New leaked documents show that Ethiopia has been working with several European tech companies to expand its surveillance powers in the past few years, potentially with the goal of improving its capabilities to monitor its own citizens.
In 2010, German company Trovicor pitched Ethiopia on an expanded surveillance system that would tap the country's growing internet backbone and potentially allow authorities to monitor online traffic, according to an internal document published on Monday by digital rights group Privacy International and German blog Netzpolitik.
Activists say these documents prove once again that Ethiopia is keen on using surveillance technology to spy on its citizens. Earlier in March, researchers showed new evidence linking Ethiopia to a series of cyberattacks against Ethiopian journalists in the US, using spyware provided by Italian company Hacking Team. In 2013, the same researchers accused Ethiopia of using another spyware provider, FinFisher, to target the opposition group Ginbot 7.
"They are building mass surveillance capabilities to monitor everyone in country."
"It's clear that the government of Ethiopia is one of the most aggressive purchasers of surveillance technology out there," Privacy International spokesperson Mike Rispoli told Motherboard. "They are building mass surveillance capabilities to monitor everyone in country, and using hacking tools to spy on dissidents and journalists at home and abroad."
In its customer presentation dated January 2010, Trovicor proposed to install its "next generation network (NGN)" taps into a planned 25 new local-level edge routers in Ethiopia. The taps would send data back to the government's monitoring center, which would've been provided by Trovicor.
It's unclear if Ethiopia finally gave Trovicor a contract to provide these services, but Privacy International and Netzpolitik have found a document that appears to show a June 2011 shipment from Trovicor to Ethiopia's National Intelligence and Security Service (NISS). Trovicor, as well as a spokesperson from Ethiopia's embassy in DC, did not answer to Motherboard's request for comment.
Privacy International's concerns stem from the fact that Ethiopia has long been accused of human rights violations. In February, Human Rights Watch called Ethiopia "one of the world's biggest jailers of journalists." And last year, the group released a detailed report showing how the Ethiopian government uses foreign surveillance technology "as a tool to silence dissenting voices."
Trovicor has been accused of aiding repressive governments in the past. Reporters Without Borders has labelled it one of the five "Corporate Enemies of the Internet." In 2009, when the company was part of Nokia Siemens Network, it sold lawful interception technology to Iran. Trovicor has also been accused of providing surveillance technologies to Syria and Bahrain, among others.
The company also has a working relationship with FinFisher, which sells spyware to governments around the world, according to a 2010 corporate newsletter. For Privacy International, this means that Trovicor's monitoring project in Ethiopia could have been used to deploy FinFisher spyware too.
"The combination of the two companies' capabilities at the time—massive monitoring centres and the deployment of the FinFisher malware—presents a very concerning capability in the hands of a repressive government," Privacy International wrote in its report.
"I want more attention for human rights and more transparency in the export-control system."
Both Privacy International and European Parliament member Marietje Schaake see these latest revelations as yet more proof that governments need to do more to prevent the spread of surveillance technology created by Western companies to countries where it could be abused.
"These new facts demonstrate once again the need to urgently adopt smart regulations for the exports of certain surveillance technologies that are used for human rights abuses," Schaake, who has been working on these issues for years, told Motherboard. "I want more attention for human rights and more transparency in the export-control system, so that exporting companies and the controlling governments are accountable."
Rispoli, at Privacy International, echoed her words.
"This can not go on any longer," he said. "There needs to be greater controls on the sale of these technologies, so we can hold the secretive surveillance industry accountable and prevent spy equipment from winding up in the hands of repressive regimes."
Some regulations are slowly starting to materialize. In late 2013, a number of countries, including the US, UK, Canada, France, and Germany, agreed to expand the Wassenaar Agreement, a dual use technology export control treaty, to include "intrusion" technologies. But this expansion now needs to be implemented by every signing country with their own local laws.