NetApp Role in Syria Spy Project Spurs Demands for U.S. Inquiry

NetApp Headquarters
The U.S. government may need to determine if the shipment of U.S.-based NetApp's computers to Syria may have violated U.S. sanctions, says Hal Eren a former lawyer for the Treasury Department's Office of Foreign Assets Control who is in private practice in Washington. Photographer: Paul Sakuma/AP

U.S. lawmakers are calling for an investigation into NetApp Inc.’s role in an Internet-surveillance system that has been under construction in Syria throughout this year’s political crackdown.

Senators Mark Kirk, a Republican from Illinois, and Robert Casey, a Democrat from Pennsylvania, will send a letter today to the State and Commerce departments requesting an investigation into two U.S. companies whose technology has been used to “monitor activities of Syrian citizens,” according to a draft of the letter. One of the companies is NetApp, whose role in the Internet surveillance system was detailed in a Nov. 3 article by Bloomberg News.

In addition, Representative James McGovern, a Democrat from Massachusetts and co-chairman of the Tom Lantos Human Rights Commission in the House, said he has instructed his staff to follow up with government agencies regarding NetApp to make sure U.S. sanctions against Syria are being enforced.

“I find it unconscionable that a U.S.-based company’s technology is being sent to Syria to help spy on peaceful citizens,” McGovern said.

The Syrian Internet surveillance project, headed by the Italian company Area SpA, is designed to intercept and catalog virtually every e-mail that flows through the country, and workers have been installing it under the direction of Syrian intelligence, Bloomberg reported, citing blueprints and other documents, as well as a person familiar with the project.

“We are concerned about U.S. and U.S.-connected entities providing the tools of repression to Syria,” Kirk said in an interview with Bloomberg TV.

Blue Coat Systems

The Senators also called on the government agencies to investigate Blue Coat Systems Inc., whose technology was discovered filtering web sites inside of Syria by Telecomix, a group of online activists.

The Internet surveillance project for intercepting e-mail and Web sessions would be more intrusive than equipment for blocking websites. It includes NetApp’s hardware and software for archiving e-mails for easy retrieval.

Early project schematics state that NetApp’s technology would provide four petabytes of storage for archiving e-mails and other data. That is more than 15 times the amount of data stored in the online archive of the Library of Congress, or enough storage space for more than a billion digital copies of the epic Leo Tolstoy novel “War and Peace.”

U.S. Contracts

In their letter, Senators Kirk and Casey ask that pending conclusion of an investigation, officials consider suspending all U.S. government work with NetApp, which received more than $111 million in U.S. contracts since 2001. The Sunnyvale, California-based company has a market value of about $15 billion and more than 10,000 employees.

The U.S. has banned most American exports to Syria other than food or medicine since 2004.

NetApp says it is committed to global trade compliance.

“NetApp does not condone the location or use of its products in Syria,” said Jodi Baumann, NetApp’s senior director for corporate communications, in an e-mailed statement. “We are engaged in a vigorous effort to determine what the true facts are. We have also notified the U.S. government about the Bloomberg article and offered our full assistance.”

On its website, Blue Coat said the company’s products were “transferred illegally” to Syria and it is “conducting an internal review” of the matter. Spokesman Steve Schick declined to comment on the Senators’ letter.

Public Backlash

Eric King, human rights and technology adviser for Privacy International in London, said companies shouldn’t be allowed to recklessly disregard the potential for harm.

“The fact that there may be several degrees of separation between the original seller and the end user does not negate responsibility when products designed to facilitate blanket surveillance of a population are used for exactly that,” King said.

Amid public backlash against the project in recent days, Area Chief Executive Officer Andrea Formenti said Nov. 8 that his company is weighing options that may include exiting the Syria deal. Area has never had any relations with Syrian intelligence agencies, and its dealings comply with all export rules, the company said. Work on the Syria project has been suspended for more than two months, Formenti said, declining to say why. Technical problems “could be one of the reasons,” he said in an interview.

Never Operational

The project hasn’t been completed and has never been operational, Formenti said.

NetApp could also face questions about its disclosures to U.S. regulators. In a letter early last year, NetApp reported to the Securities and Exchange Commission that it didn’t knowingly do business with Syria and had controls to prevent resellers from doing so -- even as documents show plans were under way to include its equipment as part of the Syrian surveillance system.

The correspondence raises additional questions about NetApp’s disclosures of its business dealings and how much it knew.

“Companies have to make correct disclosures,” said Peter J. Henning, professor of law at Wayne State University Law School in Detroit and a former SEC enforcement attorney. “The Commission will want to know how high up did this go and who knew about it.”

SEC records show the agency contacted NetApp Feb. 26, 2010, citing reports that indicated the company’s resellers had operations in Syria, Iran or Sudan. The agency also questioned whether NetApp had business dealings in Cuba.

The company responded in writing two weeks later, saying it had neither sold nor shipped any of its products to the sanctioned countries, and didn’t intend to do so. It had no knowledge of such sales by resellers, NetApp said.

NetApp in Blueprints

“In compliance with its policies and procedures, the company does not knowingly provide any products, technologies, services, or financial support to the sanctioned countries,” NetApp said in its response.

As early as March 11, 2010 -- one day before that letter -- NetApp’s products appeared in blueprints for the Internet surveillance system being implemented in Syria, according to documents obtained by Bloomberg.

In a March 18 reply, the SEC wrote to NetApp that the agency had completed its review and had no further comments.

After the sale of the NetApp equipment, Italian employees of the company and Area e-mailed each other about configuring the equipment, copies of correspondence show.

Pressure for Shutdown

John Nester, director of public affairs at the SEC, said the agency regularly seeks more information from publicly traded companies about possible business dealings with sanctioned countries. He declined to discuss the SEC’s correspondence with NetApp.

Nonprofit groups such as New York-based Human Rights Watch are adding pressure to shut down the project. On Nov. 8, protesters from Italy’s Pirate Party and National Coalition to Support the Syrian Revolution rallied outside Area’s headquarters next to Milan’s Malpensa Airport demanding a halt to the project.

Meanwhile, Access, a New York-based nonprofit, launched an online campaign Nov. 8 calling for the U.S. and European companies involved to abandon the project.

“If they do not, they are likely to be complicit in the abuses that Assad’s regime is set to perpetrate once the new surveillance infrastructure is operational,” said Brett Solomon, executive director of Access.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE