Social Media Exchange

Syndicate content
Updated: 2 min 53 sec ago

[Report] Building Trust: Toward a Legal Framework that Protects Personal Data in Lebanon

Thu, 2017-10-05 17:06

للقراءة باللغة العربية

To read or download the report, find it at the bottom of the page. We also held a panel discussion with the authors on August 11, 2017, you can watch a video summary of the session on our YouTube channel. 

The lack of a comprehensive legal framework for privacy rights and data protection in Lebanon has led to the adoption of illegal mass surveillance programs and to the violation of individual and collective privacy without repercussions. In order to understand the mechanisms under which surveillance is conducted in the country, to identify areas in need of reform, and to devise strategic advocacy for privacy protections, SMEX issued its inaugural report on digital surveillance titled “Mapping the Landscape of Digital Surveillance in Lebanon” on December 14, 2016.

Having developed a foundational knowledge base on issues related to privacy, surveillance, and data protection, SMEX designed a program — the SMEX Fellowship for Reporting on Digital Freedoms — to promote, facilitate, and disseminate research on digital rights in Lebanon, with the aim of providing evidence to enhance public discussions surrounding these issues. The fellowship provides an opportunity to develop skills, expertise, and knowledge on digital freedoms-related issues in the Middle East and North Africa (MENA).

The report, “Building Trust: Toward a Legal Framework that Protects Personal Data in Lebanon” is the product of our call to journalists, human rights activists, and researchers to conduct further investigations and research into the state of digital rights in Lebanon. This report was produced by Elham Barjas, a journalist at the Legal Agenda, and Hussein Mehdy, a journalist who has exposed corruption at several Lebanese universities.

Executive Summary

The Lebanese state is increasingly relying on digital technologies in its collection and storage of personal data. It has already started to issue biometric passports and smart biometric residence permits, and to convert driver’s licenses to biometric ones. The Communications Minister has proposed linking individuals’ phone numbers to their IDs through a specialized private company. It is clear that the government is trying to grow its use of new technologies to collect personal data through private companies.

However, the Lebanese state is embracing these new technologies and adopting these new policies without clear guidelines to protect the data it is amassing and without privacy guarantees. This is particularly troubling in light of several cases of data leaks, some of which are known to the Lebanese public while others remain unreported.

This rapid adoption of new technologies without any safeguards led SMEX to conduct a study on the regulatory framework for data protection, especially its legislative and technical aspects, which deal with personal data belonging to Lebanese citizens and people residing on Lebanese soil — to assess its strength and weaknesses. This assessment requires shedding light on both the legislative framework for personal data in Lebanon and the technological mechanisms employed by the relevant authorities to provide data protection. It also requires highlighting cases that justify the mounting questions and skepticism regarding the efficacy of the existing systems, both legal and technological, given that violations of the privacy of different groups of individuals have repeatedly taken place.

In its first section, the study examines the legal framework regarding personal data in Lebanon. Even though Lebanon participated in developing the directives on data protection legislation issued by the United Nations Economic and Social Commission for Western Asia (ESCWA) in 2012, the country still lacks specific legislation on personal data. At the time of publishing this report, the Lebanese legislature has not issued any legislation in this regard, but has held general discussions on the legal definition of personal data and suggested a theoretical framework to process it.

In its second section, the study defines biometric data, explains the technology employed in collecting it, and summarizes the most important methods used to encrypt and protect it from breaches. The study highlights the use of biometrics given recent technological advances and discusses the importance of using sophisticated protections to ensure that data is protected from leaks and breaches. The report summarizes and evaluates the recent adoption of biometric passports and residence permits by the General Directorate of General Security. Additionally, it highlights the types of data the authorities are storing relating to both Lebanese citizens and foreign residents, especially since the Directorate has unhindered access to this data.

In the third section, the study reviews data leaks originating from different sectors, underscoring the extent to which Lebanese citizens and residents’ personal data is being misused. The study reveals that personal data collected in the country is susceptible to infiltration and to leaks due to weak protection systems and the absence of specialized legislation.

In the fourth section, the study reviews the “Electronic Transactions and Personal Data Protection” draft law, which a subcommittee formed by the joint parliamentary committees is currently discussing. This draft law includes a complete section on the protection of personal data. However, since the bill is yet to become law, this study examines articles that protect personal data scattered among different Lebanese laws. It also scrutinizes and evaluates the draft law in light of foreign legislation, especially French law, which has informed the Lebanese draft law and the ESCWA directives with which the Lebanese law should be compatible. In addition, the study highlights the role of the Information and Communication Technology Center at the Beirut Bar Association in improving the bill through its participation in the ongoing discussions held by the subcommittee.

Download (PDF, 737KB)

Iraq’s Increased Use of Internet Shutdowns a Worrying Trend

Thu, 2017-09-28 16:09

Despite criticism from free expression and digital rights groups, such as IFEX and AccessNow, the Iraqi government appears increasingly reliant on blocking access to the internet as a tactic to deal with social, political, and security concerns. There have been 25 shutdowns since the beginning of 2017, including 15 in the first half of the year to prevent cheating on exams. The continuation of this practice is disturbing, especially because the government has started to shut down the internet without warning and without reducing the length of its shutdowns. The Iraqi government’s repeated adoption of this tactic demonstrates that its attitude towards internet freedoms is moving in the wrong direction.

The Iraqi government has usually provided a warning before shutting down the internet, but on July 15, 2016, during protests in Baghdad, the government shut down the internet for three and a half hours with no announcement. Then, on July 20th of this year, the Ministry of Communications shut down the internet in the middle of the night without any notification. Though the government gave no reason, this shutdown occurred as the remaining ISIS militants in Mosul intensified suicide attacks.

This graph displays a power outage on the night of July 20th.

 

Even when the Iraqi government shut down internet service for the first time in 2014—in response to “the exceptional security situation Iraq is having,” a reference to ISIS’ capture of Samarra, Mosul, and part of Kirkuk in June of that year—it issued a notice about the shutdown. Though that blockage was limited to five provinces, it was more comprehensive in scale than subsequent shutdowns as the government ordered the total shutdown of the internet and partial blockage of Virtual Private Networks (VPN), and restricted access to various social media sites. While an equally comprehensive warning was issued then, the Iraqi government’s more recent shutdowns are occurring without warning and for relatively benign reasons, marking a troubling regression of digital rights in Iraq.

Moreover, the government reversed course on shortening the length of internet shutdowns. The most recent instance of an internet shutdown occurred during an examination period at the end of August 2017, at the request of the Ministry of Education. The Ministry of Communications stated that “an outage of internet services will occur during the period of the 26th of August until the 10th of September 2017 starting from 6:30 AM-9:30 AM.” The Ministry stressed that for nine days in this window “total service blackout will occur.”

The Iraqi government officially announces the most recent internet shutdown.

Starting in July 2015, the Iraqi Ministry of Telecommunications shut down the internet during the high school bachelor exams in order to prevent cheating, ordering all service providers, including mobile 3G providers, to shut down their services for three hours every day for the duration of the three-week exams. In May 2016, service shutdown was expanded to include high school and secondary schools’ final examination periods. The government recognized the negative impact of these three-hour shutdowns and, earlier in 2017, decreased the period to one hour. Yet, in August, it elected to return to three-hour shutdown periods, proving that the government is choosing to overlook the cost of periodic shutdowns of the internet.

“Partial or complete shutdowns of the internet have taken place in 51 countries in just the first 10 months of 2016,” SMEX reported last year, warning that “in times of political unrest, an internet shutdown could lead to an increase in violence and acts of repression while making it nearly impossible to reach essential services and connect with loved ones.” The internet ecosystem also has a transformational impact on both developed and developing economies, lowering the barriers for business activity, facilitating access to new markets, and helping businesses drive efficiency.

Restricting connectivity has the potential to reverse the positive impact that the internet has on the wider economy. Even partial disruptions can have material economic effects. For example, it can weaken email services, prevent access to dynamic information on weather conditions, and hinder retailers and other businesses from reaching customers in other parts of the country and across borders. It is clear that the Iraqi government’s decision to shut down the internet, even for three-hour periods, negatively impacts Iraqi citizens.

The economic losses due to the 22 shutdowns that occurred between July 2015 and June 2016 are estimated at over $209 million. But beyond the economy, Iraq’s reliance on internet shutdowns is a threat to social and political institutions within the country. The government has created an environment where it is acceptable to block the internet and continued use of this tactic could have drastic effects if the government elects to employ it habitually to face new social and political challenges.

Restricting access to the internet – even for a short period of time – endangers lives, separates people from each other, undermines economic growth, and erodes confidence in a government that takes such drastic and ill-advised steps. The Iraqi government should recognize the widespread consequences of this decision and opt to manage its political and security challenges without threatening the digital rights of its citizens and without disrupting their lives.

Online Vigilantism: A Threat to Justice in Lebanon

Tue, 2017-09-26 17:51

The Facebook page “Where is the state? (وينية الدولة؟),” which has over 250,000 likes, regularly posts high-quality videos or pictures documenting alleged crimes in Lebanon, garnering hundreds of thousands of views. While Facebook suspended the page on Tuesday, September 26, because it posted personally identifiable information about two individuals, its backup page, which has almost 70,000 followers, remains active.

The mission of the page is to crowdsource detective work in order to catch the perpetrators of these alleged crimes, a practice known as online sleuthing. People view the videos or photos and attempt to identify the suspects, sending information to the page through its inbox or via WhatsApp. This information often consists of names, addresses, and other personally identifiable information. Sometimes, this information is shared publicly via the page, presumably to let the followers of the page know the results of their work. Sharing this information breaches these alleged criminals’ right to privacy and endangers their access to justice in the process. Beyond breaching the right to privacy, this page helps foster an unhealthy vigilante culture in Lebanon and raises questions about its relationship to the state.

A recent video displaying an encounter between a man and a woman clearly illustrates this issue. On Sunday, September 24, the page published a video of a woman leading a man around the Jounieh area, north of Beirut, on a leash, which gained over 500,000 views. Along with the video, the page stated “it remains to be taken on our shoulders to seek to spread the complete identity of all who appear in this video, perhaps thereby compelling the security forces to move and arrest them.” Just a few hours later, the page published a second post claiming that the Internal Security Forces (ISF) had arrested the man in the video, and named him publicly. The page also named the woman in the post and revealed that she identifies as transgender, potentially subjecting her to harassment and violence. Then, on Monday, the page announced that the Internal Security Forces had arrested the woman as well; it posted detailed information about both individuals, including their ages, places of work, and brief descriptions of their life.

Releasing this information violates the right to privacy under Article 14 of the Lebanese constitution and under Article 12 of the United Nations Declaration of Human Rights, which Lebanon has adopted. Ali Mourad, an assistant professor of public law at Beirut Arab University, wrote in a Facebook post, that publishing pictures and information about these people “eliminates the basic principle of presumption of innocence” and promotes the “defamation” of these two individuals. Thus, they are less likely to receive a fair trial and they could be detained without being formally charged. Moreover, the decision to publish information about these individuals places them in danger.

Mr. Mourad emphasizes that this page is particularly dangerous because it not only violates the right to privacy, but it also aims to transform “every citizen…into detective, judge, and informant.” The administrators of the page encourage Lebanese citizens to provide information about innocent individuals and publish it indiscriminately. In this case, the page shared extremely detailed information about the arrests of both people, claiming it had received it from its followers. Even the post about the arrest contained more personally identifiable information about the individuals than ISF’s Facebook post regarding the incident.

Some people are asking whether the authorities, instead of intervening to protect people and their personally identifiable information, are actually helping and supporting this page. In his Facebook post, Mr. Mourad mentioned that “public administrations interact often and positively with this page.” One activist, who wished to remain anonymous, posited that both the quality and quantity of the videos on this page suggest that the ISF run the page, or at the very least are in contact with the person who does. Vigilante culture is dangerous on its own, but it becomes even more dangerous if it is possibly receiving tacit support from the authorities.

As a digital rights organization, we ask the Facebook page administrators to seek the support of proper channels to investigate crimes. Posting individuals’ personally identifiable information threatens the safety and well-being of presumably innocent individuals. More importantly, we urge the Lebanese state to protect the privacy rights of its citizens and those residing on Lebanese soil; this entails creating stronger data protection laws to ensure third party actors cannot release personally identifiable information about people without any repercussion.

Hacklab 1: How the Internet Works

Mon, 2017-09-11 15:42

In April 2017, SMEX launched a program to empower youth with the knowledge and tools needed to safely navigate the internet. “Abtal el-fada’ el-raqmi” (أبطال الفضاء الرقمي) aims to create a community of tech-savvy youth committed to using the internet for social change.

In its first phase, the program consists of six hacklabs designed to equip the participants with the knowledge necessary to understand the digital sphere and the tools needed to help make it a safer space.

Our first hacklab focused on explaining to the youth how the internet works. Together with our digital heroes, we produced a video that illustrates the trajectory of a text message from its sender to its recipient and provides a helpful tip on how to keep one’s messages private.

Applications Open for “Abtal el-fada’ el-raqmi”

Tue, 2017-07-25 10:00

Applications for the program are closed.

للقراءة باللغة العربية

SMEX is launching a new program to empower youth with the knowledge and tools needed to safely navigate the internet. “Abtal el-fada’ el-raqmi” (أبطال الفضاء الرقمي) aims to create a community of tech-savvy youth committed to using the internet for social change, and we’re inviting you to become a part of it!

If you’re interested in learning about digital security, acquire transferable skills, and engage in productive discussions and debates on issues ranging from privacy to online harassment, then this is the program for you! We’ll be hosting a number of hacklabs, or community-operated spaces, where you can meet and collaborate with like-minded individuals in a fun learning environment.

You know you’re a suitable candidate for this program if you’re curious about how the internet works, and/or if you’re invested in making it a safer place and see yourself as a future leader in either technology or human rights online.

“Abtal el-fada’ el-raqmi” will start on August 16 and last until October 28, 2017.

Apply if you’re between the ages of 16 and 22 and can commit to attending every hacklab from 11 am till 6 pm.

Timeline:

Welcome event (6 -8 pm) August 16, 2017 Hacklab 1 August 19, 2017 Hacklab 2 September 9, 2017 Hacklab 3 September 16, 2017 Hacklab 4 October 7, 2017 Hacklab 5 October 14, 2017 Hacklab 6 October 28, 2017

Cost: Free of charge for our future digital heroes

Where: SMEX offices, Badaro

How: Fill out the application below right away, space is limited

Extras: We’ll provide lunch and give you plenty of breaks to mingle with each other

Your active participation will earn you a certificate from SMEX. You will also become a part of a tight-knit community of digitally savvy youth with additional opportunities to attend events, film screenings, and workshops organized by the SMEX team.

Limiting Palestinian Free Speech Online is no Solution to Cybercrime

Fri, 2017-07-14 16:45

Roundtable discussion on “Media Freedom in Palestine,” Palestine Liberation Organization headquarters, Ramallah, July 13, 2017 (MADA).

Palestinian human rights and civil society organizations have called for a freeze on the recently publicized cybercrime law that was approved by Palestinian Authority (PA) President Mahmoud Abbas on June 24, 2017.

In a press statement released by the Palestinian Center for Development and Media Freedoms (MADA), the new law was criticized for its potential violation of “public freedoms, freedom of expression and the right to privacy.” Member of the Union of Palestinian Journalists’ General Secretariat Nabhan Khreisheh expressed to Al-Quds Al-Arabi his concern that the law will hinder constructive criticism of the political system out of fear of the consequences. In addition to jail sentences ranging between 3 and 15 years, violators of the law could also be fined up to US $7,000.

SMEX translated three of the cybercrime law’s articles to convey the urgent need to halt its implementation, which will stifle free expression online and threaten civil and political rights.

  • Article 51 of the law states that, “If a crime is committed online and harms ‘national unity’ or ‘social harmony,’ it will be punishable” by hard labor, ranging between three and 15 years, a sentence impacting all those who partook in the crime.
  • Articles 32 mandates internet service providers to cooperate with security agencies by collecting, storing, and sharing users’ information data for at least three years, in addition to blocking any website on the orders of the judiciary.
  • Article 40 allows the Attorney General or one of his assistants to request the court to issue an order to block any website within 24 hours.

In the context of the increasing restrictions on press freedoms, MADA’s general director, Musa Rimawi, noted that a number of journalists have been arrested and 29 news sites were blocked in the West Bank in the past few months. This law heightens and legitimizes these violations, which could grow under cover of the judiciary.

SMEX joins Palestinian organizations in condemning this cybercrime law and echoes the call to enact a new law that respects the right to unhindered speech online and the free flow of information while protecting internet users from the real threats they face, including extortion and fraud.

You can view the PA’s new cybercrime law on the website of Palestinian radio station 24FM. We encourage you to follow the development of our Arab Digital Rights Dataset to learn more about regulations affecting online users in the 22 countries of the Arab League.