Photo: Wikimedia Commons

Global tech and domestic tactics: Egypt’s multifaceted regime of information controls

01/31/2020 . By Joey Shea

Egyptian security agencies have effectively combined sophisticated technology purchased internationally with their own home-grown surveillance and censorship tactics to produce a pervasive, multidisciplinary regime of information control.

This unique combination of technologies and techniques pulls the country’s cyber norms towards the cyber sovereignty pole of cybersecurity governance, while simultaneously demonstrating Egypt’s contradictory relationship with the other end of the spectrum, the multistakeholderism model. Mass censorship of websites, enabled by advanced deep-packet-inspection technology sourced from a Western company, is reinforced by arrest campaigns that target digital expression. The interaction between these censorship and surveillance tactics also demonstrates how new globally proliferated technologies are adapted within the framework of existing local practices.

Internet censorship on a mass scale began in Egypt in 2017, when 21 websites were blocked in a single day; today, more than 500 domains are inaccessible from within the country. While the importance of documenting censored websites cannot be overstated, it is equally crucial to take note of which websites remain accessible. Two major political events in 2019 illustrate this.

During the constitutional referendum in April, an online opposition campaign calling itself “Batel” appeared to counter the regime’s message and encourage Egyptians to vote “no” to the amendments. Batel’s website was immediately blocked and, over the course of the referendum period, more than ten “mirrors” (websites with different domain names designed to circumvent state censorship) were also blocked. Egyptian security authorities even collaterally blocked an additional 34,000 other domains which were hosted on a shared IP address that Batel used for its mirrored websites.

Batel also created Facebook, Twitter, and Telegram pages that were responsible for the majority of the campaign’s engagement. And yet, despite the tenaciousness with which the state pursued Batel’s main website, these social media platforms never exhibited evidence of interference during the referendum period.

Similar redlines were observed during Egypt’s protests in September. Amid the regime’s crackdown, internet monitoring organizations reported that BBC Arabic and the U.S. government-funded Arabic language news website Alhurra were both blocked due to unfavorable coverage of the protests. Twitter and Facebook Messenger experienced intermittent unavailability, but were never completely blocked.

Mohamed Ali, the military contractor who encouraged September’s protests, and his now infamous videos, reached a massive domestic audience because he relied on platforms with unparalleled usership and influence. And although every anti-regime campaign utilizes these same platforms—Facebook, Twitter, and YouTube—the Egyptian government continues to allow their accessibility inside the country. There is neither an ideological aversion to censorship nor technological constraints, and yet Egyptian security agencies consistently stop short of fully blocking the most ubiquitous social media platforms.

These platforms are simply too politically and economically expensive for the regime to censor indefinitely. Indeed, the government itself relies on them for its own propaganda, disinformation, and surveillance tactics. Moreover, this censorship redline reflects Egypt’s mixed position vis-à-vis international cybersecurity norms. James Shires first argued that Egypt occupies a middle ground within the bipolar cybersecurity governance spectrum, exhibiting practices, laws, institutions, and technologies congruent with the cyber sovereignty model, while also maintaining close cybersecurity cooperation with states firmly within the multistakeholderism camp.

The mass censorship of websites and legalization of these information controls places Egypt squarely within the Chinese model of cyber sovereignty, whereby the state exerts strong national control over the internet. State-owned Telecom Egypt has the largest share of ADSL services, controlling 75 percent of that market. In the mobile phone market, Vodafone Egypt has the largest share at 40.5 percent. However, Telecom Egypt has a 45 percent share in the company, creating a deeply centralized internet market in Egypt. Decree 242, passed in early 2019, placed all telecommunications infrastructure under the ownership of the National Service Projects Organization, an organization run by the Ministry of Defense.

Additionally, the Egyptian state has attempted to produce its own national platforms and content, although these efforts have had limited success. In 2018, the Egyptian Minister of Communications and Information Technology, Yasser al-Qadi, announced a new nationally owned and controlled Egyptian social networking site intended to rival Facebook in Egypt. Two weeks later, “Egyptface” was launched. The project appears to have been discontinued, as few Egyptians are aware of the platform and, at the time of writing, the project’s domain is not accessible.

And yet, Egypt’s extensive links with Western liberal democracies—the reliance on American military aid, security cooperation, foreign investment, and international development aid—complicate the country’s impulse to wholly wall off its internet à la China and Iran. As Shires points out, the United States and Egypt maintain strong cybersecurity linkages, including joint cybersecurity exercises and agreements between EG-CERT and US-CERT, and Western cybersecurity firms enjoy a significant presence in the country. Because of this cybersecurity cooperation with multistakeholerism-aligned states, Egypt’s positioning within the cyber sovereignty pole is muddled.

These contradictions are also reflected in Egypt’s censorship redlines: namely, the government’s unwillingness to block the largest American social media platforms. Unrestricted access to these platforms is important for local and international business and any long-term interference is at glaring odds with President Sisi’s much-touted digital transformation strategy. The Ministry of Finance also has plans to tax advertising and other services on social media platforms, a potentially valuable source of revenue that would help trim the budget deficit. In lieu of complete censorship and national control, security agencies have developed other techniques to stymy digital expression on these platforms— the arrest and imprisonment of citizens for digital expression.

Egyptian security authorities undoubtedly have the capability to surveil through highly targeted and technically advanced means, but this targeting is expensive and likely reserved for high-profile dissidents and internal regime power dynamics. Considering only the largest estimates of Egyptian citizens targeted and jailed for their online activities, a new study found that digital expression arrests occur primarily through an array of technically unsophisticated mechanisms, including devices seizures and searches, informant networks, and surveillance of publicly-available social media content.

In fact, the study found that the platform most targeted by Egyptian security agencies is Facebook. The redlines of censorship are met with brute force arrest campaigns, designed to silence critics who express themselves on platforms the state appears unwilling to block.

Device seizures and searches are longstanding tactics employed by Egyptian security authorities to target digital expression, but the practice was witnessed on a scale previously unseen during and following the recent September 20 demonstrations. These seizures mostly occurred at security checkpoints in public spaces and at National Security buildings after arrest. Citizens are stopped by police on the streets, asked to surrender their mobile phone and input their password, and watch as the police immediately gain full access to their Facebook, WhatsApp messages, and photos.

Security authorities also target digital expression through vast networks of informants. In 2018, a “rumor collection network” was established by the Egyptian general prosecution to encourage citizens to report false news and rumors on social media to a WhatsApp number. This network effectively crowdsourced surveillance to the wider civilian population and acts as a veritable low-cost panopticon. Case files of detainees imprisoned for digital expression have included screenshots from their social media profiles, suggesting that informants regularly send “suspicious” content they encounter on social media to security agencies.

Regime-aligned lawyers like Samir Sabry Ayman Mahfouz and Ashraf Farahat frequently lodge legal complaints in response to social media content. These lawyers are known to review the Twitter and Facebook pages of high-profile figures for comments critical of the regime, with the aim of bringing lawsuits to silence any criticism. Again, a variety of domestically-produced tactics are used to suppress expression on social media platforms too politically and economically expensive to censor.

It is clear that advanced censorship technology is used in conjunction with technically unsophisticated techniques. This system is designed to scare citizens to self-censor and prevent alternative political views from circulating on digital platforms. Egypt’s multifaceted regime of information controls unfortunately requires more than just technical solutions to protect online expression. The regime’s strategy has proven to be terribly effective and only new paradigmatic approaches will have any hope to subvert these efforts.