Social Media Exchange

Syndicate content
Updated: 30 min 59 sec ago

“Out of Coverage Area:” Sinai Peninsula Residents Unreachable

Sat, 2018-02-10 12:28

للقراءة باللغة العربية

The Egyptian activist group April 6 Movement tweeted this image on February 8, 2018, under the hashtag “Sinai out of the coverage area.”

The Egyptian Armed Forces announced Friday morning the start of a military operation to root out “terrorists and criminal elements and organizations” from northern and central Sinai, west of the Nile valley, and the Nile Delta. Dubbed “Comprehensive Operation: Sinai 2018,” the military campaign against armed militants is accompanied by a complete shutdown of internet and telecommunications services across Egypt’s Sinai Peninsula. Online activists and Egyptian citizens are sounding the alarm on Twitter under hashtag “Sinai is out of the coverage area” to express concern over the fate of Sinai civilians — unknown since they are now both physically and virtually inaccessible.

The government, which has long imposed a news blackout on its operations in the peninsula, is launching a major military campaign with life-altering consequences, but disconnecting Sinai residents from each other in the sparsely populated region and isolating them from the rest of the country. Such shutdowns are familiar to residents of Al-Arish and other cities in the North Sinai, who are subjected to network disruptions “whenever military and security operations are conducted in the desert area south of the city,” according to an engineer from al-Arish who spoke to SMEX on the condition of anonymity fearing that he could be summoned by the authorities. The source added that the government does not warn residents before a shutdown nor does it provide any justifications once services are restored.

The Egyptian government has been launching offensives against the Sinai insurgency since it began in 2011, in the aftermath of the Egyptian revolution that toppled the presidency of Hosni Mubarak. Extremist militant group Ansar Beit al-Maqdis (ABM) repeatedly attacked Egyptian security forces before pledging allegiance to the self-proclaimed Islamic State in the Sinai Peninsula, known as ISIL-Sinai Province.

Mohannad Sabry, a journalist and researcher who has extensively covered the Sinai, told SMEX in a phone interview that internet and telecommunications blackouts are simply ineffective. “Government forces suffer from network disruptions more than the insurgents,” he said, referring to instances when ground forces lost contact with each other or with the Ministry of Interior during combat. Insurgent groups “have alternative ways to communicate, like through BGAN portable terminals and shortwave walkie talkies,” Sabry added, explaining that disruptions to telecommunications services have little impact on their alleged targets.

In reality, these shutdowns prevent local and foreign journalists and non-governmental organizations from reaching sources on the ground. “Limiting coverage of the failure of Egypt’s strategy in the Sinai and of the negative impact it has had on the community there is one of the reasons behind these disruptions,” Sabry elaborated. On February 3, the New York Times exposed a “secret alliance” between Egypt and Israel in the war against militants in the North Sinai. The Egyptian government is trying to conceal such information from the public, according to Sabry, “Egyptian leaders wanted to cover up the approval of Israeli airstrikes on Islamic State positions in Sinai,” he said.  

The telecommunications sector in Egypt is operated by the National Telecommunications Regulatory Authority (NTRA), which “means that this body is implicated in any network disruptions that occur in the country,” a freedom of expression activist told SMEX on the condition of anonymity as a safety precaution. “Various government bodies interfere in the work of the NTRA, including the Ministry of Defense, the Ministry of Interior, the National Security Agency, and others like the Ministry of Telecommunications,” the activist added.

The recurring interference in internet and telecommunication services comes as press freedoms and freedom of expression are jeopardized by the military rule of President Abdel Fattah El-Sisi. In 2016, Egypt was the world’s third-ranked offender in terms of imprisoned journalists, according to the Committee to Protect Journalists.

Reporting on the North Sinai is even more difficult since the area was declared a closed military zone and rendered inaccessible to journalists. Our source in Al-Arish said that while permission can be requested from Egypt’s military spokesperson, Tamer al-Refai, “he barely gives any authorizations … no one has been allowed to write about this story or any story that actually matters [to Sinai residents].” Asked if any organizations are advocating on behalf of residents’ right to access the internet and other telecommunications services, the engineer in Al-Arish said: “absolutely not, no one is … just like the press, the work of NGOs is very restricted here.”

Network disruptions in times of conflict and war can have serious implications, whether in Sinai or elsewhere. Sabry said that the real victims of those disruptions are the locals in the North Sinai because “they cannot report cases of collateral damage or injuries and they have limited access to emergency services.” For example, “several women were unable to call an ambulance while in labor,” he added. For the residents, like our source in Al-Arish, who are directly impacted by these shutdowns, “the worst aspect is the element of surprise.” Some residents have been left in the dark about a relative’s death, learning of it 10 to 12 hours after its occurrence. Others have had to travel long distances, as much as 90 kilometres, to simply make a phone call or send an email.

Hindering and limiting access to information and communications services is a national concern in Egypt that extends far beyond the Sinai Peninsula, however. Since May 24, 2017, the Egyptian government has blocked at least 496 websites, according to the Association of Freedom of Thought and Expression, an independent legal firm. Websites of several international news outlets, such as The Washington Post, and independent local media outlets, such as Mada Masr, are blocked. Under the pretext of supporting terrorism or the catch-all “fake news,” the Egyptian public is being deprived of essential services and information while the work of local journalists is coming under systematic attack.

State of Privacy Lebanon

Tue, 2018-02-06 13:18

Download (PDF, 100KB)

As part of an ongoing collaboration with Privacy International, SMEX produced ”State of Privacy Lebanon,” a new briefing that intends to establish foundational knowledge about privacy in Lebanon. The report tackles the right to privacy, communication surveillance, data protection, identification schemes, and policies and sectoral initiatives. The report not only details longstanding issues such as the weak legal framework for privacy rights in Lebanon and the lack of a data protection law, but also delves into more recent issues like the state’s dependence on both physical and digital surveillance tools, and its increased use of biometric identification.

Key privacy facts

1. Constitutional privacy protection: The Lebanese constitution does not explicitly mention the right to privacy.

2. Data protection law: Lebanon does not have an explicit data protection law.

3. Data protection authority: Lebanon does not have a data protection authority.

4. Recent scandals: EFF recently reported that malware-infected messaging apps have been operating since 2012, possibly involving a nation-state actor.

5. ID regime: Biometric passports and residence permits are being issued without a clear legal framework being in place.

In addition to the publication of the  “State of Privacy Lebanon,” Privacy International and its local partners also updated briefings for nineteen other countries including Egypt, Jordan, Morocco, and Tunisia.

Security Tips in the Wake of the “Dark Caracal” Report

Fri, 2018-01-26 13:07

On January 18, researchers at the Electronic Frontier Foundation (EFF) and security company Lookout published a report uncovering a global malware espionage campaign operated from the building of the General Directorate of General Security in Beirut. Dubbed Dark Caracal, the campaign partly relies on the use of fake Android apps and phishing links to steal mobile users’ personal information. However, the hacking techniques and targets are more expansive; read our summary of the research to understand all its implications.

Based on the report’s findings and the inquiries SMEX has received this week, we produced a series of security tips to help ensure your safety and privacy online. Following the advice reduces your threat level, but does not eliminate it. For a comprehensive digital security tutorial, we recommend EFF’s “Surveillance Self-Defense” project.

Think Your Android Device Is Compromised?

Best Practices for Securing Android Devices

Tips to Avoid Malicious Links & Fake Android Apps

Dependent Yet Disenfranchised: The Policy Void That Threatens the Rights of Mobile Users in Arab States

Wed, 2018-01-24 12:06

Download (PDF, 7.91MB)

In the context of growing government control of mobile networks and a lack of transparency by both governments and companies in making these controls visible, this report, “Dependent Yet Disenfranchised: The Policy Void that Threatens the Rights of Mobile Users in Arab States” seeks to document the public disclosure of key policies by all mobile operators in the 22 countries of the Arab region, specifically terms of service and privacy policies. In addition, we aim to assess the extent to which those disclosures address the right to free expression, and to a lesser extent the right to privacy, using a selection of indicators from the RDR/CAI methodology.

Our objective is to provide evidence to inform the efforts of corporate and government policymakers, journalists, activists, and researchers. Most important, we aim to foster increased transparency between mobile operators and their users in order to develop a business culture in which customers’ demands for their rights to privacy and free expression are powerful enough to persuade technology and telecom service providers to: first publish and publicize rights-respecting corporate policies; second, differentiate themselves from competitors based on these policies; and, third, defend mobile users in the region from government and corporate overreach.

No mobile telecom operator in the Arab region, even subsidiaries of multinationals, appears to consider, much less commit to respect, human rights online in the formulation of their terms of service and privacy policies. Many do not even make these core policy documents publicly available.

Of the region’s 66 mobile telecom operators, for instance, only 14 publish terms of service; just 7 publish privacy policies. Among the companies that do publish ToS, some do not publish them in the primary languages of their users. Moreover, there is little consistency among companies in their commitments to notify users of changes in service or to make clear the processes used to enforce their ToS. In fact, while most companies provide information on the types of content and activities they do not allow, it remains unclear which procedures they follow to enforce their rules. This includes providing information on which actions they take against infringing users and accounts such as decisions to suspend or terminate a service; or to restrict access to certain types of content, and how such decisions are made.

While most operators provide some means for customers to submit complaints, no existing remedy mechanism includes either a process for addressing grievances related to freedom of expression or evidence that the company is responding to complaints. Finally, not one Arab-country operator publishes a transparency report (some are prevented from doing so by law).

Despite these shortcomings, there are bright spots. Four companies — LycaMobile Tunisia, Virgin Mobile KSA, Vodafone Qatar, and Zain Jordan — publish both a ToS and a privacy policy. Du, in the UAE, emerged as a relative leader in informing and educating its users regarding processes for enforcing its policies. Subsidiaries of MTN, Orange, and Vodafone — multinational operators based outside the region — received partial credit for human rights commitments, thanks to the leadership of their parent companies. Still, there is vast room for improvement.

By documenting these shortcomings and glimmers of potential across the region and making them visible to both the companies and their users, we want to spur operators to move in the right direction. We have included juxtaposition with multinational and RDR/CAI-ranked companies to illustrate trends at the global level that might aid this push. Additionally, because this is the first analysis of its kind and incorporated only four indicators and also because our intent is to encourage not shame the companies evaluated, we chose not to assimilate the data collected into a numerical ranking or score, as the 2017 Corporate Accountability Index does. In future evaluations, however, we may reconsider this approach.

Further, we hope that Arab region–based free expression, digital rights, and consumer rights groups will use the data provided herein to advocate not only for making terms of service and privacy policies publicly available at the operator level but also for the inclusion of language that ensures respect for users’ rights in line with international business and human rights standards. To our knowledge, this report is a unique source of such data and sets a baseline of knowledge that can support demands for a more rights-respecting business environment generally and in digitally networked spaces, in particular. This is especially urgent, since in recent years, these spaces have become the primary locales of both our private and public discourse and must be protected as such.

Finally, we offer recommendations to operators on how to incorporate these standards, and to consumer and human rights advocates on what they should consider and demand as rights-respecting behavior.

In November 2017, Afef Abrougui, the author of this report and a researcher with Global Voices; Rebecca MacKinnon, director of Ranking Digital Rights; and Jessica Dheere, executive director of SMEX, discussed the findings of the report at the SMEX office in Beirut. Here’s the video.

Human Rights Organizations Call for Investigation Into Arbitrary Surveillance Program in Lebanon

Wed, 2018-01-24 11:07

للقراءة باللغة العربية

A large watchful eye observes as three laptops display information on their screens. (Bryce Durbin/TechCrunch)

(Beirut) – Lebanon’s general prosecutor should investigate reports of secret large-scale surveillance tied to a Lebanese intelligence agency, seven human rights and media organizations said today. Privacy and surveillance researchers on January 18, 2018, released a report alleging that a malware espionage campaign responsible for stealing hundreds of gigabytes worth of personal data was tied to a building owned by Lebanon’s General Security agency.

Researchers at Lookout and the Electronic Frontier Foundation, stated that an actor “believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut” was responsible for stealing hundreds of gigabytes of private data. According to the report, the espionage campaign has been running since 2012 and was ongoing at the time of publication, affecting thousands of people in more than 20 countries, including activists, journalists, lawyers, and educational institutions.

“If these allegations are true, this intrusive surveillance makes a mockery of people’s right to privacy and jeopardizes free expression and opinion,” said Lama Fakih, deputy Middle East director at Human Rights Watch. “Lebanese authorities should immediately end any ongoing surveillance that violates the nation’s laws or human rights, and investigate the reports of egregious privacy violations.”

The report alleges that the espionage was primarily carried out through mobile devices that were compromised by fake messaging applications, allowing attackers to take photos, retrieve location information, and capture audio. The researchers said the mobile focus of the espionage campaign was one of the first they had seen on a global scale. The private data they said were captured includes SMS messages, call records, browsing histories and bookmarks, and audio recordings, and was available on the open internet because operators allowed public access to the data.

A 2015 report had identified General Security as one of two agencies in Lebanon using FinFisher, a sophisticated spyware system. In 2016, SMEX, a Beirut-based nongovernmental organization, published a report mapping the digital surveillance landscape in Lebanon.

In response to the report, Abbas Ibrahim, the director general of General Security, told Reuters: “General Security does not have these type of capabilities. We wish we had these capabilities.” On January 19, local media reported, Interior Minister Nohad Machnouk said that reports of Lebanon spying were exaggerated but not necessarily incorrect. On January 20, Ibrahim admitted in a media interview that General Security was conducting surveillance.

Lebanese law 140 of 1999 protects the confidentiality of communications from eavesdropping, monitoring, or disclosure, except in cases provided by law. However, it also authorizes the interior minister, who oversees General Security, and the defense minister, to order the interception of specific communications based on a written decision approved by the prime minister, for the purpose of combatting terrorism, crimes against state security, and organized crime.

International human rights law prohibits any arbitrary or unlawful interference with privacy, including private communications. And any government interference with privacy must be necessary to achieve a legitimate aim and must be carried out in accordance with both international and domestic law. Any law allowing secret surveillance must be “sufficiently clear in its terms to give citizens an adequate indication as to the circumstances” in which the monitoring may take place. Human rights law also provides that governments in most circumstances must notify people whose private information has been the object of surveillance. If an individual’s fair trial, privacy, or other rights are violated, the government must provide an effective remedy.

“Allegations that stolen data was left on the open web are particularly concerning, and would put people’s privacy at further risk,” Fakih said. “There is no justification for arbitrary large-scale surveillance, but leaving people’s private information exposed on the internet would be beyond the pale.”

Signatory Organizations:

Alef – Act for Human Rights
Alkarama Foundation
The Lebanese Center for Human Rights (CLDH)
Human Rights Watch
Helem
Media Association for Peace (MAP)
SKeyes Center for Media and Cultural Freedom
SMEX

Shawarma, Baklava, and Digital Rights Law: Reflections from a Community Workshop on Digital Rights Legal Data at the 2017 Internet Governance Forum

Mon, 2018-01-22 16:42

The relationships between digital technologies and networks, and their national and regional legal frameworks, are rapidly evolving. Poorly drafted and arbitrarily applied legislation and regulations represent a serious threat to our digital rights and civic space, not only in the Arab region but broadly across the global South. A widespread lack of accessible, reliable resources that catalog national-level legislation affecting online freedoms has made it especially difficult for digital rights advocates to conceptualize these legal frameworks, identify their weaknesses, analyze emerging trends, qualify their impact and, most important, push for reform.

As part of our latest push to advance and expand our ongoing efforts to map the emerging legal framework for digital rights in the Arab region, SMEX and human rights documentation technology organization HURIDOCS joined forces during the 2017 Internet Governance Forum (IGF) to host and co-facilitate “Shawarma, Baklava and Digital Rights Law,” an interactive workshop focused on sharing current initiatives at the intersection of digital rights and law, with the goal of laying the groundwork for a nascent community of practice and developing a shared roadmap for a legal database on digital rights law.

SMEX Executive Co-Director Jessica Dheere welcomes participants to our interactive workshop on data, digital rights and law co-hosted with HURIDOCS, Geneva, December 19, 2017 (SMEX).

On a chilly late-December evening in Geneva, a group of more than 30 legal practitioners, advocates, researchers, technologists, and human rights defenders came together over a warming, hearty meal of Lebanese shawarma, falafel, and sweets, to share their ongoing efforts to make sense of the emerging legal landscapes impacting digital rights, and to take the first steps towards collectively envisioning an open, online resource to catalogue and visualize digital rights-related legislation and caselaw data around the world. Opportunities to bring such diverse and interdisciplinary perspectives on a relatively new area of inquiry together under one roof are exceedingly rare – here are some of the things that we learned from the experience:

Efforts to document and visualize how laws and legal rulings affect citizens’ digital rights are already taking place at a global level.

At SMEX, we recognize that that no one entity can achieve its vision alone, especially one as expansive as cataloguing an emerging, intersectional category of law; therefore, the chief motivation behind this workshop was to invite broad collaboration from a variety of stakeholders on the development of an interoperable database framework as a community resource for digital rights legal data. In bringing such a diverse, interdisciplinary group together, our hope was that we – participants and organizers alike – would come away from the evening with a more concrete grasp of just how much of this work is already happening around the world.

In a series of insightful lightning talks during the workshop, we were fortunate enough to have a number of parallel projects share their unique, creative approaches for tackling this challenge – we learned more about a range of existing datasets and resources, such as Coding Rights’ digital rights legislation monitor Radar Legislativo, the Columbia University Global Freedom of Expression Caselaw Database, Ranking Digital Rights’ 2017 Key Findings visualizations, Internet Lab’s Policy Watch project and Seminario policy news bulletin, and Global Partners Digital’s interactive online World Map of Encryption, as well as prior and planned research initiatives by Point of View, the Association for Progressive Communications’ APC-IMPACT initiative, and Centro de Estudios en Libertad de Expresión y Acceso a la Información (CELE).

Together, our collective efforts already touch upon virtually every corner of the planet and have identified complementary but distinct aspects of the problem. In the weeks leading up to the event, it became clearer to us just how much interest there was in discussing and exploring this work, and that the number of individual initiatives documenting and analyzing these laws and their impacts was more than we first imagined. However, it was during the workshop itself that the true extent and vibrancy of thoughtful, methodical, and creative effort going into making sense of this complicated new area of inquiry really came to light.

There is a clear need for online resources offering accessible, adaptable, and verified data on legislation impacting digital rights.

Assembling the body of rigorously researched, verified evidence needed to build compelling advocacy in defense of users’ rights in digitally networked spaces is an enormous task that neither lawyers, technologists, activists nor researchers alone can single-handedly undertake. Continuously monitoring how laws impact our digital rights, interpreting these impacts and their ramifications for global audiences, and then leveraging this information to advocate on behalf of citizens when their digital rights are violated requires a broad commitment to ongoing coordination and sharing of resources. Promoting this kind of sustained collaboration among diverse stakeholders is always a challenge.

Together with HURIDOCS, during the workshop we presented our working prototype of an open database for cataloguing digital rights legislation and caselaw data, built on the adaptable data model and API developed for the Arab Digital Rights Dataset and the HURIDOCS Uwazi platform. After sharing the prototype, we facilitated an interactive user need–finding exercise in which participants identified specific feature and usability requirements to be included in a shared roadmap for the platform’s development.

Despite the late hour of this final third of the three-hour workshop (at the end of a full-day of IGF programming, no less), participants went on a facilitated usability scavenger hunt, working together to replicate a variety of user scenarios using the prototype—a task to which they applied themselves so intensively we found ourselves faced with the uncommon-yet-happy facilitation challenge of having to encourage the group to stop working. During the final go-around following the exercise, participants recounted their experiences navigating the platform and working with the sample dataset contained within it. The feedback shared was very direct, highly specific, and in all cases clearly connected to real-life use case examples, indicating that participants were able to quite easily envision how they might use such a resource in their own work.

An overarching theme emerged almost unanimously across the feedback provided: beyond mere analysis of individual laws and cases, what participants really wanted was to be able to visualize and understand the intricate web of relationships between them. This spoke to a clear need for resources, such as database and infographic tools, through which legal practitioners, researchers, activists and others can systematically explore emerging digital rights landscapes by tracing the causal and thematic connections between different laws, legal precedents, and other verified digital rights legal data.

The motivation, enthusiasm and respect needed to sustain a more formalized network of practice is already present.

Reflecting on the experience of facilitating the usability exercise for this particular group of participants, the level of shared motivation there was to contribute to the development of the database prototype was impressive. However, what was truly remarkable about the experience was how much shared enthusiasm there was among participants to come together and address the broader challenges of organizing and interpreting digital rights legal data in such a collaborative manner, where the knowledge and experience of others was both openly exchanged and actively sought after.

There were several significant areas of common agreement on user actions that the platform should support – examples include an enhanced capacity to broadly visualize connections between legal resources within and across datasets (as mentioned above), as well as features allowing users to track the status of draft laws and access their version history to identify key changes. Throughout the event, feedback points offered by different participants frequently dovetailed with one another – when desires for specific capabilities or features were expressed, they were often followed by constructive suggestions for corresponding improvements to the platform’s usability and design.

On the few occasions that disagreements did arise, comments were constructive, respectful and grounded in a desire to listen and learn from each other’s perspectives rather than to refute them. This was evident in one such discussion concerning sweeping changes to legal codes containing a panoply of individual laws, and whether tracking updates to specific digital rights–relevant provisions should be considered a potential feature. Participants nonetheless found the topic worth addressing, keeping the focus on better understanding the issue and then assessing its relevance to the platform.

We were deeply encouraged by how positively and professionally the exchange unfolded over the course of our three hours together, and even more so by how actively and enthusiastically participants transformed discussion into focused collaboration. It was clear that we all shared a common passion for our work, and that there was a willingness to continue our efforts in a more coordinated manner – some of the key ingredients for igniting and sustaining the kind of ongoing interaction and exchange from which vibrant communities of practice are born. Going into the workshop, we were hopeful it might offer a needed opportunity to foment a nascent yet more formalized community of digital rights law and data practice; coming out of it, we are deeply optimistic that this is possible, with the first steps towards doing so taken together with 30 passionate, dedicated and motivated individuals that evening in Geneva.

Beirut-Based Global Cyber-Espionage Campaign a Threat to Local Freedoms

Sat, 2018-01-20 19:50

From the Dark Caracal technical report, revealing the researchers’ observed locations of compromised devices.

A major cyber-espionage campaign — targeting thousands of individuals across 21 countries — is operating out of a Lebanese intelligence agency building, according to a joint report published Thursday by digital rights organization Electronic Frontier Foundation (EFF) and mobile security firm Lookout.

The campaign, dubbed Dark Caracal after a nocturnal and highly secretive wild cat native to the Middle East, has been operating since at least January 2012. Its victims live in Lebanon and in other Arab countries, such as Qatar and Saudi Arabia, but also in the United States, Russia, Germany, and Nepal. Hundreds of gigabytes of data, including legal documents, browsing history, audio recordings, chat logs, and photos have been stolen from a broad range of victims. For security reasons, the researchers do not identify specific targets; they do, however, report that some of the breached data is associated with military personnel, government officials, activists, journalists, academics, and lawyers.

The research reveals that multiple platforms and systems were compromised in six simultaneously run global campaigns, which they traced to one of the General Directorate of General Security (GDGS) buildings in Beirut. At the time of the report’s publication, the servers discovered by the researchers were still operational, lead author Eva Galperin confirmed to SMEX.

During a Higher Defense Council meeting held yesterday, Interior Minister Nohad el-Machnouk did not deny the report’s allegations, but stated the claims were “wholly exaggerated.” The head of GDGS, Maj. Gen. Abbas Ibrahim, echoed the minister by boasting during the same meeting that “we are strong, but we are not that strong.”

“Typical Attacks” on an Unprecedented Global Infrastructure

Lookout has referred to the mobile espionage campaign as one of the “most prolific” ever publicly documented, owing to the campaign’s global reach and prioritization of mobile devices — with Android devices acting as Dark Caracal’s primary vehicle for attack.

At the same time, the tools, tactics, and techniques observed by the researchers indicate that the campaign requires a low level of technical sophistication, relying mainly on social media and spear-phishing attacks. In such attacks, victims receive a malicious message from a fake social media profile or messaging app instructing them to click on a link that requests login information, which when entered, compromises their device or account.

A number of the Android apps acting as decoys replicate secure applications popular with both the privacy-minded political activist and the security-oriented government official.

In this case, users received phishing messages on WhatsApp and through Facebook groups. After receiving a WhatsApp message, the mobile user is directed to download fake Android apps that infect their device with malware. Through Facebook groups, internet users are led to a phishing server via fake Facebook, Twitter, and Google login pages that let the campaign operators steal the victim’s credentials and hijack their account.

From the report, Dark Caracal: Cyber-Espionage at a Global Scale, published on January 18, 2018, by EFF and Lookout, displaying some of the types of content exfiltrated from victims and include SMS messages, audio recordings, images, and contacts.

A number of the Android apps acting as decoys replicate secure applications popular with both the privacy-minded political activist and the security-oriented government official. They include secure messaging app Signal and circumvention tools Orbot (a Tor proxy) and Psiphon. According to Cooper Quintin, a staff technologist at EFF, “all Dark Caracal needed was application permissions that users themselves granted when they downloaded the apps, not realizing that they contained malware.” The malware is able to extract files from compromised devices, but can also upload files onto the mobile and intercept future text messages.  

The cyber-spying campaign also targeted desktop operating systems, which similarly relied on spear-phishing. Links directed victims to download a semi-functional version of a drawing application, a fake but functional version of Psiphon, and Microsoft Word documents. Researchers identified two types of malware associated with these applications and documents: the Bandook RAT and CrossRAT. Bandook malware, discovered by researchers during a previous operation, infects Windows, whereas CrossRAT, a newly discovered desktop surveillance tool, can infect Linux, Windows, and OS X operating systems. 

Although seemingly less prevalent, physical access to a device was another manner in which Android malware was installed. It is yet unclear how the harvested data was used and whether it has been sold on the dark web.

Security researchers were able to detect Dark Caracal after uncovering an espionage campaign, dubbed Operation Manul, carried out by the government of Kazakhstan against journalists and dissidents in 2016. The Lebanon-based campaign was identified because it shares a digital infrastructure with the Kazakh campaign.

The researchers believe that Dark Caracal exposes only a “small fraction of the cyber-espionage that has been conducted using this infrastructure,” suggesting that thousands of other victims have likely fallen prey to the malicious tools and tactics, which can be deployed globally easily and relatively cheaply.

“Deep Insight” Into Victims’ Lives

In some cases, the multi-platform operation would start on desktops and continue on Android devices, allowing the hackers to harvest sensitive and detailed information from their victims. Stolen data found by the researchers was simply left exposed on the open internet. The researchers intercepted WhatsApp, Skype, and Telegram databases, bookmarks, personal messages, regularly captured desktop screenshots, and much  The spying is so intrusive and can be so regular that researchers noted how “disturbingly simple” it is to monitor a targeted individual and capture a full image of how they spend their days.

The impact is not limited to the direct victim of spying, however; it also implicates and jeopardizes anyone they communicate with through a compromised Android device. Almost half a million SMS messages, 150,000 call records, and close to 265,000 files were exfiltrated by the hackers. Devices were infected with a custom Android surveillanceware implant. The implant, dubbed Pallas by Lookout, has the ability to send text messages to any other mobile designated by the attackers with the intent of further spreading the malware.

The spying is so intrusive and can be so regular that researchers noted how “disturbingly simple” it is to monitor a targeted individual and capture a full image of how they spend their days.

Even more troubling is the hackers’ ability to breach in-person conversations and private moments, spying on not only their intended target but also their social entourage. Pallas operators can activate the front and back cameras and the microphone of a device to take pictures and record audio with no risk of detection.

From the Dark Caracal report, published by EFF and Lookout, showing the distribution of data from trojanized Android campaigns.

Blatant Violation of the Right to Privacy

Lebanon’s Eavesdropping Law 140/1999 guarantees the right to secrecy of communications and protects against unwarranted forms of surveillance or interception, except in some cases as prescribed by law. Despite the lack of specific regulations for online activities, the right to privacy over the internet is protected and breaking the confidentiality of communications, including electronic communications, requires a judicial warrant or administrative authorization.

Lebanon, as a party to both the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights, is prohibited under international law from arbitrarily and unlawfully breaching its citizens’ privacy rights. Bassam Khawaja, a researcher at Human Rights Watch, told SMEX that “any law allowing secret surveillance must be sufficiently clear in its terms to give citizens an adequate indication as to the circumstances in which the monitoring may take place.”

Under international human rights law, a government can only use its surveillance powers after establishing limits on the scope, nature, and duration of an operation. Lebanese law also sets limitations to spying and surveillance, limiting, for instance, access to telecommunications data to two months at a time. In practice, however, all internet log files and telecommunications data are collected and stored by the state-run internet service provider and telecom operators for up to two years or more. 

Independent Inquiry Needed

SMEX’s recent reports on the landscape of digital surveillance and data protection in Lebanon document the lack of judicial authorization and oversight mechanisms for surveillance, the recurring use of the counter-terrorism narrative to avoid accountability, and the absence of a strong legal framework to protect personal data. Together, these factors allow internal security agencies to expand their powers and the government to build a mass surveillance state.

The discovery of Dark Caracal underscores the need to address growing threats to our right to privacy and other associated rights, including freedom of speech, press freedoms, and freedom of assembly. It is incumbent on the Lebanese authorities, namely Lebanon’s general prosecutor, to conduct an independent, impartial, and transparent investigation into the cyber-espionage campaign and publicly share their findings. 

Misguiding Multistakeholderism: A Non-Governmental Perspective on the Arab IGF

Wed, 2017-12-20 14:04

This article was written by SMEX’s Jessica Dheere and Asser Khattab and published in the Global Information Society Watch 2017 annual report.

Despite auspicious beginnings, the evolution of the Arab Internet Governance Forum (IGF) over the last six years has left stakeholders around the region deeply skeptical of its future. Not only has the forum had little positive policy impact, but also its commitment to multistakeholderism and other key internet governance principles has been called into question, even by some of its founders. In mid-2016, this sentiment was reflected in an email circulated on a mailing list of internet governance stakeholders in the MENA region. The email bore the subject line “Shall we try to save the Arab IGF?” The author had just heard that there would not be a 2016 forum and wondered whether pressure should be applied to host the event, or “potentially take it over altogether and aiming at hosting a smaller-scale more inclusive Arab IGF.”

Others on the thread – from the academic, civil society and technical communities – responded to the alarm, echoing that a 2016 forum was unlikely and lamenting that the Arab IGF was not keeping pace with other regional forums, such as in Latin America and the Asia-Pacific region, specifically with regard to multistakeholderism. A third respondent suggested hosting an alternative, dialogue-focused multistakeholder event in the absence of a full-fledged forum. Ultimately, the thread closed with a proposal to form a common position so that the group could “speak with one voice on the Arab IGF issue.” While a position was never formalised, the email exchange represents just one of several similarly themed conversations that have taken place in Arab internet governance circles since the end of the forum’s initial four-year mandate, which coincided with the last Arab IGF to date, in December 2015.

Against the backdrop of the so-called Arab Spring in 2011, the depth of the sense of loss and disappointment these conversations expressed can be measured against the heights of enthusiasm felt when the Arab IGF was first launched in Kuwait in 2012. As one of the only regional spaces where people from government, civil society, the private sector, and academic and technical communities could come together on equal ground to discuss, explore and propose internet policy, the forum held great promise. It was viewed by many not just as an opportunity to bring the Arab perspective and culture to global internet governance, but also as a chance to usher in a more open, transparent, participatory model of governance in a region often referenced for its decades-long dictatorships, protracted conflicts, and the repression of human rights.

While some of that promise was realised, questions about the viability of an Arab IGF persist. In our analysis, drawn from primary documents, transcripts, Arab IGF chairpersons’ reports, interviews with key organisers and stakeholders from all sectors, and SMEX’s participation in the forum and other processes, we propose that the Arab IGF has faltered as a result of its design as a lever to develop a unified Arab internet policy agenda, improvised processes, and divergent views of multistakeholderism, all of which gave governments disproportionate control over the forum.

Then, instead of providing a vent for criticism and an opportunity to address the intrinsic flaws, a two-year, top-down evaluation process has exacerbated the feeling among some stakeholders that the forum may never reflect the key internet governance principles of being open and transparent, inclusive, bottom-up, multistakeholder and non-commercial, which initially drew them to the Arab IGF. With the evaluation process complete and a new Arab IGF Charter on the horizon, many are asking not only “What’s next?”, but also whether a regional forum is in fact a means to achieve multistakeholder internet governance in the Arab world.

The full report is accessible in PDF format below. You can read it online or download it.

Download (PDF, 3.3MB)

A Brief History of Personal Data Collection in Lebanon

Mon, 2017-12-18 19:41

 

In December 2017, the Lebanese Ministry of Telecommunications, headed by Minister Jamal Jarrah, started taking steps to mandate biometric registration of prepaid SIM cards, allegedly for security reasons. The proposal to register SIM cards with biometric data was announced without providing a policy assessment to the public, or conducting a threat assessment and mitigation plan with regard to potential breaches. Moreover, the ministry did not address any of the potential negative repercussions that could stem from the creation of a mandatory nationwide registration system, such as placing unreasonable barriers to accessing mobile communication tools. We are also not aware if the ministry considered the human rights issues that could arise from the establishment of a registration system with biometric information.

While the political climate allows the implementation of such projects with little public debate and even less transparency, SMEX is concerned by the Lebanese government’s growing collection of biometrics and other personal data in the absence of a strong legal framework that regulates the collection, processing, and storage of such data. The unique, permanent, and sensitive nature of biometric data renders its collection without any regulations, or safeguards particularly worrisome for privacy and other human rights.

The Lebanese state’s adoption of biometrics started in February 2015 after it awarded Inkript, in conjunction with Gemalto, a contract to convert Lebanese passports to biometric ones. The collection of biometrics since has not been limited to Lebanese citizens. In April 2017, the General Security announced that it will start issuing temporary biometric residence permits for Arab and foreign nationals.

The creation of a biometric system that can identify and verify individuals’ identities and other forms of personal data is occurring alongside the establishment of a mass surveillance apparatus. In our 2016 mapping of the landscape of digital surveillance in Lebanon, we found that a number of security agencies have acquired mass surveillance technologies that allow them to surveil and monitor online communications. In addition, over the past four years, the Lebanese Cabinet has granted a number of security agencies complete access to all telecommunications data.

The Lebanese state has the ability to combine these systems to implement biometric surveillance. Research by the Society on Social Implications of Technology found that the “mere threat of widespread biometric surveillance could interfere with rights beyond privacy, such as the right to political expression or association.”

Beyond the absence of a robust legal framework for the protection of personal data and privacy rights, SMEX is troubled by the political and social implications of a surveillance infrastructure that allows those with legal or illegal access to it to detect, monitor, and track virtually anyone in the country — from following them from their point of entry into the country, tracking them on the street through license plate recognition software, to cataloging their internet browsing and consumption habits, and accessing their telecommunications data.

As the Electronic Transactions and Personal Data Protection draft law is currently under review by a subcommittee formed by the joint parliamentary committees, we urge respect for the rights to privacy, association, and expression, and ask the parliament to take into account international guidelines and best practices on data protection.

Lebanon IGF Advisory Committee Hosts Pre-Launch Event at AUB

Tue, 2017-12-12 17:23

Left to right: Jessica Dheere, Roula Mikhael, Dr. Charbel Chbeir, and Layal Bahnam discuss digital rights and responsibilities during the Lebanon IGF pre-launch event, “A Step Towards Achieving Sustainable Goals,” Friday, December 8, 2017. (Lebanon IGF)

On Friday, December 8, the multistakeholder advisory committee of the Lebanon Internet Governance Forum (LIGF) held a pre-launch event titled the “Lebanese Forum on Internet Governance: A Step Towards Achieving Sustainable Goals,” ahead of the 2018 LIGF.

Representatives from the public and private sectors, academia, and civil society organizations, including SMEX, convened at the American University of Beirut (AUB) to discuss the state of digital rights, cybersecurity, and how internet technologies can spur development in Lebanon.

Dr. Yousif Asfour, the chief information officer at AUB, delivered the opening remarks. Bassel al-Ayoubi, chair of the LIGF and the director general of operations and maintenance at the Ministry of Telecommunications, traced the formation of the broader IGF. To kick off the first panel, “Digital Rights and Responsibilities,”Jessica Dheere, the co-director of SMEX, explained that we should be concerned with “policies that have repercussions on three key rights: free expression, assembly and association, and the right to privacy.” Dr. Charbel Chbeir, member of the IT Committee and New Technologies at the Beirut Bar Association, which is currently studying a draft personal data protection law, agreed that access to information is important, but expressed concern that “we have no law that manages this information.”

During the second panel, “Internet for Development,” members of the public and private sectors detailed how they are using emerging internet technologies to foster development in Lebanon. Dr. Asfour presented the collaborative technologies AUB is currently working on, including online courses and a tool for doctors from different countries to share their research. Georges Awad, the Project Officer for Communication and Information at UNESCO, listed a number of ways UNESCO is using the internet to help youth develop their skills.

Chief operating officer of the technology company Data Consult, Marc Nader, discussed the Beit Misk project, a smart city tracking data about the environment and residents’ habits, and how Facebook Messenger is used to “optimize” life in the city. Data Consult developed this smart city in collaboration with Lebanese telecom operator OGERO and other members of the LIGF. Members of the audience asked Nader about the company’s data protection measures, to which he responded by saying the data will not be used for any other than its intended purpose.

National E-health Program Director Lina Abou Mrad presented on the Ministry of Public Health’s ongoing technology-centered initiatives, including an upcoming pilot program for the national drugs barcode program that will allow the ministry to track drugs and other goods. Mrad elaborated on the challenges the ministry is facing in monitoring the success of similar programs, namely due to its limited resources. She also spoke of the ministry’s inability to make collected data publicly accessible until legal reforms are enacted.

This tension between the rapid development and adoption of new technologies and the relatively slow reforms to the law and to internet policies is one of the many reasons that led to the establishment of this forum. The LIGF advisory committee announced the launch of the LIGF website during the event and is planning to hold the first forum in mid-2018 to discuss these and other internet-related issues.

Internet Shutdown in Yemen: Recurring Disruptions Threaten Civilian Safety, Human Rights, and Press Freedom

Fri, 2017-12-08 13:04

Image circulated on social media depicting YemenNet, the country’s sole ISP, as slow as a turtle. December 4, 2012.

On Thursday night, the Houthis, the northern Yemen-based insurgent group in control of most of Sana’a since 2015, completely shut down the internet for close to 30 minutes. Earlier in the day, the group took measures to disrupt and limit access to the internet for the second time in one week. These measures violate the Yemeni people’s fundamental rights to freedom of expression and access to information. The recurring disruption of the internet makes it difficult for civilians to communicate with others and jeopardizes the fragile state of press freedom in Yemen, where a bloody conflict has raged since 2014.

The Houthi-controlled Ministry of Communications and Information Technology has a history of tightening its control over the internet. When the Houthis took over the ministry in 2015, they filtered various news sites and in April, the group temporarily shut down the internet in Aden. The Houthis repeated this tactic last night, as YemenNet, the Ministry of Communications-controlled internet service provider (ISP) — the sole ISP in the country — shut down internet across the country for around half an hour between 10 p.m. and 11 p.m. UTC+3. Earlier in the week, the Houthis targeted news sites, mainly those affiliated with the General People’s Congress (GPC), the party of slain former President Ali Abdullah Saleh, such as Khabar News Site, according to Fahmi Albaheth, the President of the Internet Society Yemen Chapter (ISOC-Yemen) who currently resides in Aden.

Before Thursday’s shutdown, the Houthis had also been throttling, or intentionally slowing, internet speeds across the country, according to several online sources who complained that the internet has been particularly slow. Walid al-Saqaf, co-founder and chairman ISOC-Yemen, told SMEX that YemenNet regularly throttles the internet and that this practice continued during these two disruptions.

Border Gateway Protocol (BGP) Data depicts the outage of the internet in Yemen on the night of Thursday, December 7.

Prior to the shutdown, internet users were unable to reach the social media platforms and communication tools they rely on to access information and connect to each other after YemenNet blocked Facebook, Telegram, Twitter, and WhatsApp. Though the disruptions on Saturday and Thursday mark the most targeted attacks against social media, the Houthis had previously blocked Telegram and used a bandwidth control filter on Facebook, preventing multimedia content from loading. Regarding the timing of the disruptions, al-Saqaf said the decision to limit access on Thursday could be related to the mass dissemination of videos depicting atrocities committed by Houthi forces. The first restriction to the internet took place on December 2, three days after violent clashes erupted in Sana’a between the Houthis and forces loyal to Saleh, a former Houthi ally-turned-foe killed by the Houthis on December 4.

Several Yemenis who spoke to SMEX relayed their inability to access social media sites without a Virtual Private Network (VPN), which enables users to bypass internet filtering and other access restrictions. However, the throttling of the internet prevents internet users from downloading VPNs from application stores, such as Google Play, which is critical because YemenNet has also blocked many VPN download pages. Yemenis who already have Tor, a free browser that allows internet users to conceal their location and browse the web anonymously, can bypass blocked websites. Al-Saqaf noted that Yemenis mainly use Psiphon, another open-source internet circumvention tool, but that most of these tools might only be available to those who downloaded them before the internet access restrictions started. However, Signal, a free and secure messaging app, is working well according to journalist Hafez al-Bukari.

Deteriorating State of Press Freedom

The blocking of news sites and social media platforms comes amidst renewed attacks on journalists. On Saturday, the Houthis fired rocket-propelled grenades at Saleh-aligned television channel Yemen Today and detained 41 journalists and media workers. In October, the Ministry of Communications outlawed the unlicensed practice of online journalism, which not only hinders reporting on the ongoing war by local journalists but also restricts activists from publishing content on public social media pages.

The climate of hostility towards journalists in Yemen predates the emergence of the Houthis. Before the rebel group took control of Sana’a, foreign journalists were routinely expelled from the country for challenging the government’s official version of events. In August 2017, the Saudi-led coalition imposed a series of cumbersome, costly, and dangerous procedures to prevent journalists from entering Yemen to report on the coalition’s deadly blockade and bombings campaigns. The new measures have made it nearly impossible for foreign journalists to report on the humanitarian crisis unfolding in Yemen.  

The Houthis willful disruption of the internet will make it significantly more difficult for Yemeni journalists to send their dispatches from the ground to the rest of the world. Prolonged and complete shutdowns of the internet will also pose a grave threat to the safety of Yemeni civilians who at any moment can be deprived of their communication tools, which are essential to their ability to receive and share information and contact emergency services in a time of war.

Editor’s Note: Internet users in Yemen who are unable to download the Tor browser can send a request to get Tor by email. Requests can be sent to [email protected] with a note specifying the required operating system. Visit https://gettor.torproject.org for more information.

#GenderTech Confronts Gender-Based Violence in MENA

Wed, 2017-12-06 12:28

Is the internet providing more space for women to liberate themselves, or expanding the space for gender-based violence? To mark the international “16 Days of Activism Against Gender-Based Violence” campaign, Oxfam, in collaboration with SMEX and the Knowledge Workshop, a Beirut-based ongoing workshop for (re)searching and gathering women’s stories, organized “Gender Tech,” a two-day event held in Beirut to discuss women’s engagement in online spaces and their right to access them safely.

Arab feminists discuss how to counter online violence. November 24, 2017, Beirut, Lebanon. (Oxfam/The Media Booth)

Over 100 feminists, techies, and civil society actors from across the Middle East and North Africa (MENA) came together to tackle online harassment and abuse, faced by almost a quarter of women around the world. In a lively panel on ways to counter online violence, speakers elaborated on the threats women face online, which range from stalking and rape threats, to creating fake profiles to damage one’s reputation, and revenge postings of intimate photos or conversations. These sorts of attacks, said Esraa Fahead, executive director of Horeya for Human Rights Organization in Port Said, can and have led women to commit suicide. The response, Lebanese political activist Diala Haidar offered, is to create and support feminist platforms that are not controlled and monitored by corporations or governments. Haidar added that women must also have a say in internet policies that regulate and impact their experiences online.

Shaping the structure of the internet is one part of the solution while taking ownership of its content is another. Farah Barkawi, a journalist working on a new project called Wikigender, said preserving and disseminating feminist ideas is “a type of resistance.” Other speakers agreed that expanding the volume and scope of Arabic-language feminist content online is essential to facing gender inequality. The understanding that documentation and archiving is an act of resistance was brought up again by archivist Hana Sleiman during her workshop on feminist archiving and oral history. Indexing and cataloging archival material is an important component of preserving collective memories for future generations, Sleiman contends.

From archiving to translating, speakers and participants were in agreement that content published online must be accessible to all while challenging patriarchal notions, maintaining Arabic grammatical and linguistic conventions, and localizing concepts. During a workshop on a newly translated version of APC’s Feminist Principles of the Internet, participants engaged in interesting debates on the transliteration of newly coined terms and expressions, translation of gender terminology, and use of academic jargon. While there was little consensus by the end of the session on how to best translate the feminist principles, Sara Abu Ghazal, co-director of the Knowledge Workshop, spoke of the significance of having such open conversations. “It is important for all of us to sit and produce knowledge collectively … to have peer reviews from our friends,” Abu Ghazal noted.

But where should this knowledge be published? Corporate control of the internet and the narrowing of digital spaces came up repeatedly during the event. How can feminists organize on profit-driven platforms that have a history of undermining and censoring critical or controversial voices. Lebanese activist Nadine Moawad said that Facebook and Google pretend to be friends to their users, particularly vulnerable ones, while these companies “actually hold their users hostage.” Moawad said that while there is a need to create safe social media platforms, there is value in fostering connections outside of social media. Tara Tarakiyee, a program manager at the Open Technology Fund, warned that once big companies completely “control the infrastructure of the internet, there might be no going back,”  and advocated for the use of decentralized open-source social networks. Migrating to platforms like Mastodon, an alternative to Twitter, allows users to gain control of their online communities and establish rules that could create harassment-free digital spaces.

On the second day of “Gender Tech,” participants went from discussing alternatives to designing them. During a day-long hackathon led by Humanity X, a Netherlands-based support team that helps develop technology for social good, participants envisioned several solutions to gender-based violence. The proposals include “Smart Stands” in schools, which would provide educational resources to students and teachers; an app that tracks and reports on online harassment in real time; and awareness-building tech-driven campaigns to fill data gaps and assist those most impacted by violence.

#FreeMustafaSbeity: With the Detention of Lebanese Poet, Authorities Show Lack of Grace

Thu, 2017-11-30 15:45

Update on December 13, 2017: After 15 days of detention, poet Mustafa Sbeity was released on Tuesday, December 12, 2017, after paying a bail of 500000 L.L. (around $333), according to Annahar. However, the public prosecutor did not drop the charges against Sbeity and his case remains open.

Photo provided by the family of Mustafa Sbeity

On Monday, the Internal Security Forces’ Intelligence Unit arrested local poet Ahmad ‘Mustafa’ Sbeity for his Facebook musings about having relations with the Virgin Mary, sparking another round of challenges to free expression in Lebanon.

The 65-year-old Sbeity, who lives in Kfar Sir near Nabatieh, wrote on his Facebook page, “I am sad. Why has god not asked me to sleep with the Virgin Mary to give birth to Jesus Christ??!!” The post elicited a negative reaction; people shared screenshots of the post, claiming that it incited sectarianism. State Prosecutor, Judge Samir Hammoud, told the National News Agency that Sbeity was being detained on the basis of insulting the Virgin Mary and that he is being interrogated.

Responding to criticism, Sbeity initially wrote that his account had been hacked and that he did not have anything to do with the post. During the interrogation, however, he admitted to writing the post in a moment of “temper and drunkenness.”

Several political news websites seized the opportunity to condemn the content of his post and urged the government to take action against him. The official website of the Lebanese Forces party featured an article with the accusatory headline “Mustafa Sbeity Offends the Virgin… and he is guilty until proven otherwise” and demanded immediate intervention from the authorities. Lebanon Debate, a website known for its sensationalism, called Sbeity’s post “disgusting” in a press release.

Selective amplification of social media posts and biased coverage has become a hallmark of Lebanese broadcast and online media reports on free expression cases over the past year and raise questions about the influence of such coverage on legal proceedings. Sbeity’s lawyer, Chawki Chreim, expressed concern that “judges become extra cautious about releasing the detainees when their cases are circulating on the media. I think that had the media and social media not been amplifying the case, they might have been able to release him after the investigation.” Chreim is also a representative of the Syndicate of Lawyers in Nabatieh. 

Such media coverage may also lead the authorities to take disproportionate measures, such as imprisonment. According to George Ghali, executive director of ALEF, a Lebanese human rights organization that works on the prevention of arbitrary detention, “Sbeity should not be in detention because he does not pose a danger to the community.” After visiting Sbeity on Thursday, Lorca Sbeity, his daughter, told SMEX that, “The prison’s condition is very bad. There are 15 to 20 people in a small cell.”

The harassment and detention of social media users who have challenged religious and political norms is not new. Over the last 12 months, SMEX has recorded nine arrests of people in Lebanon who expressed critical opinions on social media. In 2014, the ISF arrested Ali Itawi in Dahieh for posting a picture of himself kissing a statue of the Virgin Mary. Itawi first posted the picture in 2011, but it only became controversial three years later, when he made the picture his Facebook cover photo. An uproar ensued in the media that prompted then-president Michel Suleiman to weigh in and encourage the authorities to do something.

Chreim informed SMEX that the Public Prosecutor’s office in Nabatieh detained Sbeity on the basis of articles 474 and 317 of the penal code. Article 474, which the authorities used to detain Itawi, stipulates that anyone who defames religious rituals or encourages the defamation of religious rituals should serve between six months and three years in prison. Article 317 pertains to sectarianism, sentencing those who encourage sectarianism in their writing, speeches or work to between one and three years in prison and a fine of between 100,000 and 800,000 L.L. (between $66.66 and $533.33). The news station MTV Lebanon has also speculated that Sbeity could be charged under Article 473 of the Penal Code, an anti-blasphemy article. Article 473 states: “whoever blasphemes the name of God publicly is punished with imprisonment from one month to one year.” 

Such a prosecution would put Lebanon squarely out of step with global norms on religious speech. Ahmed Shaheed, the UN Special Rapporteur on freedom of religion or belief, recently wrote that only 70 countries in the world have anti-blasphemy laws and 25 percent of them are in the Middle East and North Africa. He stresses that although governments often assert that anti-blasphemy laws prevent hate speech, these laws “are generally focused on the degree to which speech causes offence or outrage to religious sentiments, and not the extent to which that speech undermines the safety and equality of individuals holding those religious views.” In addition, rather than protecting religious minorities, they often “facilitate the persecution of members of religious minority groups, dissenters, atheists and non-theists,” Shaheed writes. Hasan Chami, vice president of the Secular Club at the American University of Beirut, agrees. The existence of Article 473 in this day and age is unacceptable, he says, warning that “vague terms used in such articles can be interpreted to prosecute people who express their personal views online.”

Perhaps Sbeity violated the Penal Code, but Article 474 has not been updated since 1954, and as an artefact of another time, it enables the Lebanese government to prosecute anyone who poses a challenge to prevailing religious and sectarian norms. Moreover, the use of Article 317 creates a dangerous environment for expression that effectively prevents people from one sect from using social media to critique, discuss, or challenge the religious practices and beliefs of people from another sect. Sbeity’s post clearly neither constitutes hate speech nor incites violence against Christians in Lebanon.

“Our problem in Lebanon,” said Chreim, “is that we want to mute the opinions that are not the same as ours and we want to destroy the people who hold those opinions regardless of their circumstances.”

 

MENA Internet Freedom Roundup: October 2017

Thu, 2017-11-16 19:14

On November 6, 2017, Donald Trump tweeted his support for the Saudi King. Pro-Saudi bots amplified it across the Twittersphere.

 

From the Kingdom of Saudi Arabia’s attempt to criminalize online speech to its development of advanced facial recognition technology, we ask, are critical views able to be expressed in the kingdom during its current internal power struggle?

In this month’s roundup of the latest digital rights-related news from the region, we follow up on the disturbing continued use of predictive policing algorithms to constantly monitor and surveil Palestinians living under Israeli occupation. We also look at ongoing restrictions and limitations to information published online in Egypt and Algeria and the serious threat to journalism in Yemen. However, awareness-raising campaigns such as the Egyptian #WeNeedToTalk on Twitter display how internet users are pushing back against human rights violations, online and offline.

In our progress report, we highlight Kuwait’s recent defense of the right to privacy, a major decision that guarantees the right to personal liberty.  

Is Free Speech Online Possible During Saudi Arabia’s Shakeup?

Given the current political situation in Saudi Arabia and Crown Prince Mohammad bin Salman’s attempts to consolidate power, we are concerned that new and existing laws and technologies could be used to silence dissent expressed in the kingdom. The recent arrests of high profile princes and the detention of Lebanese Prime Minister Saad Hariri follow a crackdown on free speech online, the announcement of a new and potentially dangerous algorithm, and the re-emergence of pro-Saudi bots on Twitter.

Though the recent arrests gained major international headlines, the authorities had already been stifling dissent within the Kingdom. In October, Saudi State Security arrested 22 people, including one Qatari national, for “circulating video clips on social media.” The authorities claimed these videos obstructed public order and violated the Information Crimes Law. Earlier in the month, the Interior Ministry arrested 24 people in Hail, a northwestern province, for “exploiting social networking sites to promote lies and exaggerations.” The Saudi Shura Council also revealed a plan to amend the Information Crimes Law to criminalize online content considered offensive to state or religious officials. Anyone who violates this law could face up to five years in prison and a fine of up to three million Saudi riyals.

The development of a new algorithm could also be used to persecute those who criticize the policies of the king and crown prince. Last month, the Interior Ministry announced that it was developing an “advanced facial recognition technology” to identify criminals, which the authorities could use to identify people who are protesting against any of the recent policies.

Beyond just preventing dissent, pro-Saudi bots on Twitter try to obscure the magnitude of the dissent as well. Marc Jones, a researcher at the Institute of Arabic and Islamic Studies at the University of Exeter, recently found that pro-Saudi bots boosted the number of retweets of Donald Trump’s recent tweet praising the efforts of the Crown Prince and King Salman. This is not the first time bots have supported Saudi interests on Twitter; previously, Jones scrutinized the Twitter discourse regarding Saudi Arabia’s blockade of Qatar and concluded that 20 percent of the accounts using #AlJazeeraInsultsKingSalman, which became popular after al-Jazeera posted a cartoon mocking King Salman’s role in the Qatar crisis, were also bots. With Saad Hariri’s resignation announcement and detention inside Saudi Arabia, pro-Saudi bots could hijack nascent hashtags such as #LebaneseAgainstHizballah (#لبنانيون_ضد_حزبالله) and #TheDeportationOfTheLebaneseisANationalDemand (#ترحيل_اللبنانيين_مطلب_وطني), to make it seem like the Saudi narrative is dominating the Twittersphere.

Israel’s Predictive Policing: A Real Threat to Palestinians

Last month, the Israeli police arrested a Palestinian man for posting a picture of himself on Facebook with a caption that read “good morning,” after Facebook translated it into Hebrew as “attack them.” Although Facebook apologized for its incorrect translation, this incident raises serious questions around the use of translation systems powered solely by artificial intelligence.

How the man’s post was brought to the attention of the authorities, however, is part of an even more disturbing trend, as Al-Shabaka’s Nadim Nashif explains in a brief on Israel’s use of predictive policing algorithm, which monitors words like shaheed (martyr), Zionist state, Al-Quds (Jerusalem), and Al Aqsa. By constantly surveilling Palestinians’ online activity and arresting individuals matching profiles built to resemble those of alleged Palestinian attackers, Israel has widely expanded a dangerous surveillance environment that infringes on the digital rights of Palestinians.

The Palestinian Authority has also used similar surveillance tactics. Mohamad Alhaj, a photojournalist living in Jordan, details ways in which the PA tried to recruit him as an informant. After he rejected the PA’s offer, PA intelligence detained him because of a post he shared in a Facebook group he runs. In September, the intelligence officers demanded his passwords, which he refused to give up, and threatened to use the recently adopted Electronic Crimes Law against him. The law has been widely rejected by Palestinian civil society, as reported by SMEX contributor Mona Shtayya earlier this month.

Lebanon Grants Security Agencies Access to Personal Data … Again

The Lebanese government recently renewed its decision to grant all security agencies, including the General Security, the Internal Security Forces (ISF), and State Security, access to telecommunications data for a period of four months. This agreement, between the government and the security agencies, has been in effect since 2012, after an attempt on the life of the former head of the information branch of the ISF. The government has been granting the security services access to the data for six months to a year, but ministers from the Free Patriotic Movement and Hezbollah argued against such unhindered access to all security agencies. Ultimately, the agencies were given access for only four months.

Algerian Media Outlets Request the Lift of the Blockage of Tout sur l’Algerie

Editors of 16 Algerian digital media outlets issued a call to unblock the website Tout sur l’Algérie (TSA), which has been inaccessible on Algérie Télécom and its subsidiary, Mobilis, since October 5, 2017. The director of TSA suspects that the government ordered the block, but the prime minister denied the allegation, saying the website administrators should address the telecommunications operators, despite the fact that the state owns Algérie Télécom.

The Effects of Website Blocking in Egypt

On October 3, Egypt blocked OpenVPN, an open-source tool that Egyptians had used to circumvent government blocking of an estimated 432 websites, including Al Jazeera, the Qatari-funded news network, and Mada Masr, an independent Egyptian publication, between May and September. In response to the censorship of these websites, internet users in Egypt shared Facebook posts and Google Drive links “critical of human rights practices in Egypt” because it is more difficult for the government to censor these URLs. Germany took note of Egypt’s actions; on October 19, German police cancelled a cyber training intended to teach Egyptian security officials how to monitor “websites that encourage extremist thought,” because they feared Egypt would use these methods to persecute innocent people.

Houthis Introduce “Emergency Law”

The Houthis, who have controlled the Yemeni capital of Sanaa since 2014, issued a law that restricts free expression online in Yemen on August 23. The law, enacted by the Houthi-controlled Ministry of Information, requires everyone who wants to practice digital journalism to obtain permission from the ministry beforehand. “Digital journalism” encompasses any content published online, which means the Houthis could censor social media posts as well. The Houthis have also detained 15 journalists, according to a report published by the Association of Yemeni Journalists in October.

Editor’s Pick: We’re Building a Dystopia Just to Make People Click on Ads – Zeynep Tufekci

In this TED Talk, Zeynep Tufekci, a sociology professor at the University of North Carolina School of Information and Library Science and the author of Twitter and Teargas: The Power and Fragility of Networked Protests, speaks about the dangers that algorithms pose to society. While many people still expect dangerous surveillance tactics to resemble “big brother” from George Orwell’s 1984, Zeynep clarifies that these tactics exist and they are far more subtle. She explains that companies like Facebook and Google have already created persuasion architectures, or algorithms that encourage certain behaviors based on data about our vulnerabilities, to influence our social and political decisions. She warns that these algorithms, created to get people to click on advertisements, have led to the emergence a “surveillance authoritarianism” and argues that we need to create a digital economy “constrained by our human values.”

Egyptians Use #WeNeedtoTalk to Raise Awareness About Human Rights Abuses on Twitter

The Egyptian government attempted to spread the #WeNeedToTalk hashtag in an effort to boost the profile of the November World Youth Forum in Sharm el-Sheikh, Egypt, but online activists quickly took over the hashtag to highlight the human rights violations of the Egyptian regime. Activists used the hashtag to raise awareness about unjust imprisonments, torture, forced disappearances, and other issues plaguing Egypt.

Banque du Liban Announces Plan to Launch Cryptocurrency

Banque du Liban, the central bank of Lebanon, which bans the use of Bitcoin and other international cryptocurrencies, is now considering the launch of its own digital currency.  According to Riad Salameh, the governor of BDL, existing cryptocurrencies “are not currencies but rather a commodity whose prices rise and fall without any justification.” He added that BDL, “[understands] that electronic currency will play a prominent role in the future,” but it first has to “develop [a] protection system from cybercrime.”

Progress Report: Kuwait Ruling Defends Right to Privacy

The Constitutional Court of Kuwait overturned the country’s 2015 counterterror DNA law, under which the authorities collected DNA samples from citizens, residents and visitors. The decision to strike down the law came after the court found that it violated articles 30 and 31 of the Kuwaiti constitution, which guarantee the right to “personal liberty” and the protection against unlawful searches, respectively.

Have we missed important news in your country that you would like us to highlight next month? Is there a developing story that’s under-reported where you live? To share story ideas, newsworthy happenings, or critical legislative changes, drop us a line at [email protected]

Feminist Editathon Rewrites Women’s Role in History on Wikipedia

Wed, 2017-11-15 16:20

Women’s innumerable contributions to society have long been sidelined. In a move to document and make these achievements accessible to all, SMEX partnered with the Knowledge Workshop, Radical, and independent feminists to host an editathon, a collective editing workshop of Wikipedia. The event provided a safe space for women to create new pages in Arabic, expand and enrich existing pages, and translate pages into Arabic.

The workshop, titled “Women Edit Wikipedia: Training and Editathon,” was held in “Masaha: A Space for Digital Freedoms and Open Culture” at SMEX’s office in Badaro on Saturday, November 4, 2017. It was the first women-only event of its kind to be held in Lebanon independently of Wikipedia.

Women Edit Wikipedia: Training and Group Workshop (Editathon) at Masaha, Beirut, Lebanon. Saturday, November 4, 2017.

The event had two focuses: a technical approach to integrate women into the technological world and a content-oriented approach to enhance their ability to use Wikipedia to preserve women’s legacies and record their achievements for present and future generations.

Above all, the primary motivation behind the editathon was the unequal representation of knowledge produced by women. In the English version of Wikipedia, women account for only 17 percent of all available biographies and  account for only 13 percent of Wikipedia editors. In the Arabic version of Wikipedia, which has significantly less content than the English version relative to the size of the Arabic-speaking population, women are even less present. Even when they are represented on Wikipedia, women’s biographies are defined by their relationships to their spouses or other male family members, as opposed to their own contributions, according to Lara Bitar, SMEX’s editorial director.

Following Bitar’s opening remarks about the workshop’s goals, Emna Mizouni, a Wikimedia Tunisia activist and co-organizer of the first WikiArabia Conference in 2015, explained the work of the Wikimedia movement. Mizouni discussed the huge gap in the number of men and women in the movement, urging women to engage more in these initiatives, given the importance of safeguarding women’s achievements and knowledge for future generations.

Activist Nadine Moawad then explained the five pillars of Wikipedia: Wikipedia is an encyclopedia, Wikipedia is written from a neutral point of view, Wikipedia is free content, Wikipedia editors should treat each other with respect and civility, and Wikipedia has no firm rules. For her part, Deema Keadbey, co-founder of the Knowledge Workshop, overviewed the types of preferred sources, how to find and use them in the written texts, and the types of sources that can be cited. Writing in Wikipedia, despite its ease, requires a lot of precision in finding information and exploring sources that are credible and objective, explained Keadbey.

At the training session focusing on the creation of new pages, the names of several prominent Arab women who are not on Wikipedia were proposed. The figures included the former president of the Lebanese Women Democratic Gathering, the late activist Haddad Shakhtoura, journalist Nazih Sa’id, the late politician Zulfa Shamoun, researcher Azza Baydoun, and others. Participants in the session then, using their newly created accounts on Wikipedia, researched information on the women they selected.

This experience generated positive feedback from participants who quickly learned how to write articles on Wikipedia and had the opportunity to learn about women who share their interest in feminism and women’s issues. Together, they hope to be able to counteract the male-dominated content on Wikipedia. During the event, 14 new pages were created, including pages for Jean Said Makdisi, and the Gathering of Lebanese Woman Researchers, and the translation of the biography of Kimberlé Williams Crenshaw, American civil rights advocate and leading scholar in critical race theory. By the end of the event, 20 new editors were trained to edit properly Wikipedia pages and 3,700 words were added to the encyclopedia.

This workshop will not be the last, as collective editing workshops will be held on a variety of topics in the coming months, in an effort to promote open knowledge.

Enhancing women’s presence on Wikipedia is an extremely important issue. “I believe it is absolutely essential that we do our homework, and work hard on the history of Arab women … To know our past better is to understand ourselves better, and to plan for the future better. I hope young feminist scholars and writers will take our movements in this direction,” Jean Said Makdisi told the Knowledge Workshop during a talk earlier this year.

Reported by Sara Obaid and Samaya Jaber from the editorial team of CheckCon, a group of students from the Lebanese University – Faculty of Information working to form a mobile editing room covering conferences and events on various humanitarian, social, media and digital issues in Lebanon and the Arab region.

This article was translated from Arabic by Karim Traboulsi.

Hacklab 5: Freedom of Expression Online

Mon, 2017-11-06 15:19

In our fifth hacklab of “Abtal el-fada’ el-raqmi” (أبطال الفضاء الرقمي), we hosted a discussion on freedom of expression online, the threats it faces, and ways to protect it. We then interviewed our digital heroes to produce a video tackling local laws and practices regulating expression online.