|

Francisco Partners-owned Sandvine profits from shutdowns and oppression in Belarus

On the night of August 9, 2020, as news started to come in that the Belarus election results might have been fraudulent, citizen reports and technical evidence showed that authorities were deliberately cutting access to the internet. Access Now and the #KeepItOn coalition monitored and reported on the shutdowns. The shutdowns were also followed by extreme police violence and detentions of peaceful protesters.

What we are learning now is that private, multinational companies played a direct role in enabling this censorship. Experts who examined the internet traffic in Belarus have previously suggested that deep packet inspection (DPI) technology was likely used to implement the shutdowns. Most recently, it was reported that the DPI equipment was produced by the Canadian company Sandvine, owned by infamous U.S. private equity firm Francisco Partners, and supplied to Belarus as part of a $2.5 million contract with the Russian technology supplier Jet Infosystems.

What is DPI?

DPI is a method of monitoring and filtering internet traffic through inspecting the contents of each packet that is transmitted through an inspection point, allowing for filtering out malware and unwanted traffic, but also real-time monitoring of communications, as well as implementation of targeted blockings and shutdowns. Thus, DPI technology enables both invasive privacy breaches and mass censorship. This has been documented in many countries, including Ethiopia, Kazakhstan, Iran, and China. The Russian government has also started to test DPI as it moves to implement its Sovereign Internet Law, which would allow the government to block undesirable content in a more targeted way than the previous method of blocking IP addresses, as well as to examine unencrypted content in electronic communications in real time. For years, Access Now has called out DPI technology’s potential to threaten open internet access, to contribute to network neutrality violations, to harm secure communications globally, and to put privacy at greater risk absent adequate regulation.

Sandvine and Francisco Partners’ past human rights record

This is not the first time Sandvine and Francisco Partners have been involved in facilitating human rights violations by a repressive government. In 2018, Citizen Lab published a report exposing how Sandvine’s DPI devices were used to redirect hundreds of users in Turkey and Syria to download nation-state spyware and to covertly raise money through affiliate ads and cryptocurrency mining in Egypt. Citizen Lab then followed up with a letter to Francisco Partners highlighting the abuses found in the report facilitated both by Sandvine, as well as NSO Group, another surveillance company that Francisco Partners owned (Francisco tried to sell NSO Group in 2017 but did not, under pressure from civil society, including Access Now, before dumping NSO onto London-based Novalpina in 2019). The letter urged the firm to address the serious human rights impacts of the products and services of its portfolio companies. Unfortunately, this call did not result in any meaningful oversight of Sandvine’s involvement in human rights violations.

Businesses have a duty to respect human rights, and governments to protect people from abuses by companies in their jurisdiction. In the face of repeated abuses by both Sandvine and its owners Francisco Partners, we believe the authorities should withdraw its licenses to export products and subject the firms to deep legal scrutiny.

This also raises questions about how Silicon Valley investors support bad actors globally, and whether current financial disclosure and legal accountability mechanisms are sufficient to protect human rights. The upcoming IPO of surveillance software firm Palantir, which proudly touts its work with militaries and law enforcement, provides more urgency to this question.

The role of the U.S. government

The United States government has a role to play in stopping and preventing human rights abuses facilitated by companies that sell privacy-breaching and censorship technology to bad actors. Statements issued by the Embassy in Belarus and Secretary of State against the internet censorship send a strong signal but the US government and its allies have more direct levers to use.

First, the U.S. State Department needs to finalize its Draft Guidance on the export of items with surveillance capabilities, which Access Now was consulted on. The Guidance is meant to assist exporters of such items with implementation of the UN Guiding Principles on Business and Human Rights as well as the Organisation for Economic Co-operation and Development (OECD) Guidelines for Multinational Enterprises to prevent and eliminate the misuse of such items in violations of human rights.

Second, the United States Congress must do more to ensure U.S. companies are not profiting off the sale of surveillance and censorship technology, and doing business with clients sporting a track record of human rights violations and abuse. We support the widespread call for a moratorium on the trade of surveillance tech, and all governments, especially those in the Freedom Online Coalition like the United States, should implement it.

Third, the United States must ensure human rights experts take control of the export licensing approval process. Engaging the State Department’s Internet Freedom and Business and Human Rights team to identify problematic actors, both state and private, could help.

Fourth, the U.S. could renew its engagement in the Wassenaar Arrangement to protect human rights, and coordinate with the European Union to impose consistent controls and share information on bad actors.

Finally, at the state level, California’s Attorney General Xavier Becerra should look into whether proper due diligence was undertaken by Sandvine before exporting its tools to Belarus, as well as other human rights-abusing regimes.

Access Now calls on governments and businesses to stop profiting from oppression in foreign countries and apply greater scrutiny to sales and transfers of technologies that enable surveillance and censorship of civil society and those who disagree with their governments.