#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

#ACcyber

ISSUE BRIEF Surveillance Technology

at the Fair: Proliferation
NOVEMBER 2021
of Cyber Capabilities in
International Arms Markets
WINNONA DESOMBRE,
LARS GJESVIK,
AND JOHANN OLE WILLERS

EXECUTIVE SUMMARY

S
The Scowcroft Center for Strategy and
Security works to develop sustainable, tate cyber capabilities are increasingly abiding by the “pay-to-play” mod-
nonpartisan strategies to address the el—both US/NATO allies and adversaries can purchase interception and
most important security challenges fac- intrusion technologies from private firms for intelligence and surveil-
ing the United States and the world. The lance purposes. NSO Group has repeatedly made headlines in 2021 for targeting
Center honors General Brent Scowcroft’s government entities in cyberspace, but there are many more companies selling
legacy of service and embodies his ethos similar products that are just as detrimental. These vendors are increasingly look-
of nonpartisan commitment to the cause ing to foreign governments to hawk their wares, and policymakers have yet to
of security, support for US leadership in sufficiently recognize or respond to this emerging problem. Any cyber capabil-
cooperation with allies and partners, and ities sold to foreign governments carry a risk: these capabilities could be used
dedication to the mentorship of the next against individuals and organizations in allied countries, or even in one’s home
generation of leaders. country.

Because much of this industry operates in the shadows, research into the indus-
The Cyber Statecraft Initiative works at try in aggregate is rare. This paper analyzes active providers of interception/in-
the nexus of geopolitics and cybersecu- trusion capabilities within the international surveillance market, cataloguing firms
rity to craft strategies to help shape the that have attended both ISSWorld (i.e., the Wiretapper’s Ball) and international
conduct of statecraft and to better inform arms fairs over the last twenty years.1 This dataset mostly focuses on Western
and secure users of technology. This firms and includes little on Chinese firms, due to historical under-attendance of
work extends through the competition Chinese firms at ISSWorld. However, the overarching nature of this work will help
of state and non-state actors, the secu- policymakers better understand the market at large, as well as the primary arms
rity of the internet and computing sys- fairs at which these players operate. This paper identifies companies explicitly
tems, the safety of operational technology marketing interception/intrusion technology at arms fairs, and answers a series of
and physical systems, and the commu- questions, including: what companies are marketing interception/intrusion capa-
nities of cyberspace. The Initiative con- bilities outside their headquartered region; which arms fairs and countries host a
venes a diverse network of passionate majority of these firms; and what companies market interception/intrusion capa-
and knowledgeable contributors, bridging bilities to US and NATO adversaries?
the gap among technical, policy, and user
communities. The resulting dataset shows that there are multiple firms headquartered in Eu-
rope and the Middle East that the authors assess, with high confidence, are mar-

1
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

keting cyber interception/intrusion capabilities to US/NATO INTRODUCTION

O
adversaries. They assume that companies offering interception/
intrusion capabilities pose the greatest risk, both by bolstering op- ffensive cyber capabilities are becoming increasingly
pressive regimes and by the proliferation of strategic capabilities.2 privatized.6 Governments no longer need to devote
Many such firms congregate at Milipol France, Security & Policing significant resources to develop offensive cyber capa-
UK, and other arms fairs in the UK, Germany, Singapore, Israel, bilities in house—in fact, almost any government can buy ca-
and Qatar. pabilities to accomplish a range of national security objectives,
including the surveillance of domestic groups, cyber defense,
The authors found that 75 percent of companies likely selling foreign-intelligence collection, and the bolstering of traditional
interception/intrusion technologies have marketed these ca- military capabilities.7 What used to be a “nobody but us” sys-
pabilities to governments outside their home continent. Five tem—in which cyber capabilities were difficult to develop and
irresponsible proliferators—BTT, Cellebrite, Micro System- the prerogative of a limited number of states—has evolved into
ation AB, Verint, and Vastech—have marketed their capabil- a “pay-to-play” model in which any government, adversary or
ities to US/NATO adversaries in the last ten years.3 ally, can gain access to offensive cyber capabilities if it can hire
the right firm.8
This paper categorizes these companies as potentially irrespon-
sible proliferators because of their willingness to market outside While offensive cyber capabilities are helpful for law enforce-
their continents to nonallied governments of the United States ment and border protection, the dual-use nature of many of
and NATO—specifically, Russia and China.4 By marketing to these these capabilities provides opportunity for malicious employ-
parties, these firms signal that they are willing to accept or ignore ment as well, especially when the capabilities are sold to au-
the risk that their products will bolster the capabilities of client thoritarian actors.9 Examples abound. Executives of French-
governments that might wish to threaten US/NATO national secu- owned spyware vendor Amesys/Nexa were indicted for their
rity or harm marginalized populations. This is especially the case role in supplying the Egyptian and Libyan regimes with surveil-
when the client government is a direct US or NATO adversary. lance and intrusion capabilities during the Arab Spring.10 Israeli
NSO Group/Q Cyber has achieved much unwanted notoriety
This globalizing shift is important for two reasons. First, it indi- for its Pegasus spyware, which provides authoritarian gov-
cates a widening pattern of proliferation of cyber capabilities ernments around the world the capability to spy on journal-
across the globe. Second, many firms in the surveillance and ists, political opposition, and activists.11 Beyond human-rights
offensive cyber capabilities markets have long argued for the violations, cyber capabilities sold to even regional partners of
legitimacy of their business model by pointing to the perceived the United States and NATO may be used against the United
legitimacy of their customers; yet, their marketing strategies States and NATO in the future. Emirati firm DarkMatter took
contradict this argument. As the recent indictment of several over programs created by US-based Cyberpoint with help from
former US intelligence personnel working for the United Arab former US intelligence employees and used those capabilities,
Emirates (UAE) confirms, capabilities originally focusing on one in part, to monitor US citizens.12
target set may be expanded for other intelligence uses.5 When
these firms begin to sell their wares to both NATO members and These cases and others highlight how private companies, es-
adversaries, it should provoke national security concerns for all pecially those offering intrusion or “lawful” interception prod-
customers. ucts, have become vital vectors of proliferation of offensive
cyber capabilities (OCC).13 As the number of controversial in-
This paper profiles these important trends for their practical se- cidents of privately developed cyber capabilities is increas-
curity impacts, and to enable further research into this topic. The ing, calls to rein in the operations of this market are growing.14
authors suggest that the United States and NATO While some argue for an arms-control treaty for cyberspace,
regulating cyber capabilities themselves is largely ineffective.15
• create know-your-customer (KYC) policies with companies Instead, shaping the behaviors of companies proliferating cy-
operating in this space; ber capabilities, and limiting their activities where they conflict
with national security priorities, should be the top priority.16
• work with arms fairs to limit irresponsible proliferators’ atten-
dance at these events; However, this means first identifying those companies acting
as irresponsible proliferators. Are there conferences at which
• tighten export-control loopholes; and these organizations tend to congregate? Which companies are
marketing their wares internationally to countries that may use
• name and shame both irresponsible vendors and customers. these capabilities against the United States, NATO, and their
allies?
The authors encourage policymakers to focus their efforts to
rein in companies that sell these capabilities directly to adver- The surveillance industry is multifaceted, covering a range of
saries, or those willing to ignore the risk that their capabilities products and use cases. The authors assume that companies
may be misused. The dataset presented below is open for use offering interception or intrusion capabilities pose the great-
by others who might similarly seek to bring some measure of est risk, as suggested by the wide range of cases of misuse
light to an industry that remains so insistently in the dark. involving companies like NSO Group, Cellebrite, DarkMatter,

2
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

and other similar firms.17 The authors have labeled companies METHODOLOGY, ASSUMPTIONS,
marketing these capabilities outside their country or continent, AND LIMITATIONS

T
especially to US/NATO adversaries, as irresponsible prolifera-
tors. By marketing to these parties, these firms signal that they o answer the stated questions, this paper compares the
are willing to accept or ignore the risk that their products may Omega Foundation’s Arms Fair database of more than
bolster the capabilities of authoritarian and/or adversary gov- one hundred and seven thousand exhibitors to historical
ernments, which may use their products to target vulnerable speaker and sponsor organizations at ISSWorld, to create a da-
populations within their country or conduct foreign espionage tabase of companies featured at both events.19
more effectively.
Debuting in the early 2000s, ISSWorld is the premier dedicated
The offensive cyber industry remains poorly understood by trade show for lawful interception and intrusion products.20 The
the public, and current knowledge is based on case studies authors catalogued sixty-four unique conference brochures via
of individual companies. Little systemic knowledge about the The Wayback Machine and other publicly available sources.
industry exists, largely due to the opaque nature of the surveil- For each conference, they gathered publicly available infor-
lance industry. As a result, differentiating legitimately operating mation about sponsors and presenting companies, the year
companies from those that enable human-rights violations is and location of the conference, and the title of presentations.
difficult.18 These brochures encompass seven hundred and seventy-sev-
en unique ISSWorld speaker and sponsor organizations across
To address this issue, this paper focuses on companies that the Middle Eastern, Latin American, European, Southeast
are marketing interception/intrusion capabilities (e.g., mobile Asian, and North American conference series between 2003
forensics, “lawful interception services,” non-passive communi- and 2020.
cation interception/monitoring, spyware, surveillance capabili-
ties), and also explicitly marketing their capabilities at foreign In the subsequent analysis, the paper compares the seven
arms fairs. These companies are often unambiguously operat- hundred and seventy-seven organizations at ISSWorld against
ing on the offensive side of the market, and present a compel- the 107,542 unique exhibitors at arms and law-enforcement
ling target for regulatory action. fairs from the Omega Foundation’s Arms Fair Dataset.21 Using a
simple program to identify names present in both datasets, the
This paper identifies companies explicitly marketing intercep- authors identified two hundred and twenty-four companies.22
tion/intrusion technology at arms fairs, and interrogates this They manually cleaned the matches to ensure the robustness
new dataset to answer the following questions. of the dataset and added contextual information about the
vendors. All matches were categorized according to the con-
1. What firms are marketing interception/intrusion capabilities at fidence level (high/medium/low) that a given vendor attended
arms fairs? How has this evolved over time? an arms fair to promote interception and/or intrusion technol-
ogies.
2. What companies are marketing interception/intrusion capabili-
ties outside their headquartered region? The dataset also utilizes the resulting high/medium/low classifi-
cation to identify the arms fairs with the most “high confidence”
3. Which arms fairs (and which arms fair host countries) host a companies (i.e., in any given arms fair, which companies are
majority of these firms? likely to be attending primarily to market interception/intrusion
capabilities?). To ensure the robustness of this coding (and con-
4. Critically, what companies are marketing interception/intrusion fidence levels), two of the authors independently checked and
capabilities to US and NATO adversaries? compared results.

The answers to these questions will allow policymakers to This methodology resulted in the following matches. The full
better understand the market at large by enumerating players list of companies is in the Appendix, and the full dataset with
selling interception/intrusion capabilities, as well as the prima- classifications can be found there.23
ry arms fairs at which these players operate. These answers
also underline the overwhelming importance of addressing the
shape and permissive existence of the market, not just the be-
havior of individual firms, as it extends globally and reaches
into an increasing number of countries, including those that
might leverage its capabilities counter to the interests of the
United States and NATO. The proliferation of cyber capabilities
in the hands of irresponsible corporate actors presents an ur-
gent challenge to the policymaking community.

3
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Number of unique arms-fairs exhibitors: 107,542

Number of unique ISSWorld sponsor/speaker companies: 777
Number of matches: 224

In other words, around three in ten companies in the dataset that have
sponsored an ISSWorld conference or sent individuals to speak at ISS-
World have also been an exhibitor at an arms fair in the last twenty years.

The dataset presented here does not cover transactions. The Finally, the software used to generate matches searched only
authors assume that a company going to an arms fair or ISS- in English, and so missed Cyrillic or Chinese characters. On top
World as an exhibitor (or sponsoring or sending speakers to of this, ISSWorld is historically attended by far more Western
ISSWorld) reveals a company’s willingness to enter the surveil- firms than Chinese firms. Because of these two factors, and this
lance marketplace in that geographical region. paper’s conservative confidence classifications, the authors
believe that the dataset woefully underreports the presence of
This paper is not an exhaustive survey of the intrusion/inter- Chinese companies in this space. China has made surveillance
ception capability industry, but rather profiles an important nex- capabilities a key part of its Digital Silk Road initiative, provid-
us between this industry and traditional arms brokers. There ing training and surveillance services to interested partner
are likely missing players from this spreadsheet that do not countries.25 However, Chinese companies are not required to
frequent the arms fairs/ISSWorld conferences in the dataset, or have an English name, and translations of Chinese names into
that care more about their operational security (OPSEC) than English can be inconsistent.26 Thus, the software for this data-
about marketing at these two types of events, introducing a set likely missed a few Chinese companies due to inconsistent
bias toward larger, globalized, and more public firms. translations. Chinese companies Huawei and ZTE do show up
in the dataset, and they have track records of selling surveil-
Matches can also have ambiguous results, especially if a com- lance capabilities to telecommunications firms in Uganda and
pany has a generic name (such as “Nice,” “Pegasus,” etc.). Iran, respectively.27 However, because the authors cannot say
Where the authors were unable to determine whether the ISS- with high confidence that these firms were marketing these ca-
World exhibitor was the same as the arms-fair exhibitor in a pabilities at the arms fairs they attended, the authors left them
match, the firm was not included in the final dataset.24 In these, out of other analysis. Their attendance at arms fairs and ISS-
and other, areas the authors encourage further exploration and World can be found in the data visualization in Appendix A.
additions to this dataset.
These factors, when taken together, suggest that there are
The confidence classifications (high/medium/low) and firm likely far more companies operating in this market than the two
headquarters locations used here are also a composite of hundred and twenty-four identified.
open-source research and feedback from trusted industry
partners. All high-confidence companies have been confirmed
by multiple sources, while firms at other confidence rankings
might see some discrepancy. In all cases, coding is conserva-
tive, and disagreement among sources or ambiguity is reflect-
ed in lower confidence levels.

4
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

MAIN FINDINGS
1. What firms are marketing interception/intrusion capabilities at arms fairs?

Number of matches: 224

High confidence: 59 Medium confidence: 22 Low confidence: 143

Of the two hundred and twenty-four organizations total (full gies at an arms fair. Some of these companies include formal
list in the Appendix), fifty-nine are high-confidence matches. defense contractors (like BAE and Raytheon) that offer both
The authors assess these companies are highly likely to mar- interception/intrusion capabilities and traditional military or
ket interception/intrusion technologies at any arms fair they law-enforcement equipment. There are also different compa-
attend. Some of the companies (like Croatia’s Pro4Sec and In- nies on the list, including telecommunications firms (like Chi-
dia’s ClearTrail) advertise lawful interception services on their na’s Huawei and ZTE) and smaller firms selling defensive and/
websites for military, law-enforcement, and intelligence-agen- or tangential cybersecurity products. The authors exclude
cy clients.28 Others (like Italy’s Area s.p.a and Germany’s Wolf these organizations in some parts of the piece to focus on
Intelligence) have vague websites or no websites at all, but high/medium-confidence companies, but the fact that these
have been called out by news media for selling interception/ organizations have been to both ISSWorld and an arms fair is
intrusion tools.29 worth further analysis in future pieces.

The twenty-two medium-confidence companies are some- a. How has this evolved over time?
what likely to promote interception/intrusion technology at an
arms fair. These twenty-two companies all offer interception/ Of the companies that have sent representatives to ISSWorld,
intrusion technology, but it is not their primary product or ser- the subset that has also attended arms fairs as exhibitors is
vice. For example, companies like France’s Deveryware offer largely increasing over time, likely due to the increasing num-
forensics solutions, geolocation, and data analytics, and may ber of surveillance firms entering the market. The two hundred
be marketing any one (or all three) of these services at any and twenty-four total matches consist of 0.21 percent of the
given time.30 overall arms-fair exhibitors, but 28.96 percent of the ISSWorld
speaker/sponsor organizations. In other words, almost three in
The one hundred and forty-three low-confidence companies ten companies from the dataset that have sponsored or sent
are far less likely to promote interception/intrusion technolo individuals to speak at an ISSWorld conference have also been
an exhibitor at an arms fair in the last twenty years.

Figure 1.
Number of ISSWorld Matches by Arms Fair Attendance in a Given Year

As the heatmap below shows, most of these companies have of players. There does not seem to be a preference toward one type
attended either an arms fair or ISSWorld between the years 2009– of conference or the other within the industry. This is likely because,
2020, likely because many of these companies were not founded or while surveillance companies have expanded into the military space,
not offering offensive cyber capabilities prior to 2009.31 The steep ISSWorld has also significantly expanded its focus to invite military
drop in 2020–2021 is due to lack of conference data, rather than lack and intelligence organizations.

5
 interionet systems

#ACcyber SURVEILLANCE
jenovice TECHNOLOGY AT THE FAIR

Figure
Arms 2.Fair andkommlabs
ISSWorld Attendance Across High Confdence Companies
ArmsFair
Arms Fairand
and ISSWorld
ISSWorld Attendance
Attendance Across
Across High High Confidence
Confdence Companies Companies
Conferences Arms Fair
logicube ISS World Both
Conferences Arms Fair ISS World Both
lumacron
3m electronic monitoring
3m electronic
merlinx (equusmonitoring
technologies)
adf solutions
adf solutions
mh service gmbh
advanced systems
advanced systems
msab
aglaya
aglaya
neosoft ag
aqsacom
aqsacom
nexa technologies
areaarea
norsi-trans
cellebrite
cellebrite
nso group
cepia technologies
cepia technologies
paraben corporation
cleartrail
cleartrail
pat systems
comsec
comsec
polaris wireless
crypton-m
crypton-m
pro4sec
cyberpoint
cyberpoint
pro4tech
darkmatter
darkmatter
providence
decision group
decision group
q cyber
elaman
elaman
rayzone
fnfshergroup
finfisher
fnfsher
rcs lawful interception solutions
forsolution
forsolution
gamma group
seartech
gamma group
gita technologies
securcube
gita technologies
gr sistemi
septier communications
gr sistemi
hacking team (memento labs)
sio
hacking team (memento labs)
hidden technology
ss8
hidden technology
innova
syborg
innova
intelligent computer solutions
toka cyber builders
intelligent computer
interionet solutions
systems
tracespan
jenovice
interionet systems
trovicor
kommlabs
jenovice
utimaco
logicube
kommlabs
wintego
lumacron
logicube
wispear
merlinx (equus technologies)
lumacron
wolfcyber
mh service gmbh
merlinx (equus technologies)
msab
xci
mh service gmbh
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
neosoft ag
msab
https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#attendanceovertime
nexa technologies
neosoft ag 6
norsi-trans
 kommlabs

#ACcyber SURVEILLANCE
logicube TECHNOLOGY AT THE FAIR

Figure 2. cont.
Arms Fair and ISSWorld
lumacron Attendance Across High Confdence Companies

Conferences Arms Fair

merlinx (equus technologies)
ISS World Both

mh service gmbh
3m electronic monitoring

adf solutions msab

advanced systems
neosoft ag

aglaya
nexa technologies

aqsacom
norsi-trans
area
nso group
cellebrite
paraben corporation
cepia technologies

pat systems
cleartrail

polaris
comsecwireless

pro4sec
crypton-m

cyberpoint
pro4tech

darkmatter
providence
decision group
q cyber
elaman
rayzone group
fnfsher
rcs lawful interception solutions
forsolution

seartech
gamma group

securcube
gita technologies

gr sistemi
septier communications

hacking team (memento labs)

sio

hidden technology
ss8
innova
syborg
intelligent computer solutions
toka cyber builders
interionet systems

tracespan
jenovice

trovicor
kommlabs

utimaco
logicube

lumacron
wintego

merlinx (equus technologies)

wispear
mh service gmbh
wolfcyber
msab
xci
neosoft ag
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021
nexa technologies

norsi-trans 7
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Figure 2. cont.
and ISSWorld
Arms Fair and ISSWorld Attendance
Attendance Across
AcrossMedium
MediumConfidence
Confdence Companies
Companies
Conferences Arms Fair ISS World Both

accessdata

basis technology

bivio networks

btt

cellxion

creativity software

cy4gate

darkblue telecommunication systems

deveryware

evistel

intecs gmbh

ip access

ips

knowlesys

mobilaris

nuix

qosmos

telesoft

vanume

vastech

vehere

verint

2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021

In fact, the number of companies to attend both an ISSWorld con- 2009 and 2020, between 20–40 percent of companies, on aver-
ference and an arms fair in a single year has stayed fairly consistent, age, had attended both an arms fair and an ISSWorld conference in
relative to the number of total firms, over the last ten years. Between the same year.

8
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Figure 3.
Arms
Arms FairFair
andand ISSWorld
ISSWorld Attendance
Attendance by Year
by Year Across
Across All Companies
All Companies
Conferences ArmsArms
Conferences Fair Fair ISS World
ISS World BothBoth

20052005 20082008 2012 2012 20202020 2021 2021

4 4 11 11
9 31 31
9 28
28 45 45

34 34 27 27
20 20 29 29 19 19

https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#attendancebyyear

2. What companies are marketing interception/intrusion capabilities outside their headquartered region?

This question focuses only on the high/medium-confidence com- Almost 75 percent of the eighty-one high/medium-confidence com-
panies, as the authors cannot assess whether the low-confidence panies have exhibited their wares to arms fairs outside of their home
companies have been marketing these capabilities at arms fairs continent in the last twenty years. More than 85 percent have exhib-
with enough certainty. For the high/medium-confidence companies, ited at an arms fair outside their home country in the last twenty
the data show a general willingness to market interception/intru- years. This excludes the two firms headquartered in Five Eyes coun-
sion capabilities internationally, even to foreign countries that do tries that have only been to arms fairs in a Five Eyes country. (The full
not have established intelligence relationships or alliances with the list of the sixty firms is in the Appendix.) When broken down by year,
company’s home country. this trend remains consistent; of all the firms marketing to arms fairs
in a given year, more firms market to arms fairs outside their conti-
nent in a given year than restrict sales to their continent or country.

Figure 4.

https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#numbertraveling

9
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Figure 5.

https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#globalattendance

Above is a visualization of the arms fair marketing data over time, Any capabilities sold to non-ally countries carry a risk: these capabili-
showing a clear globalization trend. The unidirectional lines repre- ties could eventually be used to target individuals and organizations
sent firms in one country travelling to an arms fair in another in a sin- in one’s home country. This risk has notably played out in the Project
gle year, and the thickness of the lines represents the number of Raven case, in which the US contractor CyberPoint built up cyber
firms making this trip. This visualization excludes lines between Five capabilities in the United Arab Emirates. Subsequently, the Emirati
Eyes countries. As seen in the visualization, many trips made over government used those capabilities to spy on US citizens, among
the last twenty years by vendors in this space consistently include others.32 CyberPoint and its Emirati descendant DarkMatter (which
Europe and the Middle East. The number and variety of trips are also took over the Project Raven program) are both featured in this data-
growing, displaying partnerships between countries that have no set set. Both organizations marketed to ISSWorld Middle East and arms
intelligence alliances. As companies travel and market to new con- fairs within the UAE—CyberPoint from 2013–2015, and DarkMatter
tinents and new countries, the already worrying pace of offensive from 2016–2017.
cyber capability proliferation may quicken.

Company Confidence HQ 2013 2014 2015 2016 2017

ISSWorld ISSWorld
CyberPoint High USA IDEX UAE Middle Middle
East East
ISSWorld ISSWorld
Middle East,
DarkMatter High UAE Middle Dubai Airshow,
East IDEX UAE

10
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

3. Which arms fairs (and arms fair host countries) host the most high/medium-confidence firms?

While the two hundred and twenty-four companies in the France and the UK are also the top countries where high/medi-
dataset hail from thirty-three separate countries, most of the um-confidence firms congregate, mostly due to the two afore-
companies congregate at a small number of arms fairs, many mentioned conferences. Germany, Singapore, Qatar, and Isra-
of which are located in Europe. Milipol France and Security & el are also common destinations for high/medium-confidence
Policing Home Office (based in the UK) are the two most wide- firms, while the United Arab Emirates and the United States
ly attended arms fairs for the high/medium-confidence firms play host to more firms overall, thanks to a variety of smaller
selling interception/intrusion capabilities. This is likely due to arms fairs.
size and specialization, respectively. Milipol France is one of
the world’s largest arms fairs, with more than one thousand
exhibitors, while Security & Policing has a track dedicated to
cybersecurity.33

# High/medium
Conference Country Total companies
confidence
1 Milipol France France 54 108
2 Security and Policing Home Office United Kingdom 34 78
3 GPEC Germany 17 35
4 Milipol Qatar Qatar 14 42
5 Milipol Asia Singapore 12 27
6 Security and Counter Terror Expo United Kingdom 10 24
7 DSEI United Kingdom 9 40
8 HLS & Cyber Israel 8 17
9 Shield Africa Ivory Coast 8 15
10 ISDEF Israel 7 20

4. What companies are marketing interception/intrusion capabilities to US and NATO adversaries?

Five of the eighty-one high/medium-confidence firms have Some of the other firms in the below tables have received less
attended arms fairs in Russia and China as exhibitors in the last media attention than Cellebrite, but are no less concerning. BTT is a
twenty years.34 The authors believe that by selling to these parties, Turkish firm that has assisted Turkish law enforcement with call-de-
these organizations are willing to accept or ignore the risk that their tail record collection.36 In a 2017 Al Jazeera investigation of the
products may bolster the capabilities of adversary governments, spyware market, BTT representatives claimed to use a wide inter-
who may use their products to conduct espionage more effec- pretation of “telecommunications equipment” in order to circum-
tively. For example, Cellebrite, a well-known Israeli firm, has consis- vent export-control paperwork.37 MSAB, a firm that has also mar-
tently been an exhibitor at arms fairs in both China and Russia from keted to both Russia and China, sells mobile forensics products
2013 onward, and is the only firm in the dataset to attend a Chinese that have been used against activists in Hong Kong and Myanmar.38
arms fair multiple times in the last five years. Cellebrite, which sells
software to physically extract and index data from mobile devices, is
known to have both Chinese and Russian customers.35

11
#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Figure 6.
Arms Fair Countries by Number of High / Medium Confdence Exhibitors
Arms Fair Countries by Number of High / Medium Confidence Exhibitors

https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#armsfairmap

Russia Arms-Fair Attendees Headquarters Confidence Years

BTT Turkey Medium 2015, 2016, 2017
Cellebrite Israel High 2013, 2015, 2016, 2017, 2018
Micro Systemation AB (MSAB) Sweden High 2013, 2015, 2016, 2017, 2018

China Arms-Fair Attendees HQ Confidence Years

Cellebrite Israel High 2016, 2017, 2018
Micro Systemation AB (MSAB) Sweden High 2016
Verint Israel Medium 2013
Vastech South Africa Medium 2010, 2011

12
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

CONCLUSIONS AND RECOMMENDATIONS

T
his paper profiles an important set of firms that frequent been revoked, for example), and difficult to enforce (especially
both ISSWorld and international arms fairs, extracted among private companies whose internal dealings are opaquer
from an extensive list of vendors operating in the in- than their publicly traded counterparts). However, working with
terception/intrusion market. The data from that list show that these organizations whenever possible, rather than against
there are multiple firms headquartered in Europe marketing them, will allow governments to develop more collaborative
capabilities to known Five Eyes/NATO adversaries. Many of solutions for regulation, while continuing to encourage domes-
these firms congregate at Milipol France, Security & Policing tic cyber expertise.
UK, and other arms fairs within Europe and the Middle East.
The United States and NATO members must also work more
For researchers interested in uncovering the dealings of the closely with arms fairs held in their jurisdiction to ensure they
industry, the authors hope their data and findings can spur fur- are aware of any exhibitors that are irresponsible prolifera-
ther research in this field. And while they do not claim that this tors—i.e., those selling to US/NATO adversaries—and limit their
is a complete list of potentially irresponsible vendors, or that ability to attend when possible. Arms fair organizers should be
all identified companies are, in fact, selling indiscriminately, it encouraged to ban or limit irresponsible proliferators who are
either directly marketing their capabilities to known adversar-
is a place to start for regulators interested in tightening control ies, or who have known clients in authoritarian regimes and no
over the industry. KYC policies.

Additional research is needed into some of the lesser-known Finally, the United States and NATO members must ensure
high/medium-confidence companies in this dataset to uncover their export controls actually accomplish what they are intend-
their actual products and sales. The difference between pub- ed to do, evaluating both their own export laws and the export
licly marketed products and actual capabilities can differ, and laws of countries where irresponsible proliferators are head-
marketing material offers limited insights into both the content quartered. This review should lead to a collaborative process
and direction of actual sales. Case studies and media reporting with offending countries like Israel, Sweden, and Turkey to
have already shown how some firms on this list show a history both tighten controls around known irresponsible vendors and
of transactions with authoritarian regimes, and potentially at- close loopholes enabling those vendors to circumvent these
tempt to evade export controls.39 export controls. Naming and shaming both the vendors and the
regimes abusing vendor capabilities to conduct human-rights
The United States and NATO need to better understand the violations are also encouraged.41
proliferation of interception/intrusion capabilities; shape the
behavior of irresponsible proliferator companies; and limit their The proliferation of cyber and surveillance capabilities is a
activities where they conflict with national security priorities, thorny policy question. Preventing the harms caused by this
together with international partners. This work builds on prior industry is an important policy goal, and should be treated as
research and the understand, shape, and limit framework pub- such. Yet, attempts at regulating the industry through export
lished earlier this year.40 The following recommendations are regulation and global regimes have had limited success so far.
meant to address the growing nation-state market for intrusion/ On top of this, this analysis indicates that there exists a sig-
interception capabilities and other forms of surveillance prod- nificant group of private companies willing to act irresponsi-
ucts, rather than all cyber capability proliferation. bly: marketing capabilities that carry the risk of becoming tools
of oppression for authoritarian regimes or strategic tools for
To understand the current state of intrusion/interception capa- non-NATO allies. The United States, NATO, and their allies still
bility proliferation, the United States and NATO member states have policy tools they can use to prevent privately developed
must work with the companies headquartered in their juris- offensive cyber capabilities from proliferating irresponsibly.
diction to encourage sufficient know-your-consumer policies. The continued absence of assertive policy response risks a
These policies should also shape the behavior of firms, giving grim outlook: a growing number of private corporations that
firms the power to revoke access to a consumer should the see few consequences to bolstering the cyber arsenals of ma-
risks associated with that consumer change. Enforcing these jor Western adversaries, and only profit.
policies is both technically difficult (the consumer may reverse
engineer and recreate the capability after the service has

13
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

APPENDIX A:
Visualization of all companies by arms fairs/ISSWorld conferences attended:
https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/surveillance-technology-at-the-fair/#appendices

APPENDIX B:
List of high/medium-confidence companies (full list with low confidence can be found here.)

Irresponsible Confidence
Company Description Headquarters
Proliferator Level
3m electronic
x High Electronic monitoring United States
monitoring
advanced sys- United Arab
x High Part of Intellexa coalition
tems Emirates
aglaya x High Spyware India
aqsacom x High Lawful interception France
area x High Surveillance tech Italy
cellebrite x High Digital forensics Israel
Communication analytics solu-
cleartrail x High India
tions
cyberpoint x High Trained dark matter United States
Data forensics, intelligence fu-
elaman x High Germany
sion systems
gamma group x High Spyware Italy
gita technolo- Tactical interception, intelligence
x High Israel
gies gathering
hacking team
x High Digital forensics Italy
(memento labs)
innova x High Consultancy Italy
intelligent com-
x High Digital forensics United States
puter solutions
interionet sys-
x High Mobile intrusion Israel
tems
jenovice x High Bluetooth and Wi-Fi interception Israel
logicube x High Digital forensics United States
Interception, monitoring, and
United King-
lumacron x High recording solutions for optical
dom
networks
merlinx (equus
x High Tactical interceptions Israel
technologies)
mh service
x High Digital forensics Germany
gmbh
neosoft ag x High Lawful interception Switzerland
nexa technolo-
x High Various surveillance products France
gies
norsi-trans x High Information analytics Russia
nso group x High Spyware Israel

14
#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Irresponsible Confidence
Company Description Headquarters
Proliferator Level
IMSI catching, mobile-communi-
pat systems x High United States
cation interception
polaris wireless x High Mobile location United States
pro4tech x High Tactical surveillance Israel
Surveillance training and tech- United King-
providence x High
nology dom
q cyber x High Spyware Israel
Various surveillance products,
rayzone group x High remote access, network moni- Israel
toring, SS7 interception
rcs lawful inter-
ception solu- x High Lawful interception Italy
tions
seartech x High Tactical surveillance South Africa
Forensic consultants, Celleb-
securcube x High Italy
rite-certified engineers
septier commu- Various surveillance products,
x High Israel
nications IMSI catchers
sio x High Lawful interception Italy
toka cyber
x High Cybersecurity Israel
builders
Broadband monitoring and inter-
tracespan x High Israel
ception solutions
Lawful interception and intelli-
trovicor x High Germany
gence technology
Data retention, lawful intercep-
utimaco x High Germany
tion
wintego x High Cyber intelligence Israel
Wi-Fi intelligence and intercep-
wispear x High Cyprus
tion
xci x High Forensics Denmark
msab x High Mobile forensics Sweden
adf solutions High Digital forensic solutions United States
cepia technol-
High Various surveillance products Czech Republic
ogies
comsec High Mobile SIGINT United States
crypton-m High Passive GSM interception Ukraine
United Arab
darkmatter High Cybersecurity
Emirates
Real-time network forensics and
decision group High Taiwan
lawful interception
finfisher High Spyware Germany

15
#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Irresponsible Confidence
Company Description Headquarters
Proliferator Level
Digital forensics, lawful intercep-
forsolution High Czech Republic
tion
gr sistemi High Data analytics, intrusion Italy
hidden tech- Covert tracking and surveillance United King-
High
nology products dom
kommlabs High Lawful interception India
paraben corpo-
High Digital forensics United States
ration
pro4sec High SMD modifications Croatia
ss8 High Lawful intelligence United States
syborg High Wi-Fi interception Germany
wolfcyber High Spyware Germany
accessdata x Medium Forensics and data analysis United States
basis technol- AI, but also vendor for autopsy
x Medium United States
ogy forensics
bivio networks x Medium DPI United States
COMINT, intelligence support
btt x Medium Turkey
systems

VPN, cellular intelligence and

cellxion x Medium United States
geolocation

Lawful interception, cyberwar-

cy4gate x Medium Italy
fare, data management
darkblue tele-
communication x Medium Tactical location finding Turkey
systems
deveryware x Medium Geolocation France
IMSI catching, mobile-communi- United King-
ip access x Medium
cation interception dom
Communication monitoring and
ips x Medium analysis, interception capabili- Italy
ties
knowlesys x Medium OSINT China
mobilaris x Medium Mobile location, traffic data Sweden
nuix x Medium Data analytics, digital forensics Australia
qosmos x Medium DPI France
Cyber intelligence, analytics,
vastech x Medium South Africa
tracking
Communications interception,
vehere x Medium speech intelligence and analyt- India
ics, cryptoanalysis
16
#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Irresponsible Confidence
Company Description Headquarters
Proliferator Level
verint x Medium Defense contractor Israel
creativity soft- United King-
Medium Mobile location
ware dom
evistel Medium Geolocation France
Various surveillance, access
intecs gmbh Medium Germany
technologies
OSINT, big data, network inter- United King-
telesoft Medium
ception dom
Monitoring, geolocation, big
vanume Medium Mexico
data

17
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

ABOUT THE AUTHORS

Winnona DeSombre is a first-year MPP/

JD dual degree candidate at the Harvard
Kennedy School and Georgetown Law,
and a non-resident fellow at the Atlantic
Council. Her research interests encom-
pass the proliferation of offensive cyber
capabilities, particularly by private sec-
tor actors, and cyber security in the East
Asian region. Prior to Harvard, Winnona was a security engi-
neer at Google’s Threat Analysis Group.

Lars Gjesvik is a doctoral research fellow

at the Norwegian Institute of International
Affairs and affiliated with the University of
Oslo. His research interests are markets
in cyber security, data flows, and digital in-
frastructures. Previously, Lars has written
on digital sovereignty, disinformation, and
critical infrastructure protection.

Johann Ole Willers is a doctoral research fel-

low at the Norwegian Institute of International
Affairs and affiliated with the Department of Or-
ganization at the Copenhagen Business School.
His research focuses on markets and experts in
cybersecurity. Ole has published on issues such
as cybersecurity capacity building, expert pro-
files, and European Union governance.

18
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

Endnotes “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar,” RAND,
2014, https://www.rand.org/content/dam/rand/pubs/research_reports/
1 Patrick Howell O’Neill, “ISS World: The Traveling Spyware Roadshow for RR600/RR610/RAND_RR610.pdf; Louise Arimatsu, “A Treaty for Governing
Dictatorships and Democracies,” CyberScoop, June 20, 2017, https://www. Cyber-Weapons: Potential Benefits and Practical Limitations,” 4th
cyberscoop.com/iss-world-wiretappers-ball-nso-group-ahmed-mansoor/. International Conference on Cyber Conflict, 2012, 91–109, https:// ccdcoe.
2 Whether a company is a strategic concern, primarily enabling oppression org/uploads/2012/01/2_3_Arimatsu_ATreatyForGoverningCyber-Weapons.
domestically, or both, depends on the exact products and capabilities it pdf; Joseph Nye, “Nuclear Lessons for Cyber Security?” Strategic Studies
provides, and publicly available information gives limited insights into the Quarterly 5, 4, 2011, 18–38, https://dash.harvard.edu/handle/1/8052146;
exact products companies are offering. The authors have included those Kenneth Geers, “Cyber Weapons Convention,” Computer Law & Security
companies they deem a cause for concern in both regards, based on the Review 26, 5, September 2010, 547–551, https://doi.org/10.1016/j.
information about their products that is openly available, but recognize that clsr.2010.07.005.
these assessments are imperfect. 14 Tim Maurer, Cyber Mercenaries (Cambridge: Cambridge University Press,
3 This excludes high/medium-confidence firms headquartered in US/NATO 2018); David Kaye, “UN Expert Calls for Immediate Moratorium on the
adversary countries marketing to their home country, such as Norsi-Trans, a Sale, Transfer and Use of Surveillance Tools,” United Nations Office of
Russian surveillance firm that frequently markets to its home country. the High Commissioner for Human Rights, June 25, 2019, https://www.
ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=24736;
4 See Page 12.
Brad Smith, “A Moment of Reckoning: the Need for a Strong and Global
5 “Three Former U.S. Intelligence Community and Military Personnel Agree Cybersecurity Response,” Microsoft, https://blogs.microsoft.com/on-the-
to Pay More Than $1.68 Million to Resolve Criminal Charges Arising from issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/; James R.
Their Provision of Hacking-Related Services to a Foreign Government,” US Clapper, “Worldwide Threat Assessment of the US Intelligence Community:
Department of Justice, press release, September 14, 2021, https://www. Senate Select Committee on Intelligence,” March 12, 2013, https://www.dni.
justice.gov/opa/pr/three-former-us-intelligence-community-and-military- gov/files/documents/Intelligence%20Reports/2013%20ATA%20SFR%20
personnel-agree-pay-more-168-million. for%20SSCI%2012%20Mar%202013.pdf; David Kaye and Marietje Schaake,
6 Winnona DeSombre, et al., Countering Cyber Proliferation: Zeroing in “Global Spyware Such as Pegasus is a Threat to Democracy. Here’s How
on Access-as-a-Service, Atlantic Council, March 1, 2021, https://www. to Stop It,” Washington Post, July 19, 2021, https://www.washingtonpost.
atlanticcouncil.org/in-depth-research-reports/report/countering-cyber- com/opinions/2021/07/19/pegasus-spyware-nso-group-threat-democracy-
proliferation-zeroing-in-on-access-as-a-service/. journalism/.
7 Julia Voo, et al., “National Cyber Power Index 2020,” Belfer Center 15 Joseph S. Nye, “The World Needs an Arms-Control Treaty for
for Science and International Affairs, September 2020, https://www. Cybersecurity,” Belfer Center for Science and International Affairs, October
belfercenter.org/sites/default/files/2020-09/NCPI_2020.pdf. 1, 2015, https://www.belfercenter.org/publication/world-needs-arms-control-
treaty-cybersecurity.
8 Andrea Peterson, “Why Everyone Is Left Less Secure When the NSA
Doesn’t Help Fix Security Flaws,” Washington Post, October 4, 2013, https:// 16 DeSombre, et al., Countering Cyber Proliferation.
www.washingtonpost.com/news/the-switch/wp/2013/10/04/why-everyone- 17 Marczak, et al., “Hide and Seek”; “Exploiting Vulnerabilities in Cellebrite
is-left-less-secure-when-the-nsa-doesnt-help-fix-security-flaws/. UFED and Physical Analyzer from an App’s Perspective,” Signal Messenger,
9 “Convention on Cybercrime,” Council of Europe, 2001, articles 19–20, April 21, 2021, https://signal.org/blog/cellebrite-vulnerabilities/; Marczak, et
https://rm.coe.int/1680081561; “The EU Funds Surveillance Around al., “Hooking Candiru.”
the World: Here’s What Must be Done About It,” Privacy International, 18 Mark Bromley, “Export Controls, Human Security and Cyber-surveillance
September 18, 2019, https://privacyinternational.org/long-read/3221/eu- Technology: Examining the Proposed Changes to the EU Dual-use
funds-surveillance-around-world-heres-what-must-be-done-about-it. Regulation,” Stockholm International Peace Research Institute, 2017, https://
10 “Executives of Surveillance Companies Amesys and Nexa Technologies www.sipri.org/sites/default/files/2018-01/sipri1712_bromley.pdf; Morgus, et
Indicted for Complicity in Torture,” Amnesty International, June 22, 2021, al., “Countering the Proliferation of Offensive Cyber Capabilities.”
https://www.amnestyusa.org/press-releases/executives-of-surveillance- 19 The authors are greatly appreciative of the Omega Foundation’s assistance
companies-amesys-and-nexa-technologies-indicted-for-complicity-in- with this project. Their dataset on arms-fair exhibitors is located at: “Arms
torture/. Fairs,” Omega Research Foundation, https://omegaresearchfoundation.org/
11 Bill Marczak, et al., “Hide and Seek: Tracking NSO Group’s Pegasus resources/arms-fairs.
Spyware to Operations in 45 Countries,” Citizen Lab, Munk School, and 20 O’Neill, “ISS World.”
University of Toronto, September 18, 2018, https://citizenlab.ca/2018/09/
21 “Arms Fairs.”
hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-
45-countries/; Stephanie Kirchgaessner, et al., “Revealed: Leak Uncovers 22 The program checks for an occurrence of the name in both datasets,
Global Abuse of Cyber-Surveillance Weapon,” Guardian, July 18, 2021, with either an exact or partial match. The program contained three
https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers- conditions: if the arms-fair company is an exact match to the ISSWorld
global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus; Dana company, it was added to the dataset (e.g., “WolfCyber Intelligence” =
Priest, Craig Timberg, and Souad Mekhennet, “Private Israeli Spyware “WolfCyber Intelligence”); if the arms-fair company started with the name
Used to Hack Cellphones of Journalists, Activists Worldwide,” Washington of the ISSWorld company or vice versa, it was added to the dataset (e.g.,
Post, July 18, 2021, https://www.washingtonpost.com/investigations/ “WolfCyber” = “WolfCyber Intelligence”); and if the arms-fair company
interactive/2021/nso-spyware-pegasus-cellphones/. started with the name of the ISSWorld company in parentheses, it was
added to the dataset (e.g., “Hacking Team (Memento Labs)” = “Memento
12 Christopher Bing and Joel Schectman, “Inside the UAE’s Secret Hacking
Labs”). This was followed by manual cleaning to remove vaguely named
Team of American Mercenaries,” Reuters, January 30, 2019, https://www.
companies or other false positives.
reuters.com/investigates/special-report/usa-spying-raven/.
23 Dataset is in a Google Sheet: https://docs.google.com/spreadsheets/
13 For example: Bill Marczak, et al., “Hooking Candiru: Another Mercenary
d/1v3YvimIuj_UtJ8YcCpKDtDuKlu5QN04ajcB9C7dRqH4/edit?usp=sharing.
Spyware Vendor Comes into Focus.” Citizen Lab, Munk School, and
University of Toronto, July 15, 2021, https://citizenlab.ca/2021/07/hooking- 24 The full log of unfiltered matches can be found in the “debuglog_with_
candiru-another-mercenary-spyware-vendor-comes-into-focus/. The Citizen all_matches” tab within the datasheet. While the authors have tried to
Lab investigation into the operations of “Dark Basin”—a hack-for-hire group consolidate acquisitions of corporations, some company rebrandings (e.g.,
linked to the Indian company BellTrox—has provided evidence that similar NSO/Q Cyber) remain separate.
tools have eclipsed the state-dominated market and are available on far 25 “Assessing China’s Digital Silk Road Initiative,” Council on Foreign Relations,
broader scale. John Scott-Railton, et al., “Dark Basin: Uncovering a Massive December 18, 2020, https://www.cfr.org/china-digital-silk-road.
Hack-for-Hire Operation,” Citizen Lab, Munk School, and University of
Toronto, June 9, 2020, https://citizenlab.ca/2020/06/dark-basin-uncovering- 26 “How to Find the Legal English Name of a Chinese Company,”
a-massive-hack-for-hire-operation/; Trey Herr, “Countering the Proliferation SinoInspection.com, December 24, 2020, https://sinoinspection.com/find-
of Malware: Targeting the Vulnerability Lifecycle,” Belfer Cyber Security legal-english-name-chinese-company/.
Project White Paper Series, June 27, 2017, https://papers.ssrn.com/sol3/ 27 Joe Parkinson, Nicholas Bariyo, and Josh Chin, “Huawei Technicians
papers.cfm?abstract_id=3005616; Robert Morgus, Max Smeets, and Trey Helped African Governments Spy on Political Opponents,” Wall Street
Herr, “Countering the Proliferation of Offensive Cyber Capabilities,” Global Journal, August 15, 2019, https://www.wsj.com/articles/huawei-technicians-
Commission on the Stability of Cyberspace, 2017, http://maxsmeets. helped-african-governments-spy-on-political-opponents-11565793017;
com/wp-content/uploads/2018/09/GCSC-Briefings-from-the-Research- Steve Stecklow, “Special Report: Chinese Firm Helps Iran Spy on Citizens,”
Advisory-Group_NewDelhi-2017-161-187.pdf; Trey Herr, “Governing Reuters, March 22, 2012, https://www.reuters.com/article/us-iran-telecoms-
Proliferation in Cybersecurity,” Global Summitry 3, 1, 2017, 86–107, https:// idUSBRE82L0B820120322.
doi.org/10.1093/global/gux006; Trey Herr, “Malware Counter-Proliferation 28 “About Pro4Sec,” PRO4SEC Ltd., February 16, 2021, https://pro4sec.com/
and the Wassenaar Arrangement,” 8th International Conference on Cyber about/; “Communication Data Analytics—ClearTrail,” ClearTrail Technologies,
Conflict, Tallinn, 2016, 175–190, https:// ieeexplore.ieee.org/abstract/ August 17, 2021, https://clear-trail.com/.
document/7529434; Lillian Ablon, Martin C. Libicki, and Andrea A. Golay,

19
 #ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

29 Lorenzo Franceschi-Bicchierai, “Italian Cops Raid Surveillance Tech attended Russian arms fairs in 2009, 2010, 2015, 2016, 2017, 2018, and
Company Accused of Selling Spy Gear to Syria,” VICE, December 1, 2016, 2019.
https://www.vice.com/en/article/gv5knx/italian-cops-raid-surveillance-tech- 35 “Exploiting Vulnerabilities in Cellebrite UFED and Physical Analyzer from an
company-area-spa-selling-spy-gear-to-syria; Lorenzo Franceschi-Bicchierai, App’s Perspective.”
“Government Spyware Vendor Left Customer, Victim Data Online for
Everyone to See,” VICE, October 24, 2018, https://www.vice.com/en/article/ 36 “BTT Provides State of the Art Solutions for Turkish Government,” Defence
vbka8b/wolf-intelligence-leak-customer-victim-data-online. Turkey Magazine, 2009,
https://www.defenceturkey.com/en/content/btt-provides-state-of-the-art-
30 “Deveryware—Technologies Leader in Investigation and Services for Global solutions-340.
Security,” Deveryware, July 11, 2021, https://deveryware.com/?lang=en.
37 “How the ‘Dual-Use’ Ruse Is Employed to Sell Spyware,” Al Jazeera, April
31 “Our Story,” JENOVICE Cyber Labs, accessed September 21, 2021, 10, 2017, https://www.aljazeera.com/features/2017/4/10/how-the-dual-use-
https://www.jenovice.com/. ruse-is-employed-to-sell-spyware.
32 Bing and Schectman, “Inside the UAE’s Secret Hacking Team of American 38 Hannah Beech, “Myanmar’s Military Deploys Digital Arsenal of Repression
Mercenaries.” in Crackdown,” New York Times, March 1, 2021, https://www.nytimes.
33 “Milipol Paris 2021: Leading Event for Homeland Security & Safety,” Milipol com/2021/03/01/world/asia/myanmar-coup-military-surveillance.html.
France, https://en.milipol.com/; “2021 Exhibitors Archive,” Security and 39 Ibid.; “How the ‘Dual-Use’ Ruse Is Employed to Sell Spyware.”
Policing UK, https://www.securityandpolicing.co.uk/exhibitors/exhibitors-
list-2021/. 40 DeSombre, et al., Countering Cyber Proliferation.
34 This excludes any firms also headquartered in Russia and China. For 41 Ibid.
example, Norsi Trans is a high-confidence Russian company that has

20
#ACcyber SURVEILLANCE TECHNOLOGY AT THE FAIR

CHAIRMAN –—ƒ”–Ǥ‹œ‡•–ƒ– ƒŽŽ›Ǥƒ‹–‡” HONORARY

ȗ ‘Š ǤǤ‘‰‡”• Š‘ƒ•ǤŽ†”‹†‰‡ ƒǤƒŽƒ…‹‘ DIRECTORS
ƒ”Ǥ•’‡” ȗ‘•–ƒ•ƒ–ƒœ‘’‘—Ž‘• ƒ‡•Ǥƒ‡”ǡ
EXECUTIVE ȗŽƒǤ Ž‡‹•…Šƒ Žƒ‡ŽŽ‡‰”‹‹ •Š–‘Ǥƒ”–‡”
CHAIRMAN ‡†ƒ›‹Ǥ ”ƒœ‡” ƒ˜‹†Ǥ‡–”ƒ‡—• ‘„‡”–Ǥ
ƒ–‡•
EMERITUS ‘—”–‡›
‡†—Ž†‹‰ Ǥ‡‹‡”‹‡”•‘ ƒ‡•Ǥƒ––‹•
ȗ ƒ‡•Ǥ ‘‡• ‡‰
‡–Ž‡ ‹•ƒ‘ŽŽ‹ƒ ‹…Šƒ‡Ž
Ǥ—ŽŽ‡
PRESIDENT AND CEO Š‘ƒ•Ǥ
Ž‘…‡” ƒ‹‡ŽǤ‘‡ƒ ‡‘Ǥƒ‡––ƒ
ȗ ”‡†‡”‹…‡’‡ ‘ŠǤ
‘‘†ƒ ȗ‹ƒǤ‘™‡ŽŽ ‹ŽŽ‹ƒ Ǥ‡””›
ȗŠ‡””‹Ǥ
‘‘†ƒ †††…‘”‹… ‘†‘Ž‡‡œœƒ‹…‡
EXECUTIVE VICE —”ƒ–Šƒ
òƒŽ •Š”ƒˆƒœ‹ ‘”•–‡Ž–•…Š‹
CHAIRS ‹”Ǥƒ†Œƒ‹ ‘„‡”–ƒ‰‡Ž ‹ŽŽ‹ƒǤ‡„•–‡”
ȗ†”‹‡‡”•Š– ”ƒƒ— Š‘ƒ• Ǥ‹†‰‡ 
ȗ–‡’Š‡ Ǥƒ†Ž‡› ‹…Šƒ‡ŽǤƒ›†‡
ƒ”›‹‡•…Š‡Ž
 ‹‘Ž– ƒ™”‡…‡‹‹–ƒ
VICE CHAIRS ȗƒ”ŽǤ‘’‹• ‹…Šƒ‡Ž Ǥ‘‰‡”•
ȗ‘„‡”– Ǥ„‡”‡–Š› †”‡™‘˜‡ Šƒ”Ž‡•Ǥ‘••‘––‹
ȗ‹…Šƒ”†Ǥ†‡Žƒ ƒ”›Ǥ‘™‡ŽŽ ƒ””›ƒ…Š‹‹•
ȗǤ‘›†‡
”ƒ› ƒŠƒ–‘™›…œ Ǥ‹…Šƒ‡Ž…ƒ’ƒ””‘––‹
ȗŽ‡šƒ†‡”Ǥ‹”–…Š‡˜ ƒ”•ƒ‘™‹–œ ˜ƒǤ…ŠŽƒ‰‡”
ȗ ‘Š Ǥ–—†œ‹•‹ ‘Žˆ‰ƒ‰ Ǥ•…Š‹‰‡” ƒŒ‹˜ŠƒŠ
TREASURER ‡„‘”ƒŠ‡‡ ƒ‡•
”‡‰‰Š‡””‹ŽŽ
ȗ
‡‘”‰‡—† ‘‹ƒǤ ‘Š•‘ Ž‹ ‡Šƒ‰‹”‹††‹“—‹
ȗƒ”‹ƒ‹…ƒƒ”’ ”‹•‹‰Š
DIRECTORS †”‡‡ŽŽ‡‡”• ƒŽ–‡”Ž‘…‘„‡
–±’Šƒ‡„”‹ƒŽ ‡”›Ǥ‹••‹‰‡” Š”‹•–‘’Š‡”‹–Š
‘††…Š‹ŽŽ‡• ȗǤ ‡ˆˆ”‡›‹––‡Ž Ž‹ˆˆ‘”†Ǥ‘„‡Ž
ȗ‡–‡”…‡”ƒ ”ƒŽ‹Ǥ”ƒ‡” ƒ‡•
Ǥ–ƒ˜”‹†‹•
‹‘–Š›Ǥ†ƒ• ƒ—”ƒƒ‡ ‹…Šƒ‡ŽǤ–‡‡Ž‡
ȗ‹…Šƒ‡Ž†‡”••‘ ƒǤ‘†ƒŽ ‹…Šƒ”† ǤǤ–‡‡Ž‡
ƒ˜‹†Ǥ—ˆŠƒ—•‡” ‘—‰Žƒ•—–‡ ƒ”›–”‡‡––
ƒ”„ƒ”ƒƒ””‡–– ƒ‡‘ŽŽ—–‡ ȗ ”ƒ…‡•Ǥ‘™•‡†
‘ŽŽ‡‡‡ŽŽ ‹ŽŽ‹ƒ Ǥ› Ž›†‡Ǥ—‰‰Ž‡
–‡’Š‡‹‡‰— ƒ”ƒ…Š‹ ‡Žƒ‡‡”˜‡‡”
ȗƒˆ‹…Ǥ‹œ”‹ ‹ƒǤƒ•Šƒ Šƒ”Ž‡• ǤƒŽ†
ȗ‹†‡ǤŽ—‡ ƒ”…‘ƒ”‰Š‡”‹ ‹…Šƒ‡Ž ǤƒŽ•Š
†ƒ‘‡ŠŽ‡” ‹…Šƒ‡Žƒ”‰‘Ž‹• ‘ƒŽ†‡‹•‡”
Š‹Ž‹’Ǥ”‡‡†Ž‘˜‡ Š”‹•ƒ”Ž‹ Ž‹‡–Š‹‰–‘
›”‘”‹ŽŽ‹ƒ– ‹ŽŽ‹ƒƒ””‘ ƒ…‹‡Œ‹–—…‹
ȗ•–Š‡””‹‡”
‡”ƒ”†‘ƒ–‘ ‡ƒŽǤ‘Ž‹
Ǥ‹…Š‘Žƒ•—”• ‹‘–Š›…”‹†‡ ȗ ‡›‘‘†
ȗ‹…Šƒ”†Ǥ—”– ”‹…
”ƒ‹
—ƒ‰ƒ‰
‡”‡•ƒƒ”Ž•‘ ‘ŠǤ…—‰Š ƒ”›Ǥƒ–‡•
ƒ‡•Ǥƒ”–™”‹‰Š– ”‹…ǤǤ‡Ž„› ‘˜ǤƒŠ‡‹
‘ŠǤŠƒ’‘–‘ ȗ —†‹–ŠǤ‹ŽŽ‡”
Š‡†Šƒ”ƒ‹ ƒ”‹—•œ‹‘†—•‹
‡Žƒ‹‡Š‡ ȗ‹…Šƒ‡Ž Ǥ‘”‡ŽŽ
‹…Šƒ‡ŽŠ‡”–‘ˆˆ ȗ‹…Šƒ”†‘”‹‰•–ƒ”
ȗ
‡‘”‰‡Š‘’‹˜•›
‡‘”‰‡––‡‘•„ƒ…Š‡”
‡•Ž‡›ǤŽƒ” ƒ„‹•ƒ Ǥ‘›‘
ȗ‡Ž‹ƒ”‘ˆ– ‹”‰‹‹ƒǤ—Ž„‡”‰‡”
ƒŽ’ŠǤ”‘•„›ǡ ”Ǥ ƒ”›Žƒ‹”‡—”’Š›
ȗ‹–Ǥ‡•ƒ‹ †™ƒ”† Ǥ‡™„‡””›
ƒ”‹‘‡•–‡ Š‘ƒ•Ǥ‹†‡•
ȗƒ—Žƒ Ǥ‘„”‹ƒ•› ”ƒ…‘—•…Š‡•‡
‘•‡’Š Ǥ—ˆ‘”†ǡ ”Ǥ ‘•‡’ŠǤ›‡
Š‘ƒ• Ǥ‰ƒǡ ”Ǥ Š‡–ǤY”‡

*Executive Committee Members

21 List as of October 20, 2021