http://online.wsj.com/article/SB10001424052970203687504577001911398596328.html
OCTOBER 29, 2011
U.S. Firm Acknowledges Syria Uses Its Gear to Block Web
By JENNIFER VALENTINO-DEVRIES, PAUL SONNE and NOUR MALAS
A U.S. company that makes Internet-blocking gear acknowledges that Syria has been using at least 13 of its devices to censor Web activity there--an admission that comes as the Syrian government cracks down on its citizens and silences their online activities.
Blue Coat Systems Inc. of Sunnyvale, Calif., says it shipped the Internet "filtering" devices to Dubai late last year, believing they were destined for a department of the Iraqi government. However, the devices--which can block websites or record when people visit them--made their way to Syria, a country subject to strict U.S. trade embargoes.
Blue Coat told The Wall Street Journal the appliances were transmitting automatic status messages back to the company as the devices censored the Syrian Web. Blue Coat says it doesn't monitor where such "heartbeat" messages originate from. Computer code reviewed by the Journal indicates that Syrians were also using other Blue Coat products, raising questions about how the tools came to be used this way and whether Blue Coat has violated the trade embargo.
As Arab Spring political uprisings have swept the region this year, Bashar al-Assad, whose family has ruled Syria for more than four decades, has overseen some of the bloodiest crackdowns on protesters. On Friday, Syrian troops opened fire on protesters, leading to fresh reports of deaths. According to the U.N., more than 3,000 civilians have been killed in Syria since the start of protests.
Blue Coat executives say they don't know how the devices got to Syria. The company says it alerted U.S. authorities in recent days to the "improper transfer" and is cooperating with government inquiries.
"We don't want our products to be used by the government of Syria or any other country embargoed by the United States," Steve Daheb, Blue Coat senior vice president, said, in the company's first detailed explanation of the matter. He said the company is "saddened by the human suffering and loss of human life" in Syria.
The discovery of the devices in Syria shows the difficulty of controlling U.S. tech exports and demonstrates how regimes manage to use Western technology to censor speech and stifle dissent even when they are subject to trade sanctions. As the Arab Spring uprisings swept the region this year, security forces used Western technology in their often brutal fight to retain political control.
Egypt's secret services used technology from a British company to eavesdrop on dissidents over Skype. Col. Moammar Gadhafi's regime snooped on the emails and Internet chats of Libyan dissidents using invasive technology from a French firm. And across the Gulf, Internet-service providers have been relying on tools from Blue Coat, Intel Corp.'s McAfee and the Canadian firm Netsweeper Inc. to snuff out opposition websites.
Since 2004, the U.S. has prohibited the export, without a special license, of most U.S. goods and services to Syria. According to the Commerce Department, applications for licenses to do business with Syria since then have been "subject to a general policy of denial."
Many companies don't track where their technology goes after an initial, legal sale. Though the U.S. government requires re-export licenses for controlled devices, the rules can be difficult to enforce.
A State Department official said, "We are reviewing the information that we have and monitoring the facts as they come in" and "are looking into" the Blue Coat matter. The authority to investigate potential embargo violations involving technology in Syria falls to the Department of Commerce. A spokesman there said the department doesn't comment on "ongoing investigations."
The devices' road to Syria is still partly unclear. The company says it shipped 14 of its ProxySG 9000 Internet-filtering appliances from Rotterdam to Dubai in late 2010, an order valued at an estimated $700,000. It believes 13 are being used to censor parts of the Syrian Internet. What happened to the 14th is unclear.
Blue Coat says it received a two-part order from a Dubai distributor in 2010 that identified the end customer as Iraq's Ministry of Communications. Blue Coat approved the order and delivered the devices to the distributor in the U.A.E. The company says it didn't follow up on where the devices went from there.
The Iraqi Ministry of Communications couldn't be reached to comment Thursday. Blue Coat declined to name the Dubai distributor.
"At the present time, the company cannot confirm how the appliances were transferred from the point of shipment or from Iraq to Syria," Blue Coat's Mr. Daheb said. The company is "continuing its own internal review."
Some of Syria's largest Internet-service providers have been using Blue Coat devices since as early as 2005, according to a person familiar with the matter. The order of 14 devices was the largest in recent memory, but as many as 25 appliances have made their way into Syria since the mid-2000s, with most sold through Dubai-based middlemen, this person said. Blue Coat says it is investigating other possible unauthorized transfers.
Blue Coat began life in 1996 as CacheFlow Inc., which sold appliances to businesses that quicken Web-page delivery, among other things. In 2002, it changed its name to Blue Coat and reinvented itself as a security company. The idea: Sell appliances that filter the Internet to protect big corporate networks. Today, that is Blue Coat's primary business.
The company has no corporate policy against selling to governments or Internet service providers engaged in censorship. Its devices block websites in the U.A.E., Bahrain and Qatar, a Journal investigation earlier this year determined.
Mr. Daheb says that "it is the government's role to set appropriate social policy and identify governments and entities that U.S. companies should not do business with."
Blue Coat's export-auditing system is focused on screening potential buyers before devices are sold, rather than on keeping track of devices once they are deployed, according to people familiar with the company.
Information about Blue Coat in Syria began to trickle out in August, after a "hacktivist" group called Telecomix managed to gain access to unsecured servers on Syria's Internet systems and found evidence of Blue Coat filtering. The group found computer records, or logs, detailing what Web pages the Blue Coat devices were censoring in Syria.
Earlier this month the group released those logs, but with all the Internet Protocol, or IP, addresses redacted for privacy reasons. IP addresses are unique numbers assigned to devices that connect to the Internet, often identifying location.
The Journal, however, has reviewed unredacted portions of the logs. The logs show the Blue Coat devices were filtering the Internet activity of individuals who were accessing the Web via Syrian IP addresses. The logs also include the serial numbers of the Blue Coat devices.
The logs offer a rare insight into what the Assad regime doesn't want Syrians to see online. Blocked sites include that of the Muslim Brotherhood in Syria, an opposition group banned in the country since it led an uprising against Mr. Assad's father in the 1980s, and the-syrian.com, a website dedicated to news about the uprising.
The devices blocked about 6% of the more than 750 million requests they filtered from July 22 to Aug. 6, according to a Journal analysis of the data. They blocked or monitored at least 26,700 attempts to connect to websites run by opposition figures or devoted to covering the Syrian uprising, such as all4syria.info and welati.net.
Visits to sensitive areas of social-networking sites were also recorded, but not necessarily blocked. Of more than 2,500 attempts to connect to facebook.com/syrian.revolution, for example, about 1,575 were blocked and 934 others were kept in the logs, according to the Journal's analysis.
Mr. Daheb said the devices censoring the Syrian Web don't have access to Blue Coat's main filtering database, which regularly categorizes new websites to be blocked by its software, such as pornography, gambling or religious sites. Blue Coat says it can't turn off the devices remotely.
The appliances do have Blue Coat service and support contracts. The company says it has now cut off contracts for the devices.
Also in the logs were indications that another Blue Coat product, PacketShaper, is being used in Syria. Blue Coat says it doesn't market or sell PacketShaper devices or software--which help companies keep computer networks running smoothly--in Syria due to the embargo.
The Blue Coat logs show that some people within Syria are also using a Blue Coat filtering product for personal computers, known as K9 Web Protection, which periodically interacts with the company's database of filtered websites. The K9 software works like this: When a person uses a computer with K9 to visit a certain website, the tool contacts Blue Coat to get information about the nature of the site and decides whether to block it.
It is possible, trade-law experts say, that such services could violate the U.S. embargo on Syria. "The executive orders this summer appear to be comprehensive," said Ronald Oleynik, head of the trade regulatory practice at the law firm Holland & Knight LLP.
Other software and service companies regularly prevent access from IP addresses in countries such as Syria. Google Inc., for example, does so for some of its software.
Blue Coat says its K9 software "may be eligible for export to Syria under exemptions that govern publicly available free software and informational materials incident to communications services." A person familiar with the matter said the company isn't sure and is awaiting word from U.S. authorities. In the meantime, Blue Coat's Mr. Daheb says the company has now revoked the licenses of K9 software to prevent access from Syria, "in an abundance of caution."
--Margaret Coker contributed to this article. Data analysis by Rob Barry and Ashkan Soltani.
Write to Paul Sonne at paul.sonne@wsj.com and Nour Malas at nour.malas@dowjones.com