow national who migrated to Sweden after serving a jail sentence, Mukhamadslikh Abutov. They discussed religious subjects.
"Some months later Zayniddinov was jailed, and in May 2013 was featured in a state-sponsored YouTube documentary that accused Zayniddinov of paying Abutov $100 to topple the Uzbek government," reads the report.
In another occasion, human rights lawyer Mamur Azimov - who was assisting the wife of Nabizhon Zhurabaev arrested on suspicion of trying to overthrow the Uzbeki government - attempted to contact another connational living in Paris, Talib Yakubov via Skype. However, the SNB summoned Azimov and Zhurabaev's wife asking them to stop making the calls.
The report explains that Kazakhstan distributed monitoring nodes known as Punkt Upravlenias (PU) which facilitate access to networks via the SORM interception regime.
"The nodes manage and access information from smaller parts of the state-wide monitoring infrastructure," Page said. "They connect to the telecommunications network and intercept the content of communications. They store and manage the interception acting as an interface between the Law Enforcement Agent and the intercepted material."
"Normally small local telecommunications companies act as the prime bidder for the PU supply, but they maintain business relationships with larger foreign based companies," Page said.
SSL - Man in the Middle Attack
In a more worrying development, Privacy International discovered that Verint offered to facilitate Uzbek authorities interception of encrypted SSL traffic using fake certificates.
Known as a Man-in-the-Middle attack, Uzbek authorities sought to fake the security certificate which would normally indicate a secure session on a browser to gain unprecedented access to activists' personal data. The SSL-encrypted communications are offered by default by Gmail, Facebook and other providers. Verint Israel used technology from Netronome, an American company owned by Blue Coat, to facilitate the replacing of the certificate.
"The involvement of a US company (Netronome) and Verint in this process is a worrying development as it indicates there is little oversight of their business practices, or they do not believe they have any obligations in what is done with their technology," Page said.
Companies such as Verint Israel and NICE are doing nothing illegal in selling the equipment to Uzbekistan and Kazakhstan, despite their appalling human rights records, as international trade "is largely unregulated - and therefore largely secretive".
"In 2011, the industry valued itself globally as being worth between $3bn and $5bn, and would grow by 20% every year, meaning this is not a small industry by any means," he said.
"These companies, and their investors, need to take a long and hard look at their business practices. They know well what goes on in the countries they do business with and they cannot turn a blind eye to these abuses anymore," Page said.
NICE systems told Haaretz that "our cyber and intelligence solutions assist law enforcement agencies in preventing crime and terrorist activity across the world. They help protect lives by gathering and analyzing information in real time. The company only sells its products to countries with which Israel has commercial ties, subject to regulation by the foreign and defense ministries. Use of the systems is made by law-enforcement agencies in these countries. The company cannot comment on current or future customers."