Spyware Biz Gamma Slammed for Human Rights Failings

Infamous spyware company Gamma International has been told to change its business practices after it was heavily criticized by a leading economic body for failing to respect internationally recognized human rights.

The Organisation for Economic Cooperation and Development’s UK National Contact Point (NCP) made its damning conclusions after a two-year investigation into the British-German firm’s sale of surveillance tech to Bahrain.

The inquiry was launched after a complaint brought by Privacy International, the European Center for Constitutional and Human Rights, Reporters Without Borders, the Bahrain Center for Human Rights, and Bahrain Watch.

They alleged that Gamma sold its notorious FinFisher spyware to Bahrain several years ago, and that it was subsequently used to surveil three human rights activists – Ala’a Shehabi, Husain Abdulla and Shehab Hashem – who were subsequently forced to seek asylum in the UK.

The OECD concluded that Gamma has no internal human rights guidelines or due diligence processes to guarantee that its products aren’t misused by those who buy them.

It also claimed that the firm’s engagement with the NCP had been “unsatisfactory” – and that it “raised obstacles” through its legal team to slow progress of the complaint.

The report added:

“The UK NCP recommends that Gamma International UK Limited takes the following actions to make its conduct more consistent with the Guidelines: that the company takes note of evidence from international bodies and UK government advice in its future due diligence, that it participates in industry best practice schemes and discussions, that it reconsiders its communications strategy to offer the most consistent and transparent engagement appropriate for its sector, and that, where it identifies that its products may have been misused, it co-operates with official remedy processes.”

However, the OECD’s recommendations are just that – they aren’t mandatory, so it’s unlikely that the spyware peddler will change its ways.

Gamma’s “remote intrusion and surveillance software” FinFisher was called out in a report last year by Toronto-based rights group Citizen Lab. It claimed the product was “sold exclusively to law enforcement and intelligence agencies” and had been traced to 25 countries.

Privacy International deputy director, Eric King, welcomed the OECD’s verdict and branded Gamma an “irresponsible corporate actor.”

“Today’s judgement is a watershed moment recognizing that surveillance companies such as Gamma cannot shirk their human rights obligations,” he added in a statement.

“This decision reaffirms that supplying sophisticated intrusive surveillance tools to the world's most repressive regimes is not only irresponsible business conduct, but violates corporate human rights obligations, and the companies that engage in such behavior must bear the responsibility for how their products are ultimately used.”

What’s Hot on Infosecurity Magazine?