“‘A grim outlook’: How cyber surveillance is booming on a global scale”
MIT Technology Review, November 8, 2021
by Patrick Howell O’Neill
“New data paints a detailed picture of the ways Western companies are selling cyber weapons and surveillance technology to NATO’s enemies.”
The increasing overlap between the world’s arms trade and the secretive surveillance industry risks damaging US national security and will create the potential for even more abuse unless more accountability is introduced, according to a new study.
The research, from the American think tank the Atlantic Council, offers one of the most thorough accountings ever assembled of a booming, cross-continental surveillance industry that makes billions of dollars and yet mostly manages to stay out of the limelight. After years of rising demand for hacker-for-hire products and an increase in reported abuses by companies like NSO Group, countries around the world are now trying to deal with this largely hidden industry.
The report is based on 20 years of data collected from the cyber surveillance trade show ISS World and arms fairs like France’s Milipol, where hacking is the fastest-growing business segment alongside more traditional wares like guns and tanks. Its authors examined 224 surveillance companies present at these shows, looked at their marketing material, examined where in the world they advertised their products, and detailed the known sales of surveillance and hacking tools.
They also argue that numerous companies that market internationally, especially to adversaries of NATO, are “irresponsible proliferators” and deserve more attention from policymakers.
These companies include Israel’s Cellebrite, which develops phone hacking and forensics tools, and which sells around the world to countries including the US, Russia, and China. The company has already faced significant blowback because of, for example, its role during China’s crackdown in Hong Kong and the discovery that its technology was being used by a Bangladeshi “death squad.”
“When these firms begin to sell their wares to both NATO members and adversaries,” the report says, “it should provoke national security concerns by all customers.”
The trade is increasingly global, according to the report, with 75% of companies selling cyber surveillance and intrusion products outside their own home continent. Lead author Winnona DeSombre, a fellow with the Atlantic Council’s Cyber Statecraft Initiative, argues that such sales signal potential problems with oversight.
“There does not seem to be a willingness to self-regulate for a majority of these firms,” she says.
By marking such firms as “irresponsible proliferators,” DeSombre hopes to encourage lawmakers around the world to target some companies for greater regulation.
About the Author:
Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. He covers national security, election security and integrity, geopolitics, and personal security: How is cyber changing the world? Before joining the publication, he worked at the Aspen Institute and CyberScoop covering cybersecurity from Silicon Valley and Washington DC.
- Atlantic Council: “Surveillance Technology at the Fair: Proliferation of Cyber Capabilities in International Arms Markets“