Ontario Teachers' Pension Plan invests in Internet surveillance company that backstops notorious dictatorships

The Ontario Teachers Pension Plan (OTPP) has joined a private equity consortium that acquired the notorious Internet surveillance company BlueCoat, yoking teachers' retirement security to the fortunes of a company that has systematically assisted some of the world's most brutal dictatorships to censor and surveil their citizenry. Blue Coat has blood on its hands, people rounded up and tortured and even killed thanks to it and products like it, and it's a disgrace for teachers -- whose professional ethics embrace freedom, intellectual inquiry, and fairness -- to be part of the financial exit strategy for the people who founded and ran that company.

Ron Deibert and Sarah McKune from the University of Toronto's CitizenLab and Munk School of Global Affairs have written an op-ed in the Toronto Star, detailing some of BlueCoat's ethical unsuitablity, and the fact that the OTPP went into the transaction having been thoroughly briefed on what they were getting into.

If you'd like to read more about BlueCoat, check out CitizenLab's excellent report: "Mapping Global Censorship and Surveillance Tools."

Now, a year later, Citizen Lab has released a new report, Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Using a combination of technical interrogation methods, our researchers scanned the Internet to look for signature evidence of Blue Coat products. While our investigation was not exhaustive and provided only a limited window of visibility into the deployment of such tools, what we were able to find raises serious concerns.

We uncovered 61 Blue Coat ProxySG and 316 Blue Coat PacketShaper devices, which are designed to filter online content and inspect and control network traffic. While legitimate for some purposes, these capabilities can also be used for mass censorship and surveillance of a country’s Internet users. It is noteworthy in this respect that 61 of these Blue Coat appliances are on public or government networks in countries with a history of concerns over human rights, surveillance and censorship (see the work of the OpenNet Initiative documenting such concerns).

Specifically, we found the ProxySG product, designed to filter access to information online, in Egypt, Kuwait, Qatar, Saudi Arabia and the United Arab Emirates. We found the PacketShaper appliance, capable of deep packet inspection and mass surveillance, in Afghanistan, Bahrain, China, India, Indonesia, Iraq, Kenya, Kuwait, Lebanon, Malaysia, Nigeria, Qatar, Russia, Saudi Arabia, South Korea, Singapore, Thailand, Turkey and Venezuela.

Teachers’ pension plan invests in Internet surveillance firm. (Thanks, Mom!)


    1. That said… I used to invest in things called “Ethical Funds” for years (remember those? not even sure if they are still around). They were terrible, less than inflation return. In addition there were news reports after a few years that not all of the investments they made fit the “ethical” view. Though to be fair determining that can be difficult at times particulary when you have some pretty diverse companies.

      Anyway the only real reason I responed was that Rick Mercer made an awsome fake commercial for “Ethical Funds”. I’ll let someone else YouTube it…. :)

      Edit: Though I believe it was on the TV show “This Hour has 22 Minutes” and not the “Mercer Report”.

  1. Not that I disagree with the thrust of the story, or that I think that BlueCoat aren’t bad guys (I can’t be bothered to check), but:

    “While legitimate for some purposes, these capabilities can also be used for mass censorship and surveillance of a country’s Internet users.”

    *Can* also be used. Substantial non-infringing uses are a good excuse for p2p networks, but not for proxy servers? Are you changing sides in the coming war on general purpose computing?

    1. Indeed.  My familiarity with BlueCoat products was focused on
      – reducing users’ exposure to malicious websites that would infect them with viruses
      – caching to reduce bandwidth use (which has caused problems at the workplace I’m thinking of, mainly during big sporting events)
      – giving management types an  understanding of how much of the network capacity they’re paying for, is being used for what purpose

      One thing we were absolutely clear on was that management or HR couldn’t just ask what a user was doing online.

      1. Yes, but management types run the company and can and do (and U.S Courts have upheld their right to) look at anything and everything done on or with company equipment and networks.

        1. Absolutely – my point was simply that just because a company has a general-purpose capable of doing a thing (and, to your point, just because it wouldn’t be breaking the law doing that thing) it doesn’t mean it is doing that thing.

          As long as users are fully aware of any surveillance in place, and what their expectations with regard to privacy should be, and the surveillance is imposed in a place the user isn’t constrained to being (like a workplace they get to leave at the end of the day, not like a city or country)

          The issue isn’t with the technology, it’s with the use of it.

          None of this excuses BlueCoat’s dealing with regimes that can reasonably be expected to use the technology coercively (if indeed they have been doing so – you can buy used ones when their original owners surplus them).  You could even argue that a company whose product has the potential to be used malicious like this has an obligation to take active measures to look for signs it is being (checks for software updates coming from Syria, etc.)

  2. This reminds me of the excellent keynote address given by Jacob Appelbaum and Roger Dingledine at the 2011 Chaos Computing Club meeting.

    Bluecoat in Syria shows up at around 0:40:20

  3. My wife just happens to be an Ontario teacher.  Her pension money is a big part of my future retirement.

    I’m going to go home and shower, but all the soap in the world isn’t going to make me feel less dirty.


  4. Isn’t this just consistent with the current state of schools? Little surveillance gulags where any impropriety like throwing an imaginary grenade or drawing a picture of a fire can get you sent to solitary.

  5. One last try…

    FYI:  The U.S. Department of the Interior (DOI) also feeds Blue Coat’s coffers.

    Yes, filters have many proposed valid uses: “Just keep us safe! If, we loose access to some sites or pages, that’s OK, Just keep us safe.” (This is what gave us security theatre in airports and all kinds of buildings and functions – that also doesn’t work in the same ways!) The problems are two fold: on one side they don’t work by letting a lot of bad sites thru; on the other they block a lot of important useful legitimate sites.  And who decides which sites are OK to let thru?

    Also, Blue Coat could choose to not do business with or court oppressive regimes or organizations.  Or Congress and/or international bodies could make it illegal or otherwise prohibitive to do so.

    So. My recent story about BlueCoat
    While attending a workshop in a western National Park, the Park Service presenter tried to show us something germane to our panel discussion from a web site.  She typed an appropriate and absolutely safe search term into the ubiquitous Google search – projected for all 350+ people to see – and we were greeted by a warning banner page (I caught a photo on my phone):

    “The web site you are trying to reach has been blocked per DOI/Bureau Policy.
    The website w3.google… is currently categorized as: Adult;Pornography;Images
    Your IP address, if requested for troubleshooting, is -nnn.nnn.nnn.nnn
    This page was generated by Blue Coat on -date & time
    Submit a Site for Re-Categorization by Blue Coat -link
    The World Wide Web is a dynamic and fast-Changing place. If you believe the web page you are trying to reach is not categorized correctly, you may request that the site be re-categorized by Blue Coat, the vendor responsible for categorizing the web sites, by filling out the form located at the link above. The vendor will review… [blah, blah] and may update if appropriate.  [yada, yada]”

    “…If you believe the web site is categorized correctly and you have a legitimate business need to access it, please submit a request for exception to your Enterprise Security Officer….”

    First things that strike me are that not only is the U.S. government patronizing Blue Coat to do DOI’s web proxy/filtering/nanny dirty work – and thereby propping up their profits and ability to go after unsavory clients too – but, by submitting requests for recategorization and/or review, U.S. government employees are doing part of Blue Coat’s work for them by finding flaws and lacunae in their filters, lists and categorization algorithms.

    And google is blocked?! classified as adult/porn?!  You should have heard the scoffs and scorn.

    Another panel member commented on Blue Coat’s and it’s parent company’s and affiliates’ profiting from providing this same technology to oppressive regimes and organizations worldwide who use it for the purposes already stated.  By the time we got back on tack many were ready to … do something … but, what?

    What are concrete constructive things we can do about this and it’s ilk?  How can we hold investment funds and the institutions that fuel them accountable?

    Do teachers and other employees have a choice or a real voice?  Most employees of companies and governments, as well as citizens behind Blue Coat’s walls certainly don’t.

    U.S. tax dollars at work – how much does DOI pay Blue Coat?
    DOI, with a $10 – 20 billion annual budget, over 70,000 employees…

    Blue Coat claims over 75 million users across “more than 15,000 customers worldwide, including 88% of the Fortune Global 500.”

    Why do we – U.S. citizens, Canadian citizens, clients of these Fortune Global 500 – let this go on?  And why does Canada?

    Can the Canadian Government not forbid the use of any public monies to support such a thing? Well, they can, and we can, but it hasn’t happened yet.

    BTW The real reason most investment in Blue Coat was sold is that it’s now owned by the private equity firm mentioned (Thomas Bravo) and is also, therefore, now much more opaque and much less accountable.

Comments are closed.