UK firm faces questions over how spyware ended up in Bahrain

Human rights group set to file complaint alleging that Gamma International UK breached OECD guidelines

A British technology firm faces questions about how its specialist surveillance software allowing users to spy on people's emails ended up in Bahrain. Campaigners fear that it was used to help the country's security services crack down on protesters during the Arab spring.
The allegations raise concerns about the export of British technology to oppressive regimes. Tomorrow the campaigners Privacy International will join forces with human rights groups, including the Bahrain Centre for Human Rights and Bahrain Watch, to file a complaint with the Organisation for Economic Co-operation and Development alleging that Gamma International UK is in breach of OECD guidelines for multinational enterprises. A separate complaint is being filed against a German company.
The complaints state: "If both companies did in fact export surveillance software to the Bahraini government, and are continuing to maintain these technologies for use by the Bahraini authorities, the complainants believe this would make them culpable of aiding and abetting the Bahraini government in its perpetration of human rights abuses … In so doing, it is argued the companies are in breach of OECD guidelines concerning human rights."
The guidelines are designed to promote responsible business conduct. The OECD has the power to launch an investigation into the two companies' alleged complicity in human rights abuses and publish its findings. The complaint shines light on the shadowy world of surveillance technology. Unlike weapons and military hardware it is not generally subjected to export restrictions.
According to Privacy International, Gamma's FinFisher (or FinSpy) suite of software products "is a particularly dangerous and sophisticated piece of surveillance technology" that is difficult to detect. The software targets individuals' devices and then relays information back to the sender, including the contents of all emails, Skype conversations and address books.
FinSpy can also be used to activate a device's internal camera and microphone and capture images and audio recordings of the user.
Martin J Muench, of Gamma International, has rejected claims made by researchers at the University of Toronto, who say they have found evidence that FinSpy has been used in over a dozen countries. In an email to the Observer Muench said: "Gamma co-operates with the export controls authorities and the regulators of the UK, US and Germany."
Muench confirmed his company was investigating how its product found its way into Bahrain. "It appears that during a demonstration one of our products was stolen and has been used elsewhere. I believe a copy of FinSpy was made during a presentation and that copy was modified and then used elsewhere."