Co-authored by Dr. Stephen Bryen
Gamma International, which is based in Munich, Germany, markets a spy product called FinFisher. Sometimes the product is also called FinSpy. The product is a form of software that can, in various ways, be planted on computers and in computer networks, on mobile phones and on tablet computers such as the iPAD. Controversy is swirling around the company because it seems the products are being sold to governments and spy organizations and used against dissidents and political protest. The two most celebrated cases are in Egypt, where the Mubarak regime was using FinFisher to spy on protesters, and in Bahrain, where the government is allegedly using the product against its political opposition.
But FinFisher is much more widely spread globally than just these few examples, and it would not be wrong to speculate that most intelligence organizations, repressive or not, are using FinFisher or something like it to spy on its citizens, or on what it perceives as threats to its security.
You can read about FinFisher and some other computer and mobile spy systems in a new e-book, For Their Eyes Only, The Commercialization of Digital Spying, by Morgan Marquis-Boire and others.
There is a plethora of spy software on today's market -- hundreds of products that allow remote-control spying through computers and smartphones and tablets. Some are cheap and amateurish, but the really good ones can pick off almost any target, operate surreptitiously, are difficult to find once they embed themselves in your computer or mobile phone, and their activity is hard to trace because they encrypt what they steal.
U.S. Export Controls, and the export control systems of most advanced industrialized countries, do not do much to restrict the export and sale of spy products. So even if it is illegal to "use" a spy product without the target knowing about it and authorizing it, it is not illegal to sell the software. Such sales are justified, sometimes, by claiming that the software is only being sold for legitimate law enforcement purposes as "lawful intercept tools." Most would agree this is very fuzzy language at best and misleading in most cases.
What can FinFisher and other tools do? On mobile platforms they can record voice calls, SMS messages and emails. The software can place "silent calls" -- that is, turning your phone on when you are unaware it is active, and listening in on any conversation or meeting. It can also download your calendar, pictures, files and your contact list. Have you ever received a marketing email ostensibly from one of your friends, but in fact not sent by the friend? This is what happens when someone's contact list has been pilfered and used by the thief for a commercial, political or social purpose. (Some of these are dangerous scams -- they masquerade as the FBI or as your Credit Card company or your Bank, for example.)
And if you think that you are safe if you use an "encrypted" communications system, such as Skype, forget about it. FinFisher has the ability to record Skype conversations.
Today many companies are "lawfully" spying on their employees when "in" the workplace. They normally advise their employees that they have the right to do this, and such companies claim the reason for it is to protect their proprietary information and to make sure their computers and equipment are being used for company purposes. Some of this monitoring equipment is very sophisticated, and some of it will do everything that FinFisher or its analogues do. Because we are now living in a new world, with a BYOD (Bring Your Own Device) environment rapidly emerging, where a company's rights and an employee's rights begin and end is hard to say.
One thing is certain: the traditional idea of privacy is under heavy fire. While Congress worries about terrorism and serious crimes, all of serious concern, we need better ground rules to protect law abiding citizens.
Follow Rebecca Abrahams on Twitter: www.twitter.com/@RMAbrahams