Blue Coat Caught Up In Global Surveillance Storm Again

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Company’s tech found in nations including China, Russia, Egypt and Bahrain, but are they being used for negative purposes?

Blue Coat Systems technologies are being widely used in nations with poor human rights’ records, possibly for censorship and surveillance purposes, researchers have claimed.

Two of Blue Coat’s technologies have been seen in use in various countries. The first is ProxySG, which allows for filtering of unwanted content on the Internet and supplements efforts to intercept encrypted communications with SSL inspection services. The second is PacketShaper, which provides intelligence about network traffic.

Researchers said they had, after several weeks of scanning with the Shodan computer search engine and validation ending  this month,  uncovered 61 Blue Coat ProxySG devices and 316 Blue Coat PacketShaper appliances. Citizen Lab found 61 appliances were running “on public or government networks in countries with a history of concerns over human rights, surveillance, and censorship”.

Those countries included China, Egypt, Saudi Arabia, the UAE, Iraq, Russia, Afghanistan, Bahrain and India.

Blue Coat doing battle again

Whilst, Blue Coat’s technologies are legitimate corporate products, used widely to protect organisations from security threats, they can also be used for censorship and surveillance, Citizen Lab said. It calls this “dual-use” technology, and the researchers believe governments and Blue Coat itself should keep closer tabs on where their products are used.

“Our findings support the need for national and international scrutiny of Blue Coat implementations in the countries we have identified, and a closer look at the global proliferation of “dual-use” information and communication technologies,” Citizen Lab wrote in its report.

“Internet service providers responsible for these deployments should consider publicly clarifying their function, and we hope Blue Coat will take this report as an opportunity to explain their due diligence process to ensure that their devices are not used in ways that violate human rights.”

This is the second time Blue Coat has been caught up in a surveillance storm. Its technology was reportedly active in Syria, just as the nation was descending into civil war, and was allegedly used  as part of the network filtering and monitoring carried out by the Syrian government.

A separate report from Citizen Lab indicated the technology was being used in Burma as well. Eventually, the US Department of Commerce opened an investigation into the situation, yet it is clear Blue Coat technology remains active in nations of concern.

Blue Coat had not offered comment on the latest research at the time of publication.

Other companies involved in the web security space have come in for criticism over the past few months. Gamma International, a UK-based firm, has been of particular interest to human rights campaigners, after its spyware was spotted in nations with a poor human rights record.

Privacy International has pursued the case, calling on the UK government to look into whether Gamma had broken the law, but selling into nations such as Bahrain and Egypt.

“Governments should be controlling exports of all products that can be used in abusive surveillance practices – even those that also have perfectly legitimate alternative uses,” Eric King, head of research at Privacy International, told TechWeekEurope today.

“Export licences are granted on a case-by-case basis and hundreds of ‘dual-use’ products are already controlled, so preventing technologies like BlueCoat’s being sold to repressive foreign regimes, regimes that are renowned for their casual disregard for the fundamental rights and freedoms of their citizens, should not be so difficult.”

To prevent such technology getting into the wrong hands, Citizen Lab backed multilateral efforts from European and US governments, especially in the export controls space, as well as better corporate social responsibility initiatives.

Respect privacy? Try our privacy quiz!