The United States is proud of its leadership in information technology. So perhaps it is no surprise that a company that apparently helps governments in their digital spying chose U.S. service providers to launder their applications.
The University of Toronto’s Citizen Lab said in a report this week that an Italian company called Hacking Team, also known as HT S.r.l., which sells a so-called “remote monitoring implants” only to government agencies, runs some of its operations through U.S. based data centres.
Hacking Team’s flagship Remote Control System (RCS)product, is called “the hacking suite for governmental interception” by the company, according to the report.
Citizen Lab has traced RCS proxy chains and says the U.S. servers appear to assist the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.
“The extensive and deliberate use of dedicated U.S. hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” says the report. “These include whether RCS client countries violate U.S. law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware.
“Moreover, RCS client countries, by exposing wiretap data to U.S. and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.
RCS can record Skype calls, copy passwords, e-mails, files and instant messages, and turn on a computer or phone’s webcam and microphone to spy on nearby activity, says the report.
There are news reports suggesting evidence that RCS has been used to target journalists in Morocco, activists in the UAE and a U.S.-based critic of Turkish charter schools, says the report.
The Washington Post carried this news story on the report, which also quoted spokesman for Hacking Team, who noted much of the world’s Internet traffic flows through the U.S. He also said that the company’s clients use its tools to watch communications of people under criminal investigation.
What bothers Citizen Lab in party is that RCS traffic going through the U.S. “not normal routing incident to benign electronic communications, but the purposeful use of U.S. servers for the surreptitious transmission of wiretapped data to foreign governments.” However, it acknowledges that it isn’t clear if it violates U.S. law.
“Hacking Team’s use of U.S.-based services as part of its spyware also creates liabilities for the companies providing such service,” the report adds. “As a matter of corporate social responsibility, these companies certainly would want to ensure that their services are not used for purposes potentially in violation of U.S. and international law and inimical to the enjoyment of basic human rights. We suspect Hacking Team does not inform its US-based service providers of the nature of the data it transmits, and question what representations Hacking Team has in fact made to these companies.”