Dictators Used Sandvine Tech to Censor the Internet. The US Finally Did Something About It

Posted by

When the Egyptian government shut down the internet in 2011 to give itself cover to crush a popular protest movement, it was Nora Younis who got the word out. Younis, then a journalist with daily newspaper Al-Masry Al-Youm, found a working internet connection at the InterContinental Cairo Semiramis Hotel that overlooked Tahrir Square, the heart of the protests. From the balcony, she filmed as protesters were shot and run down with armored vehicles, posting the footage to the newspaper’s website, where it was picked up by global media.

In 2016, with Egypt having slid back into the authoritarianism that prompted the uprising, Younis launched her own media platform, Al-Manassa, which combined citizen journalism with investigative reporting. The following year, Almanassa.com suddenly disappeared from the Egyptian internet, along with a handful of other independent publications. It was still available overseas, but domestic users couldn’t see it. Younis’ team moved their site to a new domain. That, too, was rapidly blocked, so they moved again and were blocked again. After three years and more than a dozen migrations to new domains and subdomains, they asked for help from the Swedish digital forensics nonprofit Qurium, which figured out how the blocks were being implemented—using a network management tool provided by a Canadian tech company called Sandvine.

Sandvine is well known in digital rights circles, but unlike leading villains of the spyware world such as NSO Group or Candiru, it’s often floated below the eyeline of lawmakers and regulators. The company, owned by the private equity group Francisco Partners, mainly sells above-board technology to internet service providers and telecom companies to help them run their networks. But it has often sold that technology to regimes that have abused it, using it to censor, shut down, and surveil activists, journalists, and political opponents.

On Monday, after years of lobbying from digital rights activists, the US Department of Commerce added Sandvine to its Entity List, effectively blacklisting it from doing business with American partners. The department said that the company’s technology was “used in mass-web monitoring and censorship” in Egypt, “contrary to the national security and foreign policy interests of the United States.” Digital rights activists say it’s a major victory because it shows that companies can’t avoid responsibility when they sell potentially dangerous products to clients who are likely to abuse them.

“Better late than never,” Tord Lundström, Qurium’s technical director, says. “Sandvine is a shameless example of how technology is not neutral when seeking profit at all costs.”

”We are aware of the action announced by the US Commerce Department, and we’re working closely with government officials to understand, address, and resolve their concerns,” says Sandvine spokesperson Susana Schwartz. “Sandvine solutions help provide a reliable and safe internet, and we take allegations of misuse very seriously.”

Sandvine’s flagship product is deep packet inspection, or DPI, a common tool used by ISPs and telecom companies to monitor traffic and prioritize certain types of content. DPI lets network administrators see what’s in a packet of data flowing on the network in real time, so it can intercept or divert it. It can be used, for example, to give priority to traffic from streaming services over static web pages or downloads, so that users don’t see glitches in their streams. It has been used in some countries to filter out child sexual abuse images.