Blue Coat

Unknown-2American Company Blue Coat, specialized in online security, is best known for its Internet censorship equipment. This equipment also allows for the supervision of journalists, netizens and their sources. Its censorship devices use Deep Packet Inspection, a technology employed by many western Internet Service Providers to manage network traffic and suppress unwanted connections.

The Company

Country of origin: USA
Website:www.bluecoat.com

Blue Coat is a large IT company based in Sunnyvale, California, that is best known for providing filtering and censorship devices for countries such as Syria and Burma. The company also provides network analysis systems called "Intelligence Centres," which are used by companies and governments to monitor online traffic and identify performance problems. They allow for the monitoring of individual online behaviour.

Portfolio

Blue Coat offers Deep Packet Inspection technology, which can be used to survey and censor the Internet. With DPI, it is possible to look into every single Internet Protocol packet and subject it to special treatment based on content (censored or banned words) or type (email, VoIP or BitTorrent Protocol). DPI not only threatens the principle of Net Neutrality, which Reporters Without Borders defends, but also the privacy of users. It makes single users identifiable and, in countries that flout the rule of law and violate human rights, often exposes them to arbitrary imprisonment, violence or even torture.

Blue Coat describes PacketShaper, one of their products as follows:

"It’s your network. Own it. [...]

PacketShaper analyzes and positively identifies traffic generated by hundreds of business and recreational applications. And thanks to its integration with WebPulse – Blue Coat’s real-time web intelligence service – PacketShaper can even control application traffic by web content category. [...] PacketShaper makes it easy to collectively control related applications and content, while giving you precise tools to get granular where necessary." [1]

DPI is especially threatening to journalists, bloggers, activists and their sources, as it inhibits private, anonymous communication.

Blue Coat sells to government agencies as well as individual companies, which distinguishes it from most other companies mentioned in this report.

Critical appearances:

Burma (Myanmar)

The presence of 13 Blue Coat devices in Burma was confirmed in 2011[2]. Their presence was detected from the message that many Internet users encountered when they tried to browse the Internet. The message said:

“Dear Valued Customers,

On 17 October 2011, Due to the failure of SEA-ME-WE 3 submarine fibre optic cable, the Internet connection was unstable. It is being fixed by concerned personnel during this period, the Internet connection may be significantly slow and possibly offline sometimes. We will keep you informed accordingly and sincerely apologize for any inconvenience caused.”

With regards,

Yatanarpon Teleport”

Shown in English and Burmese, the message had an URL in the address bar that began “notify.bluecoat.com,” providing a good indication as to who was responsible.

 Syria

In 2012, the Telecomix-Collective, a well-established hacker group that helped maintain connections to Egypt and other countries when governments tried to shut down access during the Arab Spring, released 54GB of logfiles which they say establish the presence of 15 Blue Coat proxy servers (Blue Coat Proxy SG9000) in Syria. These devices were discovered in the network of a state-owned ISP called the Syrian Telecommunications Establishment (STE).[3]

The crucial aspect for user privacy is that all attempts to connect to those services were logged and possibly investigated. Stephan Urbach of Telecomix says that there is evidence not only of logging and investigation of connection data, but also of investigation of the content submitted.[4]

The logs analysis suggests the Blue Coat proxy was used to intercept and analyse encrypted traffic (https). All the requests using the 443 port (dedicated to https traffic) and routed to some of the most visited websites[5] in Syria include more information than they should. That information is usually protected by an encryption layer that should prevent any kind of proxy from accessing it.

"“We don’t want our products to be used by the government of Syria or any other country embargoed by the United States,” Blue Coat senior vice president Steve Daheb said in the company’s first detailed explanation of the matter. He added that the company was “saddened by the human suffering and loss of human life” in Syria."[6]

In a Wall Street Journal report on 29 October 2011, Blue Coat acknowledged that 13 of its devices, initially shipped through a Dubai distributor and destined for the Iraqi Ministry of Communications, ended up in Syria. The company claimed in a statement that the devices were “not able to use Blue Coat’s cloud-based WebPulse service” or “run the Blue Coat WebFilter database”. Blue Coat also suggested that the devices were now “operating independently” and that the company did not have a “kill switch” to remotely disable them.The Citizen Lab led an investigation to verify the statements made by the company. It seems that indeed the Blue Coat devices in Syria do not anymore interact with the cloud services of the company[7].

Other appearances

In a major study, the University of Toronto’s Citizen Lab scanned the Internet for Blue Coat devices around the world.[8]

Egypt, Kuwait, Qatar, Saudi Arabia and the United Arab Emirates all reportedly use a Blue Coat system that could be used for digital censorship. Citizen Lab also determined that Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey and Venezuela also used equipment that could be used for surveillance and tracking.[9]

Reporters Without Borders contacted Blue Coat on 7 March. In a reply on 12 March, Blue Coat said its products were sold in accordance with the laws governing the sale of its technology. It said all of its sales were channelled through third parties and it expected the same compliance of them.
The misuse of technology to suppress freedom of expression or human rights was a serious issue, but not one that a single company could solve by itself, Blue Coat said, adding that it would engage with key stakeholders and other companies in the same industry in 2013 to identify what further steps it could take to limit misuse of its products.