• United States



Nokia Siemens deserves credit for doing the right thing

Dec 15, 20115 mins
Data and Information Security

It’s encouraging that Nokia Siemens is further limiting its business interests in Iran.

According to my colleague Mikael Ricknäs at the IDG News Service:

Telecommunications vendor Nokia Siemens Networks is further limiting the way it does business in Iran, as the international stance against the country is hardened.

The company started to scale back its presence in Iran last year, but has until now extended maintenance contracts, which it will no longer do, a spokeswoman said on Wednesday.

Nokia Siemens made the decision as a result of tougher export restrictions against Iran, said the spokeswoman. The telecommunications equipment vendor isn’t the only one that has decided to limit its business activities in Iran.

In light of how Iran has used and abused its technology, Nokia Siemens is doing the right thing.

This is tricky ground, because a lot of people, organizations and nations use technology in harmless, honest ways.

As one of my contacts on Google+ noted recently, “If I buy a hammer, I will usually use it for its designed purpose – hammer on nails. Does that mean that all producers of hammers should be (or are) responsible for people using a hammer to torture someone with?”

Another friend noted that some countries use defibrillators for torture. Does that mean we stop selling defibrillators where they are needed, he asked.

Good points. But I don’t see this as a case of a few crazy people buying guns and shooting people. This is more about dealing with regimes that can turn around and do harm to a much larger group of people. This has been on my mind since reading an article in the October issue of Bloomberg Markets magazine called “Torture in Bahrain Becomes Routine With Help From Nokia Siemens.”

I found the opening paragraphs particularly disturbing:

The interrogation of Abdul Ghani Al Khanjar followed a pattern.

First, Bahraini jailers armed with stiff rubber hoses beat the 39-year-old school administrator and human rights activist in a windowless room two stories below ground in the Persian Gulf kingdom’s National Security Apparatus building. Then, they dragged him upstairs for questioning by a uniformed officer armed with another kind of weapon: transcripts of his text messages and details from personal mobile phone conversations, he says.

If he refused to sufficiently explain his communications, he was sent back for more beatings, says Al Khanjar, who was detained from August 2010 to February.

“It was amazing,” he says of the messages they obtained. “How did they know about these?”

The answer: Computers loaded with Western-made surveillance software generated the transcripts wielded in the interrogations described by Al Khanjar and scores of other detainees whose similar treatment was tracked by rights activists, Bloomberg Markets magazine reports in its October issue.

The spy gear in Bahrain was sold by Siemens AG (SIE), and maintained by Nokia Siemens Networks and NSN’s divested unit, Trovicor GmbH, according to two people whose positions at the companies gave them direct knowledge of the installations. Both requested anonymity because they have signed nondisclosure agreements. The sale and maintenance contracts were also confirmed by Ben Roome, a Nokia Siemens spokesman based in Farnborough, England.

This isn’t the first time we’ve heard of Siemens technology being used by oppressive regimes. In the most famous case, Siemens technology was targeted with Stuxnet to kick Iran’s nuclear program below the belt. That’s the widely-held belief among researchers, anyway.

Of course, the case of Stuxnet is different from what’s going on in this latest report out of Bahrain. Different technologies are involved in each, and while one story is about using it to steal someone’s information so it can be used against them during a vicious interrogation, the other is about flaws in an industrial control system being exploited to sabotage an operation.

But it’s hard to look at either case and think of Siemens as a complete innocent who has simply been taken advantage of by the bad guys.

A few years ago, I visited Eugene Kaspersky and asked him why so much malware was coming from Russia. He explained that the guys writing the code saw it as them simply doing a job. They just made the stuff. They weren’t the one’s using it for attacks.

Just like the guys making the nuclear weapons during the Cold War.

Come to think of it, a lot of those guys were products of the Cold War, left in want of work after the Soviet Union — and their old jobs — evaporated. Morals weren’t as important as money. Times were desperate and families had to be fed.

Back then my thought was this: People and companies whose technology can be used for evil have a responsibility to pay attention to who uses it and and how. Recent events make me feel the same way.

I’m not trying to suggest that vendors have evil intentions. I don’t think they do.

But now that it’s becoming apparent just how much the bad guys are using them, it’s good to see Siemens stepping up to the plate and taking action.

There’s a point where you should be willing to pull your business from certain countries because it’s the right thing to do.

It took Siemens longer than it should have to realize this. But I’ll take progress wherever I can get it.

–Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO’s Daily Dashboard gives you a