Privacy Group Targets British Spyware Company over Bahrain Surveillance

The rights group Privacy International asked the British government this morning to investigate a surveillance company for enabling spying on Bahraini activists in the U.K.

The company in question, Gamma Group, is a U.K.-based firm that provides surveillance software and other “lawful intercept” technology to governments around the world. Among their products was FinFisher software, which lets spies remotely monitor a computer they’ve infected — accessing files, web traffic, Skype calls and more. Privacy International asked the U.K.’s National Crime Agency to investigate the company.

“Companies like Gamma have been enabling repressive states’ unlawful conduct, but then seeking to suggest that they bear no responsibility for the products that they supply,” said Adriana Edmeades, Privacy International’s legal officer.

As The Intercept reported in August, leaked documents from FinFisher showed correspondence between FinFisher customer service centers and accounts in Bahrain. The human rights group Bahrain Watch identified dozens of computers infected from Bahrain during a period that spanned the country’s Arab spring protests and the government’s brutal crackdown on them. Several of the compromised computers belonged to prominent human rights lawyers and opposition leaders.

Three of the activists whose computers were hacked were living in the U.K., having been granted political asylum. Two of them, Mohammed Moosa Abd-Ali Ali and Jaafar Al Hasabi, were formerly jailed and tortured in Bahrain. Saeed Al-Shehabi, a journalist and commentator, was sentenced in absentia in 2011 to life in prison.

“We often had the feeling that they were spying on us but we had no physical evidence of intrusion,” Shehabi told The Guardian. Although researchers had previously identified FinFisher software on Bahraini activists’ computers, the details in the newly leaked documents provided evidence that the company was engaging with Bahraini accounts, belying FinFisher’s earlier claims that the software could have been stolen demos.

Privacy International argues that Gamma is complicit in the Bahraini government’s violation of British surveillance laws. Lodging a formal complaint with the National Crime Agency doesn’t automatically trigger an investigation, but Privacy International could eventually take it to court if the government doesn’t do anything, said Edmeades. The group is still waiting to hear from the office about another complaint they filed earlier this year, on behalf of an Ethiopian political refugee whose computer was infected by FinFisher.

FinFisher spun off from Gamma last year, and is now independent, and based in Germany. But at the time of the Bahraini surveillance shown in the leaked documents, FinFisher was a Gamma subsidiary. In August, Bahrain’s media attaché in Washington said that “select individuals continue to unjustifiably associate their personal malware to the Government and all evidence collated by the accusers still show no link to the Bahraini Government.” Emails to Gamma through their website went unanswered.

Photo: John Moore/Getty Images.