We couldbeheroes -recon2014

Editor's Notes

1. Ethiopia, by the way, is one of the NSA’s approved SIGINT partners. As you can see on this chart, taken from the Snowden documents published in Glenn Greenwald’s book “No Place to Hide,” Ethiopia received $450k from the NSA to build its surveillance capabilities, including those targeting “terrorists,” which is what the Ethiopian government calls political dissidents. Citizen Lab reports have found both FinFisher and HackingTeam command and control servers operating in Ethiopia. Given how relatively inexpensive these products are, $450k goes a long way towards covering those costs.
2. Three months later, I was put in touch with a person in Washington DC who provided technical support for Ginbot 7, known by the pseudonym Kidane. I explained the researcher’s findings, described FinFisher’s capabilities, and he allowed an expert to examine his computer for malware. Forensic analysis revealed that his computer had been infected with FinFisher’s surveillance tool, FinSpy. It had been uninstalled, but the uninstallation process had left traces which enabled us to know some of what the software had recorded and possibly exfiltrated back to the Ethiopian government. This data included Skype calls and Google searches. Further analysis traced the infection back to an infected Word document attachment that had been sent by agents of the Ethiopian government and forwarded to him.
3. Because the spying happened in the United States—in fact—Mr Kidane’s laptop never left the US, EFF is representing him in a lawsuit against the Ethiopian government. We are suing the Ethiopian government for violating the US wiretapping act and state privacy law. This case is important because it demonstrates that state-sponsored malware infections and can indeed are occurring in the U.S. against U.S. citizens. It seeks to demonstrate that warrantless wiretapping is illegal and can be the basis of a lawsuit in the United States, regardless of who engages in it.   
4. Meanwhile, British privacy watchdogs Privacy International the findings on Mr. Kidane’s computer, as well as Citizen Lab’s extensive research into the use of UK-based Gamma International’s surveillance software to facilitate human rights violations to put pressure on Her Majesty’s Revenue and Customs to investigate these exports. We expect that EF’s law suit and PI’s legal action will take a long time to work their way through the courts. The fight against governments that abuse human rights through targeted surveillance and the companies that sell to them, facilitating that abuse, but is a long one, but it would not be possible at all without public research directly linking human rights abuses to the surveillance software.
5. So, what do I want you to do with your next year of research? If you find malware targeting vulnerable groups, publish your research. Ideally, it should be written in a way that can be understood by journalists and activists and ordinary readers, who can turn it into advice for the targets and fodder for policy decisions—and if you can’t do that, partner with a journalist or activist from the affected community. If you are concerned about the possibly legal implications of publishing your research, contact me at the Electronic Frontier Foundation. We have an entire floor of lawyers who have been defending the rights of security researchers to publish their work for decades. If you are located outside of the United States, or you are concerned about legal action outside of the US, I can make a referral.