'The Smartphones are Listening': Regulating Exports and Abuses of Cybertools

A poster calling for the destruction of CCTV cameras is posted on a column at the Al-Aqsa Mosque compound in Jerusalem in front of the Dome of the Rock, April 8, 2016 via AFP/Getty Images from Ahmad Gharabli A poster calling for the destruction of CCTV cameras is posted on a column at the Al-Aqsa Mosque compound in Jerusalem in front of the Dome of the Rock, April 8, 2016 via AFP/Getty Images from Ahmad Gharabli

"The Smartphones are Listening": Regulating Exports and Abuses of Cybertools

By : Jadaliyya Reports

[Reflecting on events from the first half of 2021, IFEX’s Middle East and North Africa Editor Naseem Tarawnah explains how increasingly sophisticated digital surveillance tools are being sold to and deployed by authoritarian states in the region to target human rights defenders, and how civil society is defending the right to privacy and digital free expression.]

Preamble: The Context 


Security agencies throughout the region have a long and notorious legacy of tracking their citizens and their free expression. However, the proliferation of the use of social media and technology spurred by the Arab uprisings of 2011, as well as growing awareness amongst activists of the use of encryption and circumvention tools to bypass state surveillance, saw authoritarian governments investing heavily in the import of foreign technologies and expertise in recent years – a concerted effort to enhance their surveillance capabilities. In an era where smartphones have helped bring most of the region’s population online, the devices in our pockets have also exposed critics of the region’s repressive authorities to a wide range of growing digital threats.

In this context, a thriving global surveillance technology industry has provided a growing marketplace for buyers from the region, often marketing their products under the guise of enabling governments to better counter terrorism threats. Dozens of companies, including Israeli’s NSO Group and Cellebrite, Germany’s Finfisher, and Italy’s Hacking Team, have sold digital espionage tools to the region’s worst violators of privacy and free expression, amidst an intensifying crackdown on criticism post-uprisings. 

For instance, in the five years following the 2011 protests, UK arms company BAE Systems sold its Evident surveillance technology to Saudi Arabia, the UAE, Qatar, Oman, Morocco, and Algeria, empowering these states with a tool that collected and analysed millions of people’s emails and messages.

Justice and accountability have been slow to arrive. Only recently have executives from two French tech firms faced charges of “complicity in acts of torture” for selling internet surveillance tools to Libya and Egypt that were used to track down opposition figures who were later detained and tortured, according to the International Federation for Human Rights (FIDH).

Part of the problem is that these sales take place with little transparency or human rights considerations from the onset, and are only revealed as a result of investigative journalism and vigorous research by organizations like The Citizen Lab that document their nefarious uses by authoritarian states. While this has naturally restricted access to the most current information on the digital arsenals of the region’s authoritarian states, what has become self-evident is that, in the meantime, the tools being sold continue to evolve.

“It used to be that ‘the walls have ears’, but now it’s ‘smartphones have ears,'” Saudi women’s rights activist Manal al-Sharif told the BBC in 2017. Today, the shadowy digital surveillance landscape has produced tools that demonstrate a growing sophistication in their ability to monitor, record, and essentially convert devices into incriminating weapons against their targets. 

Part I: Targets and perpetrators 


The region’s burgeoning surveillance states have had a profound, negative impact on free expression and access to information. Activists and journalists face increased risks to their jobs, reputations, sources, and contacts, including family members. Their ability to report and relay on-the-ground information that both those living in the region and international organizations rely on has been massively hindered, restricting access to real-time information. Netizens are also likely to engage in more self-censorship when seeing how others have been targeted for their digital content and communications. 

Data harvested from monitored devices have also been used to target activists, journalists, and human rights defenders through online doxxing and smear campaigns that have been particularly harmful to vulnerable groups in the region, including women and the LGBTQI+ community. Al Jazeera journalist Ghada Oueiss’s phone was hacked, resulting in her private photos and videos being posted online, and continuous gendered attacks from Saudi online trolls. 

In the decade since the uprisings, authorities have also increasingly wielded digital surveillance tools to support human rights violations and flawed legal persecutions, targeting their populations in the most vicious of ways. In Bahrain, detained activists during the 2011 protests were shown transcripts of their private messages and asked to explain them, while being tortured. In Morocco, journalists Omar Radi and Maati Monjib, were identified as spyware targets by Amnesty International, and have faced jail sentences based on trumped-up charges. 

In the region, the UAE and Saudi Arabia have stood out as the leaders in deploying these technologies to silence their populations. Activists like Bahraini human rights defender Maryam Al-Khawaja have also pointed to normalization deals between Gulf states and Israel as likely to worsen the situation for Gulf activists, arguing that the “exchange of spyware and surveillance technology is going to happen in an even more smooth transaction.”

UAE: An oasis for cyber-mercenaries 


In a short period of time, the UAE has built a staggering homegrown surveillance infrastructure. A 2019 Reuters investigation revealed how American former National Security Agency operatives helped the UAE launch hacking operations dubbed Project Raven in 2014. The operations used various cybertools to monitor the UAE’s opponents, including Karma, a sophisticated spyware that between 2016 and 2017 hacked iPhones of hundreds of users. Targets included the Emir of Qatar, a senior Turkish official, Yemeni human rights activist and Nobel Peace laureate, Tawakkol Karman, and Nadia Mansoor, wife of imprisoned UAE human rights activist Ahmed Mansoor. 

Project Raven’s cyber espionage operations were taken over by the UAE’s domestic  cybersecurity firm, DarkMatter Group, which the Electronic Frontier Foundation called a “cyber-mercenary firm” that has spearheaded nefarious hacking efforts throughout the world, supported by its global recruitment of hackers. According to security experts, the group is likely behind ToTok, the short-lived Emirati messaging app that The New York Times revealed to be a spyware tool used to track conversations, movements, sounds and images on its users’ devices. 

Prominent Emirati human rights defender Ahmed Mansoor, who is currently serving a 10-year prison sentence for his online expression, was extensively targeted by spyware. His case exemplifies the extent to which Emirati authorities have deployed a panoply of cybertools from across the world. According to Citizen Lab research, Mansoor was targeted with FinFisher’s FinSpy spyware in 2011, Hacking Team’s Remote Control System in 2012, as well as NSO Group’s Pegasus spyware in 2016

Saudi Arabia: Perilous surveillance 


In similar fashion, Saudi Arabia’s digital surveillance infrastructure has witnessed massive investment over the past decade, with a battery of cybertools imported and foreign cyber experts employed to build one of the region’s most threatening surveillance states. 

Spearheaded by Mohammad Bin Salman (MBS) adviser Saud al-Qahtani, the Royal Court’s counterterrorism center in Riyadh has allegedly been responsible for some of the most notorious cyber espionage operations. Over the past decade, the Kingdom’s cyber arsenal has reportedly been bolstered by tools from Italian hacking company, Hacking Team, Israel’s NSO Group, and the UAE’s DarkMatter.

In a June 2014 report, Citizen Lab researchers identified malicious surveillance software by Hacking Team that targeted citizens in Qatif protesting government policies and state repression. The spyware came in the form of an altered version of the local news app, Qatif Today, which granted access to emails, text messages, files from applications like Facebook, Viber, Skype, or WhatsApp, as well as contacts and the call history of the phones it was installed on.

In 2018, Citizen Lab documented the surveillance of prominent Saudi political activist and Canadian resident Omar Abdulaziz, whose phone was hacked with NSO’s Pegasus spyware. As an associate of Saudi journalist Jamal Khashoggi, Abdulaziz’s phone contained private Whatsapp exchanges between the two regime critics, including their plans to launch a social media activism network, and has pointed to this information as playing a pivotal role in the Khashoggi’s brutal assassination at the Saudi Consolute in Istanbul months after the hack

Dozens of journalists at Al-Jazeera, as well as a journalist at the London-based AlAraby TV, were targeted by a cyberespionage operation linked to Saudi Arabia and the UAE. Malware infected the phones of 36 journalists and media workers at Qatar’s Al Jazeera network in 2020, which Citizen Lab called “the largest concentration of phone hacks targeting a single organization”.

How to catch a Pegasus


Digital security experts and civil society organizations have repeatedly sounded the alarm over NSO Group’s military-grade spyware, Pegasus, and its sophisticated zero-click attack that gives authorities control over infected devices without a user’s interaction. While the company has remained steadfast in its denials, recent investigations led by the Paris-based journalism non-profit Forbidden Stories and a consortium of 17 news organizations have managed to reveal the full breadth and global reach of these attacks.

Dubbed “Project Pegasus”, the group conducted a forensic investigation of over 50,000 individuals whose phone numbers were targeted by the notorious spyware at the hands of government clients, including regional perpetrators like Morocco, Saudi Arabia, the UAE, and Bahrain.

From the region, targets on the list ranged from Jamal Kashoggi’s family, and his fiance Hatice Cengiz, to journalist Roula Khalaf, who became the first female editor of the Financial Times last year. Wadah Khanfar, the former director-general of Al Jazeera also appeared on the list, as did Moroccan journalists Omar Radi, Hicham Mansouri, and Taoufik Bouachrine. In perhaps an ironic demonstration of an out-of-control surveillance state, the investigations revealed King Mohammed VI may have also been targeted by the spyware by his own security apparatus.

In the wake of the reports, Amazon announced it was shutting down its Web Services infrastructure and accounts linked to NSO Group, while the Israeli government declared it would establish a task force to examine whether the country’s policy that has allowed for the unchecked export and deployment of these cyberweapons in the first place, was in need of reform.

The investigation has undoubtedly helped lift the fog on the digital surveillance battlefield, elevating its relevance as a global national security issue, and given fuel to civil society’s efforts to stem the rising tide of these cyber weapons in the region.

Part II: Beyond the panopticon 


Civil society is fighting back. 

As crackdowns across the MENA region continue unabated, governments in Western democracies should take action against companies that aid such repression. Rights groups have repeatedly called on the EU, US and Canadian governments to impose controls on the exports of spy-tech companies and prevent these actors from exporting technologies that facilitate censorship, blocking, and spying by repressive governments in the region. 

In the EU, recently adopted new regulation measures on dual-use surveillance technology exports from European companies were welcomed by rights groups, who however also expressed their disappointment that the legislative text did not include clearer and stronger conditions on EU member states and exporting companies to implement the new rules, and disciplinary actions for members in breach of the law. 

Meanwhile, UN experts and rights groups have called for a moratorium on the purchase, sale, and transfer of surveillance tools to authoritarian states, underscoring the need for establishing a regulatory framework to provide the necessary oversight. 

In the battle for greater regulation, demands for transparency and mechanisms for accountability have been critical. In the US, the Reuters investigation into Project Raven led to new legislation requiring the State Department to disclose how it controls the sale of cyber tools and actions taken against American companies that violated its policies.

In 2018, Omar Abdulaziz filed a lawsuit against Israel’s NSO Group for infecting his phone, arguing the hacking “contributed in a significant manner to the decision to murder Mr. Khashoggi.” The company also faces a lawsuit from UK-based Saudi dissident and vocal critic Ghanem Almasarir, as well as a legal battle launched by Facebook in a US court and backed by other tech giants. Meanwhile, in Israel, lawyer Eitay Mack has led legal petitions to hold Israel’s NSO Group and Cellebrite tech firms accountable for the exports of their cyberespionage tools. 

In December 2020, hacked journalist Ghada Oueiss also filed a lawsuit in a court in Florida accusing Saudi Crown Prince Mohammed bin Salman, Abu Dhabi Crown Prince Mohammed bin Zayed, DarkMatter, NSO, and several American social media account holders, of being responsible for her hack-and-leak. 

This growing list of legal actions launched in courts outside the region are vital if we are to expose the inner-workings of these operations and bring transparency to a clandestine process – one where it has been difficult to track the tools being sold, and the perpetrators using them to violate human rights.

On this front, collective action from civil society is critical. Digital rights groups are increasingly leading efforts to hold surveillance companies accountable for their spy tool exports. Civil society organizations challenged Cellebrite’s bid to go public on the Nasdaq stock exchange, underscoring how the sale of the company’s products to repressive regimes like Saudi Arabia has enabled “detentions, prosecutions, and harassment of journalists, civil rights activists, dissidents, and minorities around the world.”

Google’s plans to establish its regional cloud services in Saudi Arabia has also been met with collective pushback. Rights groups pointed to the country’s track record of repression, cyber espionage, and “use of cyber surveillance software to spy on dissidents” as reasons enough to scrap the project. 

Digital rights group Social Media Exchange (SMEX) says that the lack of a strong data protection framework in Saudi Arabia has also facilitated threats to users’ digital privacy. Throughout the wider region, the need to strengthen insufficient data protection and privacy laws is becoming vital to efforts to curb digital surveillance, and according to SMEX research, increasingly relevant in the context of governments deploying a myriad of COVID-19 tracing apps during the pandemic.

Several human rights and digital rights organizations from the region have also come together to form the MENA Coalition to Combat Digital Surveillance. The groups have called for an end to the sales of digital surveillance tools to repressive governments in the region, and aim to fight for a safe and open internet that protects “human rights defenders, journalists, and internet users from governments’ prying eyes.”

As digital surveillance technologies continue to rapidly evolve in their capacity, and their sellers and buyers continue operating with little accountability, we are likely to see growing calls within the international community to regulate exports of these tools, a growing awareness amongst users in the region on methods to protect themselves, as well as demands for stronger data protection and privacy rights. 

But efforts to curb this dangerous trend will depend largely on empowering the capacity of digital rights organizations and independent researchers from within the region to conduct timely and unrestricted technical research. Their work does not only help shed light on a surveillance marketplace lacking in transparency, it also supports advocacy efforts to bring about substantive policy changes and better legal protections on both the regional and international front. 

[This article was originally published on IFEX.org. It is also available in Arabic, French, and Spanish.]

  • ALSO BY THIS AUTHOR

    • Connections Episode 106: Famine in the Gaza Strip with Sam Rose (27 July)

      Connections Episode 106: Famine in the Gaza Strip with Sam Rose (27 July)

      Join us on Sunday, 27 July for a conversation with Sam Rose of UNRWA about the humanitarian catastrophe in the Gaza Strip. This episode of Connections will examine the causes and consequences of rapidly accelerating famine in Gaza, and the campaign against those seeking to prevent it.

    • Long Form Podcast Episode 10: Liberation Medicine during Genocide with Ghassan Abu-Sittah

      Long Form Podcast Episode 10: Liberation Medicine during Genocide with Ghassan Abu-Sittah

      Dr. Abu-Sittah discusses his medical missions in depth and provides incisive analysis about the structural violence inflicted on Gaza. He highlights how maiming has been a feature of colonial violence evidenced today in the systematic amputation of Palestinian children. Abu-Sittah also draws on the clinical and intellectual work of Frantz Fanon to describe the need to shift away from humanitarian to liberation medicine in order to properly prevail over colonialism in Palestine and beyond.

    • In Defense of Academic Freedom: The Frontlines of Educator Resistance (14 July)

      In Defense of Academic Freedom: The Frontlines of Educator Resistance (14 July)

      Join academics, activists, and educators to discuss how we organize workers across positions in higher education and K-12 in advance of the school year to push back against the repression at our institutions. We will discuss a variety of tactics, including leveraging internal processes with the support of unions, legal avenues, public pressure campaigns, and boycotts.

Past is Present: Settler Colonialism Matters!

On 5-6 March 2011, the Palestine Society at the School of Oriental and African Studies (SOAS) in London will hold its seventh annual conference, "Past is Present: Settler Colonialism in Palestine." This year`s conference aims to understand Zionism as a settler colonial project which has, for more than a century, subjected Palestine and Palestinians to a structural and violent form of destruction, dispossession, land appropriation and erasure in the pursuit of a new Jewish Israeli society. By organizing this conference, we hope to reclaim and revive the settler colonial paradigm and to outline its potential to inform and guide political strategy and mobilization.

The Israeli-Palestinian conflict is often described as unique and exceptional with little resemblance to other historical or ongoing colonial conflicts. Yet, for Zionism, like other settler colonial projects such as the British colonization of Ireland or European settlement of North America, South Africa or Australia, the imperative is to control the land and its resources -- and to displace the original inhabitants. Indeed, as conference keynote speaker Patrick Wolfe, one of the foremost scholars on settler colonialism and professor at La Trobe University in Victoria, Australia, argues, "the logic of this project, a sustained institutional tendency to eliminate the Indigenous population, informs a range of historical practices that might otherwise appear distinct--invasion is a structure not an event."[i]

Therefore, the classification of the Zionist movement as a settler colonial project, and the Israeli state as its manifestation, is not merely intended as a statement on the historical origins of Israel, nor as a rhetorical or polemical device. Rather, the aim is to highlight Zionism`s structural continuities and the ideology which informs Israeli policies and practices in Palestine and toward Palestinians everywhere. Thus, the Nakba -- whether viewed as a spontaneous, violent episode in war, or the implementation of a preconceived master plan -- should be understood as both the precondition for the creation of Israel and the logical outcome of Zionist settlement in Palestine.

Moreover, it is this same logic that sustains the continuation of the Nakba today. As remarked by Benny Morris, “had he [David Ben Gurion] carried out full expulsion--rather than partial--he would have stabilised the State of Israel for generations.”[ii] Yet, plagued by an “instability”--defined by the very existence of the Palestinian nation--Israel continues its daily state practices in its quest to fulfill Zionism’s logic to maximize the amount of land under its control with the minimum number of Palestinians on it. These practices take a painful array of manifestations: aerial and maritime bombardment, massacre and invasion, house demolitions, land theft, identity card confiscation, racist laws and loyalty tests, the wall, the siege on Gaza, cultural appropriation, and the dependence on willing (or unwilling) native collaboration and security arrangements, all with the continued support and backing of imperial power. 

Despite these enduring practices however, the settler colonial paradigm has largely fallen into disuse. As a paradigm, it once served as a primary ideological and political framework for all Palestinian political factions and trends, and informed the intellectual work of committed academics and revolutionary scholars, both Palestinians and Jews.

The conference thus asks where and why the settler colonial paradigm was lost, both in scholarship on Palestine and in politics; how do current analyses and theoretical trends that have arisen in its place address present and historical realities? While acknowledging the creativity of these new interpretations, we must nonetheless ask: when exactly did Palestinian natives find themselves in a "post-colonial" condition? When did the ongoing struggle over land become a "post-conflict" situation? When did Israel become a "post-Zionist" society? And when did the fortification of Palestinian ghettos and reservations become "state-building"?

In outlining settler colonialism as a central paradigm from which to understand Palestine, this conference re-invigorates it as a tool by which to analyze the present situation. In doing so, it contests solutions which accommodate Zionism, and more significantly, builds settler colonialism as a political analysis that can embolden and inform a strategy of active, mutual, and principled Palestinian alignment with the Arab struggle for self-determination, and indigenous struggles in the US, Latin America, Oceania, and elsewhere.

Such an alignment would expand the tools available to Palestinians and their solidarity movement, and reconnect the struggle to its own history of anti-colonial internationalism. At its core, this internationalism asserts that the Palestinian struggle against Zionist settler colonialism can only be won when it is embedded within, and empowered by, the broader Arab movement for emancipation and the indigenous, anti-racist and anti-colonial movement--from Arizona to Auckland.

SOAS Palestine Society invites everyone to join us at what promises to be a significant intervention in Palestine activism and scholarship.

For over 30 years, SOAS Palestine Society has heightened awareness and understanding of the Palestinian people, their rights, culture, and struggle for self-determination, amongst students, faculty, staff, and the broader public. SOAS Palestine society aims to continuously push the frontiers of discourse in an effort to make provocative arguments and to stimulate debate and organizing for justice in Palestine through relevant conferences, and events ranging from the intellectual and political impact of Edward Said`s life and work (2004), international law and the Palestine question (2005), the economy of Palestine and its occupation (2006), the one state (2007), 60 Years of Nakba, 60 Years of Resistance (2009), and most recently, the Left in Palestine (2010).

For more information on the SOAS Palestine Society 7th annual conference, Past is Present: Settler Colonialism in Palestine: www.soaspalsoc.org

SOAS Palestine Society Organizing Collective is a group of committed students that has undertaken to organize annual academic conferences on Palestine since 2003.

 


[i] Patrick Wolfe, Settler Colonialism and the Transformation of Anthropology: The Politics and Poetics of an Ethnographic Event, Cassell, London, p. 163

[ii] Interview with Benny Morris, Survival of the Fittest, Haaretz, 9. January 2004, http://cosmos.ucc.ie/cs1064/jabowen/IPSC/php/art.php?aid=5412