Channel in dock after Blue Coat kit found in pariah states

Report recommends vendors vet partners to ensure their wares do not end up being used by repressive regimes

Vendors must exercise more scrutiny over their partners to prevent "dual-use" technology ending up in the hands of repressive dictatorships.

That is a key recommendation of academics who detected devices made by US-based vendor Blue Coat on public networks in three countries that are subject to US sanctions.

The security vendor got into hot water in 2011 when its ProxySG appliances were first found in Syria.

But new research from Canadian laboratory Citizen Lab also detected Blue Coat's wares in two further pariah states in the shape of Iran and Sudan.

Blue Coat stressed that it "has never permitted the sale of our products to countries embargoed by the US".

Dual-use concerns

In its report, Citizen Lab used a combination of network measurement and scanning methods and tools to identify instances of Blue Coat's ProxySG and PacketShaper devices around the world.

It classifies both as dual-use devices, claiming they can be used not only for their stated purpose of securing and maintaining networks, but also for implementing politically motivated restrictions on access to information and monitoring and recording private information.

Numerous names have been implicated in the export of dual-use technology – among them Cisco, McAfee and Nokia Siemens – Citizen Lab pointed out. But it said Blue Coat might attract disproportionate attention from civil society because its products are easily identifiable on networks.

Six Blue Coat devices were identified on a number of networks in Iran, including a ProxySG device on residential ISP Max Net. The presence of a ProxySG device was also identified on Sudanese consumer ISP Canar Telecom.

Meanwhile, devices were detected on networks operated by the state-owned Syrian Telecommunications Establishment, reinforcing previous research from Citizen Lab, as well as numerous reports.

Channel clampdown

The discovery of Blue Coat appliances in Syria in 2011 triggered regulatory action against the UAE operations of one of its distributors, Computerlinks. Blue Coat maintains it lawfully sold its devices to the distributor, only after which point they were unlawfully diverted to Syria.

Citizen Lab recommended that vendors put increased focus on the human rights principles of distribution partners and other third parties that sell dual-use technologies.

"For example, how might companies better incorporate audits and human rights ‘background checks' when assessing potential or current partners?" it questioned.

It also recommended that dual-use technology companies develop greater transparency over export practices. This would include the release of export control product matrices identifying the ECCN [export control classification number] applicable to each of their products – a step Citizen Lab acknowledged Blue Coat took in May.

It gave extra kudos to Blue Coat for voicing its support for international human rights principles, and modifying its web filtering product following concerns it could be used against minority groups.

Not aware

In a statement, Blue Coat said it had been co-operating with the US government as part of its investigation into the illegal transfer of its products to Syria by third parties since 2011, stressing the activity took place without its knowledge.

"We cannot comment on any new report about the presence of our products in embargoed countries until we have received a copy of the report and had a chance to review it in detail," it added. "When we become aware of such allegations, we review the source information to determine whether it provides new information about the presence of our products in embargoed countries.

"In the meantime, we want to clarify that Blue Coat has never permitted the sale of our products to countries embargoed by the US. We continue not to sell to embargoed countries and also do not allow our partners to sell our products to embargoed countries. Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel."