An independent researcher has raised questions about whether a U.S.-based organization that sponsors training conferences in surveillance technology allowed the attendance of people from countries engaging in human rights abuses, in potential conflict with U.S. sanctions law.
The researcher, Collin Anderson, determined that several Sudanese government entities and companies and an Internet service provider from Iran were listed as attendees of training conferences run by McLean, Va-based TeleStrategies Inc. in 2007, 2008 and 2012.
The conferences, dubbed by privacy activists as the Wiretappers’ Ball, is held in six countries and attracts thousands of representatives from law enforcement, intelligence agencies and surveillance technology firms.
Some human rights activists, though, have alleged that ISS World has also been a source of training for repressive regimes seeking technology to use in monitoring dissidents.
“While ISS World has become one of the primary venues for the promotion and facilitation of mass electronic surveillance, few controls appear to be in place on who is allowed to participate,’’ said Anderson, who has conducted research on Internet censorship in affiliation with the University of Pennsylvania’s Annenberg School and collaborated with the University of Toronto Citizen Lab’s investigation of the tech firm Blue Coat.
U.S. Treasury Department regulations prohibit the export of ser vices by U.S. persons to an Iranian or Sudanese entity, such as at a non-public conference.
The sanctions programs are run by the department’s Office of Foreign Asset Control. A department spokeswoman declined to comment on the allegations.
In an initial phone interview in May, TeleStrategies founder and president Jerry Lucas acknowledged the attendance of the Sudanese but not of any Iranian companies or individuals. Lucas said the firm’s operations had been cleared by its lawyer, and argued that TeleStrategies does not conduct the training but merely is “providing a venue.”
In follow-up emails, Lucas said he had misspoken and that neither Sudanese nor Iranians attended. He said in one email that he had confused Sudan with Egypt. In a separate email, Lucas said that if any entity from Sudan or Iran registered, “their registrations were rejected.”
The agencies and firms’ names were listed as part of a “promotion brochure” based on registrations, he said. “This is a promotional error on our part stating they actually attended when they only registered.”
However, a former official for a Sudan telecommunications company, Canar Telecom, acknowledged in a phone interview this month that he attended an ISS World conference in 2008 in Dubai, where he spoke on a panel titled “Regional Developments on Lawful Interception.”
Mohammed Bouhelal, then regulatory director of Canar, said he was asked to take part because of his experience in the field. Canar is majority-owned by Etisalat, a UAE telecom firm. Bouhelal said he joined Etisalat in 2004, and has worked on company projects in Sudan, Tanzania and Nigeria. In Sudan, he was a Canar employee, he said. He currently lives in Nigeria.
“My role was really to talk about how we deal as a telecom operator with the government,” he said. He recalled the conference was held at the JW Marriott Hotel.
A current Canar official, Mohammed Dawood, the company’s finance director, said he checked with colleagues and none had attended ISS World conferences.
Bouhelal’s attendance would likely put TeleStrategies in violation of the embargo, said Anderson. But because the conference took place more than five years ago, the statute cannot be enforced for that particular event, he said.
The Sudan sanctions program began in 1997 when then-President Clinton issued an executive order imposing a comprehensive trade embargo on Sudan and blocked the assets of the Sudanese government.
Lucas, in an interview, said he could not recall the Canar official’s presence. “Somebody attended in the year 2008 and you want me to remember?” he said. In any case, he maintained that there is no sanctions violation because anyone from Sudan would not pay to attend. “We don’t accept any money from Sudan,” he said. “They don’t pay us any money” to take part in the conference.
But Erich Ferrari, a District-based lawyer specializing in OFAC sanctions issues, said the attendance of Iranian or Sudanese entities at a non-public surveillance conference, if proved, would likely violate U.S. expert sanctions. (Ferrari noted that he was not familiar with the facts of the ISS World conferences in particular.)
“The benefit that is conferred there is their attendance, regardless of whether they purchased anything or attended a workshop,” Ferrari said. “The fact that they’re going and getting the benefit of a non-public conference is a violation.”
He added that the violation would not turn on whether a fee was paid to attend.
Bouhelal said he was invited to attend in his own capacity as a wiretap regulatory expert, not as a Canar employee. That does not matter under the sanctions law, Ferrari said. “It is a country based program,” he said, so “this is generally thought to include those parties ordinarily residing in Sudan.”
The events in question were part of an annual series of TeleStrategies-sponsored conferences called ISS World, held several times a year and which attract several thousand law enforcement and intelligence agency personnel as well as surveillance technology vendors from around the world. In 2012, about 4,000 people attended conferences in the U.S., Prague, Dubai, Kuala Lumpur and Brasilia. The company just held its first conference in Johannesburg, South Africa.
ISS World, which bills itself as “invitation-only,” is not open to the general public, Lucas said. Attendance is screened, and registration is limited to law enforcement agencies and companies that provide surveillance technologies. Lucas said that entities from non-G20 countries are not charged to attend.
However, “we do not allow people from Iran, North Korea or Syria to attend,” Lucas said in the May interview.
But Anderson says that the conference series has allowed representatives from repressive regimes to attend.
“According to several years of their own documentation, TeleStrategies has continually allowed attendance not only by countries with egregious human rights track records, but also by governments and companies that fall within American sanctions programs. ISS World’s activities increasingly run contrary to international human rights agendas, export controls, and foreign policy interests,” Anderson alleged.
According to Anderson’s analysis of conference brochures originally obtained by Privacy International, a London-based privacy group, four government agencies from Sudan and four Sudanese telecommunications companies attended the conference in 2012. Additionally, one Sudanese government agency attended in 2007 and one in 2008.
The 2012 brochure also lists among the attendees a company called Shatel, which it identifies as attending from the United Arab Emirates. But there is no firm called Shatel in the UAE, according to Anderson and industry experts. Shatel is Iran’s largest Internet service provider, according to its Web site and to Anderson, an expert on Iranian Internet infrastructure.
Lucas said that these companies registered but then were cancelled. Shatel Chief Executive Ahmad Nakhjavani said in an interview last month that he thought the company president had attended in 2012. But in a subsequent e-mail, he said the president informed him he had never participated and “it seems that there is a misunderstanding.”
In the initial interview, Lucas suggested that there could be legitimate reasons for Sudanese entities to seek to attend ISS World. “They need the equipment –not for bad purposes, maybe, but they need it for their own law enforcement. Criminals, regardless of where you are, they’re using the phones. They’re using the Internet. The rationale is—they need the equipment. If they don’t get it from our vendors, they’ll go somewhere else.”
He said there is a misperception that “the only people who buy this stuff are buying it to suppress dissidents.” It may be used to go after terrorists or after a political party leader critical of the government, he said.
Lucas believes that it’s ultimately the U.S. government’s responsibility, not a private company’s, to screen out bad actors.
“If the United States says they don’t want U.S. companies to sell to such countries, it’s up to them. It’s not up to us,” he said. “That’s a government function.....We don’t go around policing the world, saying, ‘Well, you can’t sell to this country, but you can sell to that country.’”