Imported repression in the Middle East

When Egyptian protesters stormed their government’s buildings at the height of the 2011 revolution, they found themselves wading through heaps of shredded paper and torn-up files. What had not been destroyed, they began to photograph and put online, creating a fascinating glimpse into the inner workings of the Egyptian security state. One of the documents leaked in 2011 included an offer made by the UK-based “Gamma Group” to provide the state with a spyware programme entitled “FinFisher” for the price of about a quarter of a million pounds. FinFisher allows the user to remotely infect computers and monitor communication as well as encrypted data, to read emails, listen to Skype-conversations and even remotely install software. Leaked documents suggested that the Egyptian security services had even once received a free trial version of the software, and been very impressed with the results. However, Gamma International quickly denied that it had ever sold the full software to the Egyptian government.

Photo: Maksim Kabakou. Source:Shutterstock

In June 2014, a rather strange leak reignited the debate about Egypt’s cyber security programmes. The Egyptian newspaper El-Watan published a call for tenders issued in May by the Ministry of the Interior, asking intelligence companies to submit proposals for a new cyber monitoring system. The paper outlines the Ministry’s vision of the new “Social Networks Security Hazard Monitoring System”: the programme should be able to conduct wide-ranging searches across social media platforms including Facebook, YouTube and Twitter, and collect information on those involved in violations of law as well as – and this is the key phrase – “destructive ideas”. Interestingly, the document actually goes on to offer a list of what it considers to be destructive ideas, including amongst others: blasphemy and scepticism in religion, the spreading of rumours and intentional twisting of facts, sarcasm, using inappropriate words, calling for the departure of societal pillars (a clear euphemism for the military), inviting demonstrations, pornography, lack of morality, calling for the normalizing of relations with enemies and circumventing the state’s strategy in this regard.

The Egyptian judiciary has displayed great skill in the past in using vague accusations, such as “spreading false news” and “dividing the country”, to harass and prosecute journalists and activists. So there can be no doubt that the existence of such a surveillance programme in Egypt, if its call for tenders were to be answered, would be a giant free-for-all for the state security apparatus, and a fatal blow to free expression. Human rights groups in Egypt and around the world protested against the plan by the Ministry of Interior and pointed to the guarantees of freedom of expression and of privacy (Art. 57, 73) in the new Egyptian constitution.

There are however more unanswered questions regarding the leak of the call for tenders, most crucially the question of how this could have happened in the first place. El-Watan is not known for any form of opposition activism: that it would independently publish classified documents of the Ministry of Interior seems surprising to say the least. More likely, the leak was yet another of many examples in recent months showing that the Egyptian security apparatus doesn’t mind keeping the public informed about its methods, hoping that doing so will serve to intimidate and discourage activists, or anyone else who had planned to “intentionally twist facts” on the Internet.

Imported repression

One of the most important aspects of the debate about the leaked call for tenders is that if it were answered, all offers would likely come from European or North American companies. In fact, Europe and the United States have become the main supplier of surveillance software not just to Egypt but also Saudi Arabia, Burma and other repressive regimes around the world. The aptly named “Hacking Team” is based in Milan and has opened subsidiaries in the United States and Singapore, Trovicor operates out of Munich, BlueCoat has their headquarters in Sunnyvale, California, while Gamma International is a part of the UK-based Gamma Group.

At first sight, one might suggest that there is nothing wrong with this, and surveillance software is a legitimate exportable good. Surely, in an age where criminals and armed subversive groups have begun to increasingly use the Internet both to organize themselves and to recruit new members, governments should occasionally be able to invade an individual’s digital privacy in order to safeguard their own security. It is the same argument that calls for governments to be able to invade an individual’s physical privacy, and the same ethical and legal justification that applies to companies providing the police and fire department with crowbars to occasionally prop open the doors in a drug bust should also apply to companies providing spyware for government security services.

However, upon closer inspection, this analogy fails spectacularly. First of all, for a programme for the invasion of privacy for the sake of security to be a defensive tool, it needs to come with vigorous legal safeguards and due process, most of which are not present or blatantly ignored in many of the countries concerned here. Without legal safeguards, programmes like FinFisher become an offensive weapon, used by the state to harass and harm its citizens through surveillance without due cause and politically motivated legal procedures. Activists such as the Egyptian blogger Maikel Nabil who was sentenced to three years in prison for posting “The army and the people were never one hand” on Facebook, can testify to this.

And secondly, as the leaked call for tenders makes obvious, this software is not only employed as a tool to safeguard national security, but also to enforce an alleged “moral” code. And this code is not a straightforward interpretation of universally held values: it criminalizes sarcasm, pornography and religious scepticism. In 2012, another Egyptian blogger, Alber Saber, was arrested and sentenced to three years in prison for “defaming Islam and Christianity” and “spreading atheism” because he had allegedly shared the film “The Innocence of Muslims” on YouTube.

Digital weaponry

There is a more fitting physical analogy to cyber surveillance software: guns. A large set of national and international trade restrictions has been created to limit the sale of arms to repressive regimes, precisely because guns can be used not just as a defensive tool to ensure national security, but as an offensive tool to harass and harm citizens, and to enforce a moral code that might not be congruent with the Universal Declaration of Human Rights. If the same dangers apply to cyber surveillance programmes, then so should the same trade restrictions. There is no reason why a regime that cannot be trusted with arms should be trusted with tools that allow it to spy on its citizens.

There has been increasing public attention and activism on this point, and some governments have taken cautious first steps in this direction, including the United Kingdom, which in 2012 limited the export of Gamma Group’s FinFisher. However, wider international agreements on this point should follow, subjecting the export of cyber surveillance technology to the same export restrictions that apply to tanks and rifles. While this would surely hurt an industry estimated to be worth five billion dollars a year, this needs to be held against real suffering of the populations of repressive regimes around the world due to the unlawful and immoral use of surveillance technology. Ideally, a closer look at the use of these programmes could also lead to some new conclusions about the export of military hardware around the world, as the use of these technologies could be treated as a litmus-test for their trustworthiness when it comes to fighter jets.

To be sure, authoritarian regimes around the world will always find ways to gain access to surveillance technology. But if, one day, export restrictions prohibited the most advanced and sophisticated suppliers of cyber surveillance software from answering a call for tenders such as the one issued by the Egyptian government in 2014, that would surely be a great step in the right direction.