What about other sanctions that hurt Syrian activists? While sanctions against Iran and Syria are intended to constrain those countries' governments, they have had the unfortunate side effect of constraining activists' access to free online software and services used widely across the Middle East, including browsers, online chat applications, and online storage services. In February, on the occasion of Nowruz, the Iranian New Year, the Treasury Department issued new guidelines specifying the types of free software and services that can legally be offered by U.S. companies to Iranian citizens. They failed to issue similar guidelines for Syria, however -- in part due to conflicting regulations from the Department of Commerce.
As a result, Syrian activists say, they remain hamstrung. "Activists have a hard time installing communication software like the plugin required to use Google's voice/video chat," the San Francisco-based Syrian blogger Anas Qtiesh told me. Google Earth, commonly used by activists in the region to plan protests and escape routes, is also blocked in Syria -- not by the authorities but by Google, whose lawyers do not want the company breaking U.S. sanctions. Activists then look for unofficial "third party" sites offering downloads, but these sites are often infected with malware of the type described at the beginning of this article. The Electronic Frontier Foundation (EFF), an organization dedicated to protecting civil liberties online, has been following this issue closely and blames the U.S. government's "piecemeal" approach to sanctions and licenses for causing confusion among companies about what is or isn't legal.
What about other countries like Bahrain? It is "ridiculous," says the EFF's Jillian York, that the executive order "only covers Syria and Iran and not Bahrain." Like Syria, the government of Bahrain employs aggressive tactics to censor and monitor its people's online activity. Its human rights violations over the past year are well documented. In testimony to international lawyers, Bahraini torture victims have described being shown transcripts of their cell-phone text messages. Bloomberg reported in February that a Munich-based company called Trovicor helped the Bahraini government to install and maintain "monitoring centers" through which citizens' emails, instant-message chat sessions, and cell-phone text messages are intercepted.
The U.S. relationship with Bahrain is obviously more complicated than with Syria and Iran. Many other countries with which the United States has more positive strategic and trade relationships also use technology to repress their people. Thus the Internet rights group Access is calling on the Obama administration and Congress to adopt a "more robust legal framework" including "a process for sanctioning other countries such as Bahrain, preventing third parties from reselling technologies, and requiring companies to be transparent about who they are selling to and what processes they have in place to prevent their products and services from being used in the commission of human rights abuses." The challenge lies in determining what exactly that legal framework and sanctions process should look like.
Sanctions are hard to get right. Last month, I wrote about a bill currently before the U.S. House of Representatives called the Global Online Freedom Act, which among other things seeks to revise U.S. export control laws to forbid the export of censorship and surveillance technology to a list of "Internet-restricting countries" -- a list which one presumes would include more than Iran and Syria. However, the drafters of the bill, which has gone through many different iterations since it was first introduced in 2006, have had a tough time coming up with the right language that would avoid the type of collateral damage already created by existing sanctions. As Erica Newland of the Center for Democracy and Technology recently asked: "Can export controls be meaningfully extended in ways that reduce the spread of … 'weapons of mass surveillance' without diminishing the ability of dissidents to connect and communicate?"
Recognizing that the speed of technological innovation will likely always move light years faster than the speed of government, the EFF advocates a "Know Your Customer" program that could be implemented in a number of potential ways, through regulatory or legal action or through a voluntary framework if government action is not forthcoming. It would be structured in a similar way to the Foreign Corrupt Practices Act, which is aimed at preventing U.S. companies from engaging in bribery around the world. EFF suggests two main components: The first would require transparency about where companies are doing business. The second involves a framework for companies to audit and keep track of their customers. Companies should have a due-diligence process to determine the likelihood that their technologies will be used to carry out human rights abuses before doing business with a particular country or regional distributor. "If these big companies can be expected not to get business through bribes even though some of their foreign competitors do," concludes the EFF, "it's reasonable to ask them not to conduct business that would result in enabling repression either."
President Obama has certainly taken a step in the right direction with Monday's executive order. But the executive branch and Congress will need to do much more if they want to stem electronic abuses against activists in Iran and Syria -- let alone anywhere else. It's time to take decisive action to stop American and other multinationals from aiding and abetting the wrong side in the global digital arms race.
*UPDATE: According to a Department of Commerce spokesperson, the investigation of Blue Coat is "ongoing." The spokesperson declined to provide further details.