Use of MSAB digital forensic tools in Myanmar exposes gap between EU tech investment & regulation
"Tools for Repression in Myanmar Expose Gap Between EU Tech Investment and Regulation", 14 June 2021
... [T]he Myanmar military and police have engaged in an increasingly violent crackdown, killing over 860 protesters and bystanders, injuring thousands, and brutally torturing political prisoners. The generals have... used smartphone data as evidence for mass arrests.
... One of the products currently in the possession of Myanmar’s security forces is a digital forensic tool from the Swedish company MSAB. It’s the European equivalent of Cellebrite, the Israeli company known for its phone-hacking devices, which also appears in the leaked documents; MSAB’s technology is able to break mobile phone encryption... MSAB’s products can also extract passwords and login tokens from mobile devices, allowing authorities to remotely enter someone’s online services...
MSAB confirmed that it sold its forensic tools to Myanmar police in 2019, two years after security forces targeted the Rohingya in what the U.N. said could amount to crimes against humanity. According to the leaked budget documents, as well as tender documents found on government websites, MSAB also intended to sell a number of phone extraction products to Myanmar’s Bureau of Special Investigations in 2021 via a third-party distributor called MySpace International... Following the February coup, MSAB called off the deal. Yet the company’s earlier products remain in the hands of Myanmar’s security forces.
... [T]he European Union is investing in MSAB’s growth. Indeed, EU research money has developed technology that feeds into the same products that MSAB sold to Myanmar in 2019.
In response to critical questions about the 2019 sale, MSAB has said that limited technology was sold to police working for a civilian government and that the licenses for these forensic devices were canceled after the 2021 coup. Still, the scenario raises important questions about EU efforts to create tools for the security sector inside and outside the bloc...
Funding for MSAB and others comes from the EU’s flagship technological research program Horizon Europe, previously known as Horizon 2020. MSAB is the lead technology company on the “Formobile” project, a consortium of 19 companies, research institutions, and police departments set up in 2019 to develop technology to unlock mobile devices without user consent and extract and analyze data as evidence in criminal investigations.
... The products that were eventually sold to Myanmar... were “not the most powerful levels of our technology,” explained Mike Dickinson, chief business development officer at MSAB... Yet data analysis and extraction tools can still be used against a person’s will — such as when a detainee is forced to unlock a phone that is then searched.
... Dickinson told The Intercept that MSAB’s sales to Myanmar were licit given the country’s democratic elections in 2015 after decades of military rule. But local analysts say that a short look at Myanmar’s political context would call this reasoning into question...
According to Dickinson... after the February coup the company stopped plans for any future collaboration with Myanmar and revoked the licenses on the forensic technology it sold two years ago. At least, he said, that meant whoever now had the devices wouldn’t be able to update them. Such a distinction means little for Myat and Myanmar’s citizens, who are facing the possibility of life under an increasingly violent and well-equipped military dictatorship. Is MSAB confident that its devices aren’t currently being used in Myanmar?
Dickinson wouldn’t say.