French Spyware Executives Are Indicted for Aiding Torture

The managers are accused of selling tech to Libya and Egypt that was used to identify activists, read private messages, and kidnap, torture, or kill them.

 

Earlier this week, French authorities indicted four former executives of the surveillance firm Nexa Technologies, formerly called Amesys, for complicity in torture and war crimes. Between 2007 and 2014, the firm allegedly supplied surveillance tools to authoritarian regimes in Libya and Egypt.

A coalition including the Interational Federation for Human Rights, the Cairo Institute for Human Rights Studies, and other human rights groups claim the repressive governments of former Libyan dictator Moammar Gadhafi and Egyptian President Abdel Fattah al-Sisi used the tools to identify dissidents and activists, read their private emails and messages, and, in some cases, kidnap, torture, or kill them.

Nexa's executives are accused of selling internet surveillance equipment that intercepted the emails, texts, and Facebook messages of journalists and dissidents. Executives allegedly sold the tech to Gadhafi's Libyan government in 2007 and Egypt in 2014. The indicted individuals include the former head of Amesys, Philippe Vannier, former president Stéphane Salies, and two current Nexa executives: president Olivier Bohbot and managing director Renaud Roques. Efforts to reach the men through Nexa were unsuccessful.

The investigating judges of the crimes against humanity and war crimes unit of the Paris Judicial Court will review the evidence to determine whether the four executives will be tried in criminal court.

Such indictments are exceedingly rare. National security experts say international markets for exporting surveillance tools are largely unregulated. The makers of such equipment often push back against restrictions, even those intended to safeguard against misuse. A 2017 effort from European journalists estimated there were over 230 surveillance companies headquartered within the EU.

“By and large, there’s little that the authorities are required to do to curb this toxic market,” says Marietje Schaake, the international policy director at Stanford University's Cyber Policy Center and a former member of the European Parliament. While in parliament, Schaake supported new restrictions on exports of cybersurveillance tech from Europe to countries with a history of human rights violations.

Introduced by EU lawmakers in 2016 and passed last year, these new rules require firms to obtain licenses to export certain “dual use” technologies, such as software capable of surveillance, hacking, or extracting data. Governments reviewing license applications must assess the likelihood the tools will be used to infringe on human rights.

The indictment of the French executives stems from sales that predate the new EU regulations, but Schaake hopes they send a message that it’s possible to enforce controls on cyber surveillance equipment. She says it’s much easier to regulate sales before the products are in other countries. Often, it’s Western countries that are most resistant to this idea.

“By and large, there’s little that the authorities are required to do to curb this toxic market.” 

Marietje Schaake, international policy director, Stanford Cyber Policy Center

“Companies frame these tools as being used for countering terrorism,” Schaake says. “The ones who are truly responsible for torturing or kidnapping are the states doing that, but the companies are providing crucial tools to enable it.”

Concerns about the sales to Libya and Egypt date to 2011’s “Arab spring,” when journalists and privacy groups raised alarms that US and European companies furnished surveillance gear to oppressive regimes.

In both the US and EU, export controls have evolved in a piecemeal fashion, with security firms saying overbroad restrictions can penalize research, counterterrorism, or other legitimate uses of the software and human rights groups emphasizing their potential in abetting authoritarianism.

Last October the US updated its own rules controlling export of potentially dangerous software. The Department of Commerce says it will now take human rights considerations into account when approving or denying licenses for companies to make international sales. As in the EU, the change comes after several failed bids for an overhaul. But what that means, practically, is still up in the air.

“You have to think about it in terms of the growing attention that human rights are receiving in both European and US circles and the greater attention that's being put on human rights abuses in China and other places,” says Garrett Hinck, a national security researcher at Columbia University.

Hinck explains that human rights organizations that lobby for reining in exports of surveillance gear are often the driving forces of these changes. Sustained public pressure from these activists have led to change in the US and EU. But these same countries are home to some of the most powerful and profitable software firms that oppose such changes.

Photograph: Getty Images