Investigating: US Securities and Exchange Commission.Photo: Bloomberg
A report from a Canadian research organisation has again raised the uncomfortable question of whether Silicon Valley's technology is being used by so-called terrorist states to repress their citizens.
The University of Toronto's Citizen Lab has released a report focusing on Blue Coat Systems and how its technology apparently is still part of Syria's state-sponsored telecommunications networks and is being used in Sudan and Iran.
Cuba, Iran, Sudan and Syria have been labelled by the US State Department as state sponsors of terrorism, and are subject to economic sanctions and export controls. Trade is restricted to these countries, but not completely illegal. Companies can get limited import-export exemptions.
The Citizen Lab report put the spotlight on Blue Coat, but the issue has spread throughout Silicon Valley. With the fastest growing markets overseas, tech companies have turned to a wide variety of local information technology vendors to sell their products. But keeping close tabs on where and how all those vendors sell their products has become difficult.
As a result, various US agencies have been stepping up enforcement in recent years.
A glimpse of these efforts can be seen in an ongoing series of letters between the US Securities and Exchange Commission (SEC) and various companies. In 2005, US Congress directed the SEC to create the Office of Global Security Risk, which has been sending letters asking companies to detail their relationship with the four countries.
In just the last year, the SEC has sent letters to a long list of tech companies regarding potential use of their products in the four countries. Recipients included Oracle, Hewlett-Packard, EMC, NetApp, Motorola Mobility and Infosys.
In one such letter, to Teledyne Technologies of Thousand Oaks, California, the SEC noted that the company has paid "$US30,385 to settle allegations of violations of the Sudanese Sanction Regulations." Teledyne officials said they had discovered that a vendor had resold some of their equipment and that the company had self-reported the problem.
VeriFone Systems of San Jose, California, faced questions about whether some of its point-of-sale technology was being used in Iran. The company said it did not believe it was. But the company did write: "In early 2012, in connection with a routine internal audit review, we discovered the following instances of unauthorised contacts and activities involving the referenced countries." The details of those findings were confidential and not in the letter.
NetApp had been the subject of previous news stories that its equipment was being used by the Syrian government as part of a nationwide surveillance system. The SEC asked NetApp for a response to those reports. As of April 2012, the company said it had not been able to verify the reports, and the matter was eventually closed.
Sign up for CIO Asia eNewsletters.