A group of Swedish programmers have spoken out against practices by their US-owned business to supply internet surveillance technology to Turkey, Forbes has revealed.

Technical engineer reportedly Kriss Andsten first blew the whistle on the practices and quit supplier Procera, stating “I do not wish to spend the rest of my life with the regret of having been a part of Erdoğan’s insanity, so I’m out.”

Some of Turkey's surveillance capabilities have been compared to XKEYSCORE used by the NSA
Some of Turkey’s surveillance capabilities have been compared to XKEYSCORE used by the NSA

The revelations confirm long-held suspicions by digital campaign groups that Turkey has sourced commercial solutions providing a capacity to monitor, identify associations, create social graphs of internet users and even extract user passwords. Another developer stated “I don’t want blood on my code.”

Users and providers of unencrypted services appear to be most at-risk from the tools, particularly news sites that don’t use SSL/TLS to provide a green padlock that secures journalists and readers visiting their sites.

Provider Turk Telecom / TTNet has been singled out as the main customer using the company’s so-called compliance tools which were implemented by integrator Sekom.

The surveillance tools described primarily take advantage of insecure websites – Turkish news sites and services lag internationally by failing to provide secure versions of their content.

The surveillance system is able to build up databases about the news articles people read, the comments they post, sites they visit and even their usernames and passwords, a capacity which internet security researcher Nicholas Weaver compared to widely-reported NSA XKeyScore system in its ambitions, if not scope.

The original report covering Procera’s activities available on Forbes details how Western technology vendors increasingly face an ethical dilemma in supplying monitoring systems to countries with poor track records in democracy and human rights. According to the report, Procera management has expressed a degree of social responsibility and concern, though the controversial password collection system was ultimately still developed and deployed via Canadian firm Northforge.