CAIRO — It’s been four years since a popular uprising known as the Arab Spring forced Egyptian President Hosni Mubarak to resign, and yet leading information activists say that government surveillance is getting worse, not better.
The establishment of the High Council for Cyber Security by decree of the Prime Minister on Dec. 15 cemented control of already tightly constrained Internet activity in Egypt, according to Ramy Raoof, one of the founders of Motoon, a new organization that provides information security consulting to non-governmental organizations. “The whole idea of [the Cyber Security Council] is to make repression clearer and organized for the state,” he says.
The High Council for Cyber Security is headed by the minister of Communications and Information Technology, and brings together top officials from across the Egyptian government, including the Ministries of Interior and Defense. Its sweeping mandate is “to fight threats in cyberspace.”
In the past, divisions between competing state bodies, whether ministries or institutions like the military, impeded cooperation in spying on and cracking down on civilian opponents. “Within the security agencies, they don’t share much information,” Raoof says. “They might share what they know, but not how they know it.”
The announcement of the formation of the High Council for Cyber Security is part of a broader government shift toward greater surveillance on opposition figures and activists, according to Raoof.
“The Ministry of Interior has changed the way it talks about surveillance, from denials to, ‘Yes, we are spying, but only on the bad guys,’” Raoof says, speaking from Motoon’s office, which is modeled on the tech spaces of Silicon Valley, replete with beanbag chairs, Tetris graphics on the walls and a kitchen stocked with coffee and cookies.
The Ministry of Interior and other government officials have lately been saying, “We are trying to keep up with other democracies around the world, to move our country forward in a direction like the U.S.,” Raoof says. “So they give examples of the U.K. and U.S. as the model of governance that needs to be followed. And that model involves only surveillance.”
Egypt has a long history of communications surveillance. In the early 2000s, the Egyptian government began to pressure mobile companies to give up subscriber information. Tapping calls and text messages was then the Mubarak regime’s primary means of monitoring mass communications.
When it became clear that this was the best way to obtain operating permits and expand business, “mobile companies started to offer up information and strategies [to the government] for tracking users,” Raoof says.
In 2008, the state’s technological capacities for Internet surveillance leapt forward when it established an emergency task force to monitor and intercept online communications in response to a wave of protests in the industrial city of Mahalla. Research by University of Toronto’s Citizen Lab suggests the Egyptian government may have turned to Western companies for high-tech digital surveillance software. Security researchers found evidence that a Blue Coat device was used on a public network in Egypt in 2013. The company’s system can be used to censor online content.
In September 2014, Buzzfeed reported that a sister-company to Blue Coat, called Systems Engineering of Egypt, won a contract with the Egyptian government to sell its software and train the government in its use. SEE, Blue Coat and the Egyptian government each later denied the story’s accuracy.
Other Internet monitoring softwares, like FinSpy from the Germany-based FinFisher, and Remote Control System from the Italy-based company Hacking Team, have also been traced to Egypt. In 2011 activists uncovered a 2010 offer to sell FinSpy software to the Egyptian government for $287,000, and a researcher later uncovered evidence that the technology was indeed targeting Egyptians. Last year Citizen Lab identified Hacking Team’s RCS software, which is typically only sold to governments, functioning out of the country.
In March 2011, protestors broke into the Egyptian State Security building and discovered documents that attested to extensive state surveillance activities — those revelations kicked off a series of high-profile information scandals. Yet rather than rolling back surveillance, the military-controlled government has used counterterrorism to justify expanding surveillance, according to Raoof and other activists. A rise in bomb attacks in Egypt, and the leak of a government tender requesting more advanced surveillance software, pushed the government to justify its activities, while also offering the excuse of national security.
The Egyptian government is far from alone in its domestic Internet surveillance activities, notes Runa Sandvik, an independent security researcher based in Washington, D.C. “As a security researcher in 2011 with the TOR project [developing software for anonymous internet browsing], I discovered that top information technology people from governments in the Middle East were meeting yearly to discuss website block lists, how to block TOR and other activities,” she says.
The biggest leaks have come from anonymous government figures attempting to compromise the presidency, yet the Ministry of Interior has focused on identifying and arresting groups of people critical of the regime, often based on little more than comments on Facebook, according to Amr Gharbeia, an information privacy advocate, who points to the recent condemnation of a prominent opposition blogger and activist to five years in prison by Egyptian courts.
In February, the pro-Muslim Brotherhood TV channel Mekameleen, based in Turkey, aired audio of what appeared to be Egyptian President Abdel Fatah El Sisi and senior government officials speaking contemptuously about wealthy Gulf funders, despite having received billions of dollars in cash and petroleum from Gulf states. It’s widely suspected that the leak, called Egypt’s “Watergate,” came from government sources.
Despite leaks like those, the authorities have focused mainly on prosecuting those critical of the regime, says Gharbeia. “Police sources have been boasting of arresting people in the hundreds, even children, sweeping up groups of people associated with a particular IP address,” he says.
Calls and emails to the Ministry of Interior for comment were not returned.
Photo of protestors breaking into the Egyptian State Security building on March 5, 2011 in Cairo (Ahmed Ali/AP)
[Ed. note: The Intercept has made several corrections and clarifications to this piece. The best translation for the council’s title is High Council for Cyber Security, rather than Cyber Crime. The decree announcing its formation was issued Dec. 15, not 14. Motoon consults for civil society groups but not private companies. Atef Holmi was replaced as Minister of Communications on March 5. We’ve refined the section discussing Blue Coat, FinSpy and Hacking Team to more accurately reflect what security researchers, journalists and activists have confirmed about the companies’ relationships to the Egyptian government. Finally, Amr Gharbeia does not work for the Arab Digital Expression Foundation. We regret the errors.]