Skip to main content

Waterloo, Ont. tech company blacklisted by U.S. Commerce Department over surveillance, spyware allegations

Share

A Waterloo, Ont. tech company is in hot water for allegedly providing technology that can be used for mass surveillance and censorship.

U.S. private equity firm Francisco Partners said it’s no longer the owner of troubled technology vendor Sandvine, which was blacklisted by the U.S. Department of Commerce earlier this year for supplying “mass web-monitoring and censorship” software, as reported by Bloomberg.

Sandvine is no stranger to controversy. Over the last several years, they’ve struck deals with autocratic governments, including Egypt, where the company’s technology was allegedly used to inject spyware into the devices of government critics.

What does Sandvine do?

To fully understand what Sandvine is being accused of, it’s important to know what they do – something called deep packet inspections (DPI).

“What does that mean? When you go to a particular website, there may be websites that are blocked. Sometimes they will go to a ‘dot com’ and it redirects to a ‘dot ca.’ All that requires infrastructure, all that requires systems and software behind the scenes,” explained Ritesh Kotak, a cybersecurity technology analyst.

The technology, he adds, also has its benefits.

“For example, if you’re going to a site that has hateful content or banned content, you could get an error message saying the site is not accessible,” Kotak said.

On the radar

A digital forensics investigation group at the University of Toronto warns DPI technology can be weaponized.

Sandvine made it onto The Citizen Lab’s radar in 2018.

“We found Sandvine equipment was being used to inject malware into users in Turkey and to redirect web requests in Egypt as part of a cryptocurrency scam,” Ron Deibert, director of The Citizen Lab, said.

Spyware allegations

Deibert and his team noticed more red flags in 2023.

“We identified Sandvine equipment being used to attempt to inject very sophisticated mercenary spyware into the phone of an Egyptian opposition politician,” he explained.

After The Citizen Lab published a report on this activity, Sandvine was flagged by the U.S. Department of Commerce and placed on an entity list, which is meant to counter the misuse of technology and place tighter controls on their business dealings.

Where the company stands

With Francisco Partners ending its ownership of Sandvine, it’s now unclear who owns the company.

“It’s signalling to investors, to potential customers, that they’re on a naughty list, and that undoubtedly is going to hurt business,” said Deibert.

CTV News tried to reach Sandvine by phone and email in an attempt to get their response to these developments. Several days went by and there was still no reply.

However, the company said in a February statement to Bloomberg that it was “working closely with government officials to understand, address and resolve their concerns.”

Despite its troubles, Sandvine remains operational.

The Citizen Lab believes Ottawa has a role to play going forward.

“There are no export controls around the export of this type of equipment, something that we have advocated for – that the Canadian government change – and they haven’t yet. But we hope they will,” Deibert said.

Until that happens, there are concerns about where the technology could end up and how it could be used.

“The problem with Sandvine is we don’t know the motivations, but we do know that they have repeatedly sold this type of technology to governments that will undoubtedly use it for malign purposes,” said Deibert.

Sandvine has also recently had mass layoffs, which could amount to hundreds of jobs lost internationally, as reported by Bloomberg.

It’s not clear if these layoffs impact employees in Waterloo, Ont., or if they are connected to the recent controversy.

CTVNews.ca Top Stories

Stay Connected