Fibre-optic cables

Advanced Middle East Systems has been offering a device called Cerebro, which taps information from fiber-optic cables carrying internet traffic. Photograph: Corbis

Private firms are selling spying tools and mass surveillance technologies to developing countries with promises that “off the shelf” equipment will allow them to snoop on millions of emails, text messages and phone calls, according to a cache of documents published on Monday.

The papers show how firms, including dozens from Britain, tout the capabilities at private trade fairs aimed at offering nations in Africa, Asia and the Middle East the kind of powerful capabilities that are usually associated with government agencies such as GCHQ and its US counterpart, the National Security Agency.

The market has raised concerns among human rights groups and ministers, who are poised to announce new rules about the sale of such equipment from Britain.

“The government agrees that further regulation is necessary,” a spokesman for the Department for Business, Innovation and Skills said. “These products have legitimate uses … but we recognize that they may also be used to conduct espionage.”

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.

The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.

The index has details from 338 companies, including 77 from the UK, offering a total of 97 different technologies.

One firm says its “massive passive monitoring” equipment can “capture up to 1bn intercepts a day”. Some offer cameras hidden in cola cans, bricks or children’s car seats, while one manufacturer turns cars or vans into surveillance control centres.

There is nothing illegal about selling such equipment, and the companies say the new technologies are there to help governments defeat terrorism and crime.

But human rights and privacy campaigners are alarmed at the sophistication of the systems, and worry that unscrupulous regimes could use them as tools to spy on dissidents and critics.

Libya’s former leader Muammar Gaddafi is known to have used off-the-shelf surveillance equipment to clamp down on opposition leaders.

Privacy International believes UK firms should now be subject to the same strict export licence rules faced by arms manufacturers.

“There is a culture of impunity permeating across the private surveillance market, given that there are no strict export controls on the sale of this technology, as there are on the sale of conventional weapons,” said Matthew Rice, research consultant with Privacy International.

“This market profits off the suffering of people around the world, yet it lacks any sort of effective oversight or accountability.

“This lack of regulation has allowed companies to export surveillance technology to countries that use their newly acquired surveillance capability to spy on human rights activists, journalists and political movements.”

Privacy International hopes the Surveillance Industry Index will give academics, politicians and campaigners a chance to look at the type of surveillance technologies now available in the hope of sparking a debate about improved regulation.

The documents include a brochure from a company called Advanced Middle East Systems (AMES), based in Dubai. It has been offering a device called Cerebro – a DIY system similar to the Tempora programme run by GCHQ – that taps information from fibre-optic cables carrying internet traffic.

AMES describes Cerebro as a “core technology designed to monitor and analyze in real time communications … including SMS (texting), GSM (mobile calls), billing data, emails, conversations, web mail, chat sessions and social networks.”

The company brochure makes clear this is done by attaching probes to internet cables. “No co-operation with the providers is required,” it adds.

“Cerebro is designed to store several billions of records – metadata and/or communication contents. At any time the investigators can follow the live activity of their target with advanced targeting criteria (email addresses, phone numbers, key words),” says the brochure.

AMES refused to comment after being contacted by the Guardian, but said it followed similar protocols to other surveillance companies. “We don’t want to interact with the press,” said a spokesman.

Another firm selling similar equipment is VASTech, based in South Africa, which has a system called Zebra. Potential buyers are told it has been designed to help “government security agencies face huge challenges in their combat against crime and terrorism”.

VASTech says Zebra offers “access to high volumes of information generated via telecommunication services for the purposes of analysis and investigation”.

It has been designed to “intercept all content and metadata of voice, SMS, email and fax communications on the connected network, creating a rich repository of information”.

A spokesman for the company said: “VASTech produces products for governmental law enforcement agencies. These products have the primary goal of reducing specifically cross-border crimes such as child pornography, human trafficking, drug smuggling, weapon smuggling, money laundering, corruption and terrorist activities. We compete internationally and openly against several suppliers of similar systems.

“We only supply legal governments, which are not subjected to international sanctions. Should their status change in this regard, we hold the right to withdraw our supplies and support unilaterally.”

Ann McKechin, a Labor member of the arms export control committee, said: “Obviously we are concerned about how our government provides licenses, given these new types of technology.

“Software technology is now becoming a very large component of our total exports and how we police it before it gets out of country will become an increasingly difficult question and I think the government has to review its processes to consider whether they are fit for the task.”

She said the Department for Business, Innovation and Skills, which has responsibility for granting export licenses, had to ensure it has the skills and knowledge to assess new technologies, particularly if they were being sold to “countries of concern”.

“The knowledge of staff which maybe more geared to more traditional types of weaponry,” she added.

A business department spokesperson said: “The government agrees that further regulation is necessary. These products have legitimate uses in defending networks and tracking and disrupting criminals, but we recognize that they may also be used to conduct espionage.

“Given the international nature of this problem we believe that an internationally agreed solution will be the most effective response. That is why the UK is leading international efforts to agree export controls on specific technologies of concern.

“We expect to be able to announce real progress in this area in early December.”