A U.S. company that makes Internet-blocking gear acknowledges that Syria has been using at least 13 of its devices to censor Web activity there—an admission that comes as the Syrian government cracks down on its citizens and silences their online activities.
Blue Coat Systems Inc. of Sunnyvale, Calif., says it shipped the Internet “filtering” devices to Dubai late last year, believing they were destined for a department of the Iraqi government. However, the devices—which can block websites or record when people visit them—made their way to Syria, a country subject to strict U.S. trade embargoes.
Blue Coat told The Wall Street Journal the appliances were transmitting automatic status messages back to the company as the devices censored the Syrian Web. Blue Coat says it doesn’t monitor where such “heartbeat” messages originate from. Computer code reviewed by the Journal indicates that Syrians were also using other Blue Coat products, raising questions about how the tools came to be used this way and whether Blue Coat has violated the trade embargo.
As Arab Spring political uprisings have swept the region this year, Bashar al-Assad, whose family has ruled Syria for more than four decades, has overseen some of the bloodiest crackdowns on protesters. On Friday, Syrian troops opened fire on protesters, leading to fresh reports of deaths. According to the U.N., more than 3,000 civilians have been killed in Syria since the start of protests.
Blue Coat executives say they don’t know how the devices got to Syria. The company says it alerted U.S. authorities in recent days to the “improper transfer” and is cooperating with government inquiries.
“We don’t want our products to be used by the government of Syria or any other country embargoed by the United States,” Steve Daheb, Blue Coat senior vice president, said, in the company’s first detailed explanation of the matter. He said the company is “saddened by the human suffering and loss of human life” in Syria.
The discovery of the devices in Syria shows the difficulty of controlling U.S. tech exports and demonstrates how regimes manage to use Western technology to censor speech and stifle dissent even when they are subject to trade sanctions. As the Arab Spring uprisings swept the region this year, security forces used Western technology in their often brutal fight to retain political control.
Egypt’s secret services used technology from a British company to eavesdrop on dissidents over Skype. Col. Moammar Gadhafi’s regime snooped on the emails and Internet chats of Libyan dissidents using invasive technology from a French firm. And across the Gulf, Internet-service providers have been relying on tools from Blue Coat, Intel Corp.’s McAfee and the Canadian firm Netsweeper Inc. to snuff out opposition websites.
Since 2004, the U.S. has prohibited the export, without a special license, of most U.S. goods and services to Syria. According to the Commerce Department, applications for licenses to do business with Syria since then have been “subject to a general policy of denial.”
Many companies don’t track where their technology goes after an initial, legal sale. Though the U.S. government requires re-export licenses for controlled devices, the rules can be difficult to enforce.
A State Department official said, “We are reviewing the information that we have and monitoring the facts as they come in” and “are looking into” the Blue Coat matter. The authority to investigate potential embargo violations involving technology in Syria falls to the Department of Commerce. A spokesman there said the department doesn’t comment on “ongoing investigations.”
The devices’ road to Syria is still partly unclear. The company says it shipped 14 of its ProxySG 9000 Internet-filtering appliances from Rotterdam to Dubai in late 2010, an order valued at an estimated $700,000. It believes 13 are being used to censor parts of the Syrian Internet. What happened to the 14th is unclear.
Blue Coat says it received a two-part order from a Dubai distributor in 2010 that identified the end customer as Iraq’s Ministry of Communications. Blue Coat approved the order and delivered the devices to the distributor in the U.A.E. The company says it didn’t follow up on where the devices went from there.
The Iraqi Ministry of Communications couldn’t be reached to comment Thursday. Blue Coat declined to name the Dubai distributor.
“At the present time, the company cannot confirm how the appliances were transferred from the point of shipment or from Iraq to Syria,” Blue Coat’s Mr. Daheb said. The company is “continuing its own internal review.”
Some of Syria’s largest Internet-service providers have been using Blue Coat devices since as early as 2005, according to a person familiar with the matter. The order of 14 devices was the largest in recent memory, but as many as 25 appliances have made their way into Syria since the mid-2000s, with most sold through Dubai-based middlemen, this person said. Blue Coat says it is investigating other possible unauthorized transfers.
Blue Coat began life in 1996 as CacheFlow Inc., which sold appliances to businesses that quicken Web-page delivery, among other things. In 2002, it changed its name to Blue Coat and reinvented itself as a security company. The idea: Sell appliances that filter the Internet to protect big corporate networks. Today, that is Blue Coat’s primary business.
The company has no corporate policy against selling to governments or Internet service providers engaged in censorship. Its devices block websites in the U.A.E., Bahrain and Qatar, a Journal investigation earlier this year determined.
Mr. Daheb says that “it is the government’s role to set appropriate social policy and identify governments and entities that U.S. companies should not do business with.”
Blue Coat’s export-auditing system is focused on screening potential buyers before devices are sold, rather than on keeping track of devices once they are deployed, according to people familiar with the company.
Information about Blue Coat in Syria began to trickle out in August, after a “hacktivist” group called Telecomix managed to gain access to unsecured servers on Syria’s Internet systems and found evidence of Blue Coat filtering. The group found computer records, or logs, detailing what Web pages the Blue Coat devices were censoring in Syria.
Earlier this month the group released those logs, but with all the Internet Protocol, or IP, addresses redacted for privacy reasons. IP addresses are unique numbers assigned to devices that connect to the Internet, often identifying location.
The Journal, however, has reviewed unredacted portions of the logs. The logs show the Blue Coat devices were filtering the Internet activity of individuals who were accessing the Web via Syrian IP addresses. The logs also include the serial numbers of the Blue Coat devices.
The logs offer a rare insight into what the Assad regime doesn’t want Syrians to see online. Blocked sites include that of the Muslim Brotherhood in Syria, an opposition group banned in the country since it led an uprising against Mr. Assad’s father in the 1980s, and the-syrian.com, a website dedicated to news about the uprising.
The devices blocked about 6% of the more than 750 million requests they filtered from July 22 to Aug. 6, according to a Journal analysis of the data. They blocked or monitored at least 26,700 attempts to connect to websites run by opposition figures or devoted to covering the Syrian uprising, such as all4syria.info and welati.net.
Visits to sensitive areas of social-networking sites were also recorded, but not necessarily blocked. Of more than 2,500 attempts to connect to facebook.com/syrian.revolution, for example, about 1,575 were blocked and 934 others were kept in the logs, according to the Journal’s analysis.
Mr. Daheb said the devices censoring the Syrian Web don’t have access to Blue Coat’s main filtering database, which regularly categorizes new websites to be blocked by its software, such as pornography, gambling or religious sites. Blue Coat says it can’t turn off the devices remotely.
The appliances do have Blue Coat service and support contracts. The company says it has now cut off contracts for the devices.
Also in the logs were indications that another Blue Coat product, PacketShaper, is being used in Syria. Blue Coat says it doesn’t market or sell PacketShaper devices or software—which help companies keep computer networks running smoothly—in Syria due to the embargo.
The Blue Coat logs show that some people within Syria are also using a Blue Coat filtering product for personal computers, known as K9 Web Protection, which periodically interacts with the company’s database of filtered websites. The K9 software works like this: When a person uses a computer with K9 to visit a certain website, the tool contacts Blue Coat to get information about the nature of the site and decides whether to block it.
It is possible, trade-law experts say, that such services could violate the U.S. embargo on Syria. “The executive orders this summer appear to be comprehensive,” said Ronald Oleynik, head of the trade regulatory practice at the law firm Holland & Knight LLP.
Other software and service companies regularly prevent access from IP addresses in countries such as Syria. Google Inc., for example, does so for some of its software.
Blue Coat says its K9 software “may be eligible for export to Syria under exemptions that govern publicly available free software and informational materials incident to communications services.” A person familiar with the matter said the company isn’t sure and is awaiting word from U.S. authorities. In the meantime, Blue Coat’s Mr. Daheb says the company has now revoked the licenses of K9 software to prevent access from Syria, “in an abundance of caution.”
what is Blue Coat?
The Sunnyvale, California-based tech company started in 1996 as CacheFlow Inc., a Redmond, Wa.-based firm that sold appliances that quicken webpage delivery and unclog networks. The devices were crucial for businesses in the early days of work-time Internet usage, when bandwidth was particularly expensive.
CacheFlow surged with the Internet bubble. During the company’s November 1999 initial public offering, shares skyrocketed 427% to $127.00 in the first day of trading, jumping from a debut price of $24.00.
As the dot-com bubble began to deflate, CacheFlow also started to realize that demand for its caching products was potentially slackening. The big opportunity, it seemed, was in security devices. Big corporations were realizing a malware or virus attack on their corporate network could prove crippling. The security sector also offered more opportunity to sell add-on products.
So, in 2002, CacheFlow changed its name to Blue Coat and reinvented itself as a security company. Today, Blue Coat’s primary business is to sell appliances that sit in between corporate networks and the outside Internet to stop security threats or block websites prohibited for employees. The company, which counts more than 15,000 customers around the world, says 85% of the Fortune Global 500 uses its products.
In addition, Blue Coat’s clients include ISPs in places that censor the web to comply with government policies.
“Certain of our products enable the filtering of Internet content and provide the end user customer with the ability to selectively block access to certain Web sites,” Blue Coat said in the “risk factors” section of a recent SEC filing. “It is possible that our end user customers may filter content in a manner that is unlawful or that is believed or found to be contrary to the exercise of personal rights. If this occurs, our ability to distribute and sell those products as presently designed or as customers desire to use them may be affected and our reputation may be harmed.”
Blue Coat said it is investigating how its devices got to Syria and is actively cooperating with U.S. government inquiries into the matter. The company intends “to take steps” to “better protect against future illegal and unwanted diversion of our products” if possible, said Steve Daheb, a Blue Coat senior vice president.
The flagship device is the ProxySG – the same appliance censoring the web in Syria – which goes for about $50,000 and is commonly used across the world. When a university uses a ProxySG device, for example, anyone accessing the Internet through the university network passes through the Blue Coat device on the way to the outside web. The device can block pages and record what URL is being visited, among other things.
Blue Coat posted a net profit of $47.0 million and revenue of $487.1 million in the year ended April 30, a 2% drop from the previous fiscal year.
In August, Blue Coat saw its performance slip. The company announced the departure of chief executive Michael Borman, who had been in the position for about a year, as it reported an 81% drop in fiscal first-quarter profit to $2.7 million. Revenue dropped 11% to $109.5 million in the quarter. Shares slid 16% in after-hours trading on the day of results. Gregory Clark took over as chief executive in September.