Egypt’s Repressive Government Could Soon Have Easy Access to Uber’s Data for the Country

Cairo is Uber’s ideal market: With its vast expanse of congested highways, few public transportation options, and highly subsidized fuel, Cairenes — who number nearly 20 million — spend a lot of time in cars. Uber launched in Egypt in late 2014, and in just about two years, had clocked over 4 million riders and over 150,000 drivers. But operating in Egypt means playing by the rules of an increasingly repressive government, and now, under a new law being fast-tracked through Egypt’s parliament, Egyptian authorities will soon have access to the data that Uber collects on those millions of people using its app.

The law came after a lawsuit was brought by Cairo’s taxi drivers against Uber and Careem, Uber’s Emirati competitor, on the grounds that the private vehicles using the service were illegally operating as taxis. The taxi drivers won, and a court ordered the companies to suspend their operations. Though the companies have continued to operate as they appeal the decision, the case put serious pressure on Egypt’s parliament to pass legislation to regulate passenger transportation and allow Uber and Careem to operate legally in the country.

While the new law appears to be an acceptable compromise between Uber and the country’s embittered taxi drivers, it may have severe consequences for the privacy and safety of citizens in a country notorious for government surveillance and repression. Article 9 of the legislation requires all databases and private information collected by Uber or other ride-hailing companies be made available to unspecified authorities; Article 10 requires that same information to be stored on local Egyptian servers.

The new law may have severe consequences for the privacy and safety of citizens in a country notorious for government surveillance and repression.

According to Uber’s privacy policy, the information it collects includes name, email, phone number, address, payment or banking information, government identification numbers, birth date, photo, location information, some device information, and, if permission is allowed for access, calendar and address book entries — more than enough data to closely monitor citizens’ behavior and movements.

In a statement, an Uber spokesperson said, “We have not provided any government with real time access to rider’s data.” The spokesperson added that the company believes “that regulation must not require data submission that could allow for a rider’s or driver’s privacy to be compromised,” and noted that it was working with the Egyptian government on “world class” regulations for the implementation of the law.

Ahmed Mahmoud, 53, an Uber driver in Egypt, waits for customers on Feb. 23, 2016, in Cairo.

As written, the law leaves plenty of room for concern. All security agencies in Egypt, from local police to the national army, have their own intelligence branch with a mandate for domestic surveillance, and the bill would facilitate access to passenger data for all of them. It comes at a time when Egypt’s surveillance of its citizens has reached unprecedented levels, justified in the government’s eyes by ongoing terror threats. Egypt faces a full-blown insurgency on its border with Gaza, regular militant activity in its hinterlands to the east, and sporadic but devastating Islamic State attacks on Christians and other civilians over the past year.

The bill invokes “national security” to justify the requirement to store data locally. But Ramy Raoof, senior research technologist at the Egyptian Initiative for Personal Rights, said that access to the data is more about the government’s ability to “see and control.”

In fact, the law bypasses legal mechanisms — including an existing treaty between Egypt and the United States — that already allow access to cross-border data relevant to ongoing investigations. “And that’s a big problem,” said Katitza Rodriguez, international rights director for the Electronic Frontier Foundation. While the treaty may require a lengthy process for requesting such information, it ensures adherence to international law and human rights standards for due process. “In theory, the government should only access this data when there is a particular suspicion that a crime has been or will be committed, and the request has to be particular to the individual and necessary for the investigation.”

There is ample precedent for Egypt’s intelligence apparatus using whatever information it can get in pursuit of its own citizenry for an array of nonviolent activity. In 2015, Egyptian police used the dating application Grindr to lure men to hotel rooms, where they were arrested, submitted to anal examinations, and sentenced to lengthy prison terms based on assumptions regarding their sexual orientation. Posts on Facebook have led to dozens of arrests over the past four years, including of people who advocated for public demonstrations, and one young man who posted cartoons of the president with Mickey Mouse ears (which earned him three years in military prison, with no chance for appeal).

The Egyptian government has also intensified its efforts to access a broader range of data since mid-2016. As the independent news outlet Mada Masr reported, government efforts to intercept secure communications and access mass data began in earnest in August of that year. The new law on ride-hailing apps wouldn’t necessarily give the government access to data that they could not already obtain by other means. Raoof noted that for any person using a local SIM card, “without any sophistication and complex tech, [the authorities] can literally see where you are, how are you moving,” and other details of communication and financial transactions.

But legalizing easy access to the quantity and quality of information stored on Uber’s servers is exceptional. And even before the court’s decision in favor of the taxi drivers, it was clear the Egyptian government wanted Uber’s data. The New York Times reported last year that Egyptian government ministers had requested access to “Heaven,” Uber’s software that provides a live view of users’ data and activity (previously known as “God View”) in late 2016, but that Uber ultimately declined to comply. The new law could effectively force them to do so, and may set a troubling new precedent.

Rodriguez cautioned, “Today it’s Uber; tomorrow it’s Google, Facebook, any app that is popular in Egypt. This will also hamper innovation.”

Election campaign banners erected by supporters of Egyptian President Abdel Fattah al-Sisi are seen in Matareya Square in Cairo on March 7, 2018.

Just as Uber needs Cairo’s market, Cairo needs Uber’s investment, and the company could leverage its economic power to push back against the law. Egypt’s economy has been flailing in recent years, and foreign investment has been hailed as a saving grace. Uber is a poster child for such outside interest, having announced a $20 million investment in a support center in October last year.

Uber is not exactly known as a great defender of privacy: The company has been criticized in the past for continuing to track passengers after they are dropped off, surveilling competitors, and investigating critical journalists. As part of a settlement with the Federal Trade Commission last year, Uber agreed to regular audits in order to remedy its failure to protect sensitive information about its drivers and passengers.

But in this case, the company has signaled some resistance to the Egyptian government’s demands. On March 29, Rana Kortam, senior associate for public policy at Uber, addressed the parliamentary committee discussing the bill to register the company’s objection and insist on the need for a judicial injunction to share user data.

“Uber and Careem should fight those draconian bills, and if the bill is approved, those companies should also pull out of Egypt.”

In a statement provided to The Intercept, Uber recognized concerns regarding data, but also affirmed that the company would “work with and comply with law enforcement to make the cities we operate in as safe as possible,” adding that “the privacy of our users — both riders and drivers — is of top importance and we will always work to protect their privacy.”

“Uber and Careem should fight those draconian bills, and if the bill is approved, those companies should also pull out of Egypt,” said Rodriguez. “If not, they will put at risk the lives of their drivers and riders.”

Drivers sit in an Uber service and training center in Cairo, on May 11, 2017.

The law represents the latest in a trend whereby the Egyptian government has passed legislation to codify repressive tactics that had previously been implemented informally, protecting these tactics from legal challenge and facilitating an escalation in the crackdown. For instance, a 2013 law restricting protest was described by Amnesty International as a “fast track to prison.” In late 2016, the parliament passed another law restricting the work of nongovernmental organizations, which was met with worldwide condemnation.

Egypt’s current parliament boasts one of the most pluralistic representations of political parties in modern Egyptian history — at least on paper. However, the body has been unanimous in its failure to mount any real opposition to the executive’s projects, acting as a rubber stamp rather than as a representative body. The vast majority of Egyptian laws passed since the parliament was seated, in January 2016, were drafted by executive bodies and approved by the parliament with little adjustment or substantive public debate.

The law regulating ride-hailing apps is no exception. The government had already had a draft of the bill at the time that requests for access to data surfaced in June last year, and it was submitted to the parliament on March 21 — the day after the lawsuit verdict banning Uber’s operation was announced. Despite Uber’s concerns, it was passed in committee just 10 days after its submission. The law is expected to pass a final vote before Egypt’s House before being ratified by the president.

Uber will soon face a choice: either sacrifice one of its largest-growing markets or submit to Egypt’s ever more authoritarian laws and place its passengers’ information directly in the hands of a hostile government.

Top photo: A general view shows a traffic jam on Cairo’s 6th October Bridge on Jan. 23, 2013.