European companies are selling surveillance gear to the Egyptian government, known for its human rights abuses, Privacy International claimed in a report released on Wednesday.
The investigation alleged that Nokia Siemens Networks and Hacking Team had enabled the surveillance of Egyptian dissidents, prompting both calls for greater regulation of surveillance systems, and denials of any wrongdoing from the companies in question.
The Egyptian police are known for their repressive and brutal tactics, which appear to have grown worse under the current president, Abdel Fattah el-Sisi, who came to power in a military coup in 2013. The killing of more than a thousand protesters—the “Rab’a massacre“—drew international condemnation. Human Rights Watch called it a “crime against humanity.” The government has banned peaceful demonstrations and put journalists on trial for “conspiring to spread false news.”
Marietje Schaake, the member of European Parliament who has been leading the campaign to bring in export controls on spying software, was outraged by the findings of the Privacy International report: “This case makes clear that we cannot wait any longer to include human rights criteria in the update of the EU’s export control regime. The EU loses impact and credibility when human rights of journalists, activists and others all over the world risk being tracked by secret security services that are using technologies that were made in Europe.”
But Hacking Team denied any wrongdoing. “There is no evidence from PI or anywhere else that Egypt in any way used Hacking Team software illegally or to suppress human rights,” Hacking Team’s Eric Rabe told Ars in an e-mail statement. “All sales of HT software are submitted to the Italian Economics Ministry for approval before becoming final.”
Nokia said it also “strongly condemns” the allegations. “Nokia actively takes steps to ensure that the technology we provide legally and in good faith will be used properly and lawfully,” the company said.
But are those steps enough?
A ravenous appetite for surveillance kit
PI’s investigation discovered an ultra-secret branch of the Egyptian security apparatus called the “Technical Research Department.” The TRD’s hunger for surveillance technology landed them on Privacy International’s radar. One industry source told PI in the report: “if you start a business selling the sort of technologies [the TRD] are interested in, you don’t need to approach them. They will investigate you and eventually approach you.”
Documents revealed by Privacy International show the TRD has allegedly acquired wide-ranging surveillance capabilities, including the purchase of sophisticated monitoring equipment from Nokia Siemens Network (NSN), a joint venture between Siemens AG and Nokia. The equipment apparently included an interception management system, and a monitoring system for fixed and mobile networks, which gave the Egyptian government mass surveillance capabilities.
It’s claimed that NSN also sold TRD an X.25 network—a Compuserve-era technology that supports dial-up Internet access. Such a network comes in handy if the country-wide Internet gets shut down, as in fact happened in Egypt during the 2011 revolution.
“The Nokia Siemens network is extremely important,” Eva Blum-Dumontet of Privacy International told Ars. “These are very serious not innocuous technologies. We don’t have the exact dates but it would have been sold during or before 2011.”
“Which means that during the Arab Spring they would have had these technologies,” she added.
Nor does the TRD limit itself to mass surveillance. Leaked Hacking Team e-mails confirmed the TRD’s existence—and willingness to spend money to acquire targeted surveillance capabilities. In one e-mail, a Hacking Team employee wrote:
Below is a short report on the activities that me and [another Hacking Team employee] did on June the 18th and 19th in Cairo. The purpose of our visit was to meet the Technical Research Department (TRD) of the intelligence for a POC, but we ended up meeting also 2 other agencies. We met them for a day and a half… They all were very happy and decided to purchase RCS (we are talking about more than 1M Euro).
The TRD also uses FinFisher, a German-made suite of intrusion malware similar to Hacking Team’s product, according to a 2015 report by Citizen Lab.
Both Nokia and Hacking Team insist that the sale of these technologies was legal, and that there are legitimate reasons for law enforcement to possess these capabilities.
But in Egypt, who controls this surveillance apparatus, and how is it actually being used?
The super-secret TRD
The TRD appears to be a clandestine branch of the General Intelligence Service (GIS), according to numerous sources PI cited in their report. But unlike the GIS, whose existence is well known to the public, the TRD has remained a shadowy organisation until now. According to an intelligence source, who PI declined to name for fear of their safety, “This may be due to its obscure mission, which seems to be to serve as the president’s personal intelligence agency… [The TRD’s] purpose is reported to be in part to spy on other government officials and potential opponents.”
The sale of NSN monitoring centres to Bahrain—the same technology TRD possesses—resulted in opponents being arrested and tortured, while, PI wrote, “being read transcripts of their text messages and phone conversations.”
In Iran, the same mass surveillance technology was used in 2009 to crack down on activists.
More than 41,000 Egyptians were detained, charged or sentenced between July 2013 and May 2014, and “torture and ill-treatment… are routine,” according to Human Rights Watch.
Nor do there seem to be any legal restrictions in Egypt to restrain or check the use of this surveillance technology. In Egypt, article 64 of the 2003 Telecommunication Regulation Law states that:
With due consideration to inviolability of citizens private life as protected by law, each Operator and Provider shall, at his own expense, provide within the telecommunication networks licensed to him all technical potentials including equipment, systems, software and communication which enable the Armed Forces, and National Security Entities to exercise their powers within the law.
The law, PI noted, does not define which “National Security Entities” may conduct such interceptions, leading PI to conclude that TRD’s activities are probably legal.
Legal or not, the question remains: Should European companies be selling surveillance equipment to the secret police in Egypt, a country with a proven track record of murdering protesters, spying on journalists, and conducting show trials?
“We think that safeguards to make companies selling surveillance equipment accountable are crucial,” Edin Omanovic of PI told Ars. But, he added, making reference to the current debate over the Wassenaar Arrangement, “regulating security research and development of exploits would be counterproductive.”
Such surveillance technology, used in secret, gives a government extraordinary power to crack down on political enemies. Enabling this kind of crackdown violates every principle of human rights European countries claim to hold dear. The current proposed Wassenaar implementation,many critics have argued, is not the right solution to end the proliferation of these kinds of surveillance technologies. Let us hope that European governments take a good long look in the mirror, and come up with a better solution.
SOURCE: J.M. Porup | Ars Technica