Media Coverage: Gigaom, Infosecurity Magazine, The Verge, The Register.
The Organisation for Economic Co-operation and Development (OECD) determined that Gamma International, the British-German firm responsible for the production of FinFisher, was in violation of human rights guidelines. The report, published by the United Kingdom National Contact Point (UK NCP) of the OECD, comes on the heels of a complaint regarding the firm, brought by Privacy International, Bahrain Watch and other organizations. In particular, the report was based on allegations that Gamma International had sold its software to the Bahraini government, a regime known for its brutal human rights record and persecution of dissidents.
Specifically, the software is thought to have been used against three Bahraini activists living in the UK under political asylum, whose computers were targeted. This was also the subject of criminal action taken up by Privacy International, based on research conducted by Citizen Lab on the global presence of FinFisher.
The UK NCP concluded that Gamma International had failed to act consistently with provisions of the OECD Guidelines, which require businesses to do appropriate due diligence in their operations, ensuring that negative human rights effects are avoided. The report also cited the absence of a company policy on human rights respect as problematic. The NCP added that Gamma International’s legal representative “raised obstacles” to the complaint and its subsequent investigation, hindering a complete assessment. According to the NCP, this amounted to a lack of good faith on the part of the company.
In the final sections of the report, the NCP made recommendations to the firm, which included creating a mechanism to identify if software products have been misused, as well as the establishment of a remedy process. A follow-up report by the OECD is expected in November 2015.