Jennifer Valentino-Devries, Julia Angwin, and Steve Stecklow write for The Wall Street Journal:
Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001.
The techniques described in the trove of 200-plus marketing documents, spanning 36 companies, include hacking tools that enable governments to break into people's computers and cellphones, and "massive intercept" gear that can gather all Internet communications in a country. The papers were obtained from attendees of a secretive surveillance conference held near Washington, D.C., last month.
Intelligence agencies in the U.S. and abroad have long conducted their own surveillance. But in recent years, a retail market for surveillance tools has sprung up from "nearly zero" in 2001 to about $5 billion a year, said Jerry Lucas, president of TeleStrategies Inc., the show's operator.
Critics say the market represents a new sort of arms trade supplying Western governments and repressive nations alike. "The Arab Spring countries all had more sophisticated surveillance capabilities than I would have guessed," said Andrew McLaughlin, who recently left his post as deputy chief technology officer in the White House, referring to the Middle Eastern and African nations racked by violent crackdowns on dissent.
The Journal this year uncovered an Internet surveillance center installed by a French firm in Libya and reported that software made by Britain's Gamma International UK Ltd., had been used in Egypt to intercept dissidents' Skype conversations. In October, a U.S. company that makes Internet-filtering gear acknowledged to the Journal that its devices were being used in Syria.
Companies making and selling this gear say it is intended to catch criminals and is available only to governments and law enforcement. They say they obey export laws and aren't responsible for how the tools are used.
Trade-show organizer Mr. Lucas added that his event isn't political. "We don't really get into asking, 'Is this in the public interest?'" he said.
TeleStrategies holds ISS World conferences world-wide. The one near Washington, D.C., caters mainly to U.S., Canadian, Caribbean and Latin American authorities. The annual conference in Dubai has long served as a chance for Middle Eastern nations to meet companies hawking surveillance gear.
Many technologies at the Washington-area show related to "massive intercept" monitoring, which can capture vast amounts of data. Telesoft Technologies Ltd. of the U.K. touted its device in its documents as offering "targeted or mass capture of 10s of thousands of simultaneous conversations from fixed or cellular networks." Telesoft declined to comment.
California-based Net Optics Inc., whose tools make monitoring gear more efficient, presented at the show and offers a case study on its website that describes helping a "major mobile operator in China" conduct "real-time monitoring" of cellphone Internet content. The goal was to help "analyze criminal activity" as well as "detect and filter undesirable content," the case study says.
Net Optics' CEO, Bob Shaw, said his company follows "to the letter of the law" U.S. export regulations. "We make sure we're not shipping to any countries that are forbidden or on the embargo list," he said in an interview.
Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data. Although hacking techniques are generally illegal in the U.S., law enforcement can use them with an appropriate warrant, said Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Justice Department.
The documents show that at least three companies—Vupen Security SA of France, HackingTeam SRL of Italy and Gamma's FinFisher—marketed their skill at the kinds of techniques often used in "malware," the software used by criminals trying to steal people's financial or personal details. The goal is to overcome the fact that most surveillance techniques are "useless against encryption and can't reach information that never leaves the device," Marco Valleri, offensive-security manager at HackingTeam, said in an interview. "We can defeat that."
Representatives of HackingTeam said they tailor their products to the laws of the country where they are being sold. The firm's products include an auditing system that aims to prevent misuse by officials. "An officer cannot use our product to spy on his wife, for example," Mr. Valleri said.
Mr. Valleri said HackingTeam asks government customers to sign a license in which they agree not to provide the technology to unauthorized countries.