For several years now, privacy advocates in the Middle East and North Africa have grappled with the impact of targeted surveillance technologies on various communities in their countries. These tools, sold by unscrupulous European companies to some of the world’s least democratic governments, have been increasingly used to spy on activists, often without any legal mandate.
This summer’s Hacking Team leaks confirmed the extent to which the spyware industry has spiraled out of control. Often signed by the company’s CEO with fascist-era slogans, emails between the company and its government purchasers show that the company’s previous claims—that they don’t sell to repressive regimes—were bald faced lies.
While the University of Toronto’s Citizen Lab had previously unearthed the sale of Hacking Team tools to some countries in the region, the leaks showed that the company’s reach is farther than previously imagined: Lebanon, Tunisia, Morocco, Egypt, Oman, Bahrain, Iraq, Saudi Arabia, Sudan, and the United Arab Emirates have all emerged as clients of Hacking Team at one time or another.
Reactions from across the region vary from anger to utter rage. In a piece entitled, “Hacking Team: The company that spied on you during the revolution!” [fr], Tunisian group Nawaat shows that the Tunisian government started off with a 45-day contract during September of 2010, which Hacking Team tried to extend through 2011 after witnessing the first embers of the uprising in December.
Egyptian publication Mada Masr illustrated how, in Egypt, well-known companies often act as mediators between the Egyptian government and foreign surveillance firms. They note that, despite excellent reporting from Citizen Lab on the Egyptian government’s use of Hacking Team’s tools, the leaks provide the legal proof privacy advocates have been waiting for.
The news from Lebanon is perhaps among the most surprising: the leaks showed that not one but four Lebanese government agencies contacted Hacking Team in the hopes of purchasing their products. While only the Lebanese Army made a purchase, the Interior Security Forces (ISF), General Security and the Cybercrime Bureau were all in contact with the Italian company at one point or another. According to Lebanese journalist Habib Battah, some bloggers who have been arrested claimed that police agents tricked them into giving up information by sending malware to their computers.
Privacy advocates in the region are now working to mobilize and determine their next steps, now that the leaks have given them the evidence they need to fight back against targeted surveillance from their governments. In a statement expressing concern over the use of spyware, the Bahrain Center for Human Rights notes that Bahrain is known to torture individuals who have been arrested for their online speech. Despite knowledge of that, Hacking Team saw an opportunity in Bahrain, eventually selling its RCS tool to the country for more than 200,000 EUR.
And in Morocco, where Hacking Team’s presence was already suspected, opposition to the use of spyware has become more high-profile, with popular magazine TelQuel publishing a series of responses to the leak (in French). The leaks made the highly secretive surveillance industry a bit more transparent. Now, human rights defenders in the Middle East and North Africa can get to work holding Hacking Team's clients in the region accountable.