I am pleased to announce a new Citizen Lab report: “Tender Confirmed, Rights At Risk: Verifying Netsweeper in Bahrain.” The full report can be found here: https://citizenlab.org/2016/09/tender-confirmed-rights-risk-verifying-netsweeper-bahrain
Internet censorship is a major and growing human rights issue today. Access to content is restricted for users on social media, like Facebook, on mobile applications, and on search engines. The most egregious form of censorship, however, is that which occurs at a national level for entire populations. This type of censorship has been spreading for many years, and now has become normalized across numerous countries.
One of the Citizen Lab’s longest standing forms of research is the meticulous documentation of Internet censorship. We were one of the founding partners of the OpenNet Initiative, which at one time documented Internet filtering and surveillance in more than 70 countries on an annual basis. We continue this research in the form of country case studies or analyses of information controls around specific events, like a civil war.
At the core of this research is the use of a mixture of technical interrogation and network measurements methods, including in-country testing, remote scans of national networks, queries on databases, and large-area scans of the entire Internet. One of the methods we use in this research is a scanning tool called Zmap, which we run on high-speed computers to perform a complete scan of the entire Internet space in a matter of minutes. Think of this technique as an MRI of the Internet.
A byproduct of these scans is the ability to identify equipment that is used to undertake Internet censorship and surveillance. Certain filtering systems have the equivalent of digital signatures which we use when scanning the Internet. Searching for these signatures allows us to locate installations around the world. Doing so is useful in and of itself to help shed a light on what’s going on beneath the surface of the Internet. But it is also useful for raising awareness about the companies that are complicit in Internet censorship practices.
One of the companies that we have identified in this way is Netsweeper, Inc, a Canadian company based in Waterloo, Ontario. We have identified Netsweeper installations being used to filter at the national level in Pakistan, Somalia, and Yemen, among others. Our latest report, published today, locates live Netsweeper installations on nine ISPs in the Kingdom of Bahrain.
These findings are significant for several reasons: Bahrain is one of the world’s worst countries for respect for human rights, particularly press and Internet freedoms. For many years, Bahrain has restricted access to Internet content having to do with independent media, websites critical of the Kingdom, and content related to the Shia faith, which is heavily persecuted in Bahrain.
In January 2016, Bahrain issued a tender for bidding on a national-level Internet filtering system. Our findings are significant because we can confirm the presence of Netsweeper installations on Bahraini ISPs following the bid.
These findings are also noteworthy because Netsweeper filed, and then discontinued a $3.5 million defamation suit against myself and the University of Toronto following our prior report on Netsweeper in Yemen. Our report published today is the first since the defamation suit was discontinued by Netsweeper. As we have done with prior reports, we sent Netsweeper a letter, which can be found here, in which we lay out our findings, ask Netsweeper questions about their due diligence and corporate social responsibility policies, and offer to publish their response in full alongside our report. As of today, Netsweeper has not replied to that letter.
Lastly, the case is significant because Netsweeper is a Canadian company, and the provision of Internet filtering services to a country like Bahrain— though not in violation of any Canadian law per se — is definitely being used to suppress content deemed legitimate expression under international human rights law, which Canada explicitly supports. All the more troubling, then, is the fact that Netsweeper has benefited, and will benefit in the future, from tangible support provided by both the Canadian and the Ontario governments in trade shows held in the Gulf region. Canada’s Trade Commissioner says the government’s involvement at these trade shows includes assistance with “business-to-business meetings” and “networking events” as well as provision of a “pavilion/exhibit” — all of which is “offered free of charge to Canadian companies and organizations.” While we have no evidence Canada went so far as to facilitate Netsweeper’s specific bid on Bahrain’s tender, they certainly did use Canadian tax payers dollars to represent Netsweeper to interested clients in the region.
Should the government of Canada be promoting a company whose software is used to violate human rights and which offers services in direct contradiction to our stated foreign policy goals on cyberspace? Perhaps a more harmonized approach would be to require companies like Netsweeper to have some explicit corporate social responsibility process in place. Export controls could be established that restrict the sale of technology and services to countries that will use their product to infringe internationally-recognized human rights. Taking these steps would help better synchronize Canada’s economic and human rights policies while also bringing the world of Internet filtering in line with widely recognized principles on how businesses should respect human rights.