Compliance Management, Threat Intelligence

Blue Coat may be selling monitoring technology to additional repressive regimes


A cyber and human rights research institution has released a report questioning a security vendor's distribution of products containing web monitoring capabilities.

The 42-page report authored by Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, revealed that products made by Sunnyvale, Calif.-based firm Blue Coat Systems are being used in countries with a track record of targeting journalists and dissidents with surveillance technologies.

According to the paper, “Some Devices Wander By Mistake: Planet Blue Coat Redux,” products called “ProxySG” and “PacketShaper,” which are capable of recording private communications and restricting users' web access, were detected on public networks in 83 countries, including Iran, Syria and Sudan – regimes with a troubling history of human rights grievances.  

Citizen Lab additionally found that Blue Coat violated U.S. sanctions that bar the sale of technologies, such as ProxySG and PacketShaper, to repressive regimes. Researchers used Shodan, a computer search engine, and an anonymously published report, “Internet Census 2012,” to detect where Blue Coats' products were distributed globally.  

The nine authors of the report argued that, despite Blue Coats' potentially questionable business practices, the findings highlight larger “structural problems” with current U.S. regulations, compliance and distribution practices surrounding the use of dual-use technology, defined as technologies used for both civilian and military purposes.

Over the years, other companies have been accused of indirectly supplying legitimate software to repressive regimes that used the technologies to persecute or spy on citizens. In April, Citizen Lab published a detailed report uncovering these alleged practices by U.K.-based Gamma International, which makes surveillance software called FinFisher. Gamma insists the product is only used by law enforcement and intelligence agencies to secretly monitor criminals.

In 2011, Blue Coat became the subject of controversy after it was discovered that its products were being used by the Syrian government to censor and monitor web activity during a violent crackdown against dissidents. After an investigation, the U.S. Commerce Department fined a third-party distributor of Blue Coats' products, Dubai-based Computerlinks FZCO, $2.8 million for diverting devices to Syria.

Morgan Marquis-Boire, project leader of the Citizen Lab team that  authored the report, told on Tuesday that the concerns surrounding the sale of dual-use technology by Blue Coat are “demonstrative of a systematic problem.”

“Blue Coat is by no means the only company that's ever had these types of accusations [launched] against them,” he said, adding that companies should fervently “investigate and know customers before and during a sale” of their surveillance products.

In addition, the report called for reform to existing U.S. export licensing procedures, including the Export Administration Act (EAR), which would provide better oversight of the sale of equipment that may infringe on human rights.

Blue Coat declined to comment on the accuracy of Citizen Labs' report.

On Tuesday, David Murphy, the company's COO, told in an email that Blue Coat “cannot comment on any new report about the presence of our products in embargoed countries until we have received a copy of the report and had a chance to review it in detail.”

He added, however, that their products “are not intended for surveillance purposes.” According to the company's website, Blue Coat sells "hardware proxy appliances for corporate networks offering web caching, virus scanning, content filtering, instant messaging control and bandwidth management."

Murphy said Blue Coat has never sold its technology to embargoed countries, and it doesn't allow its partners to sell its appliances to them either.

“Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel,” Murphy said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.