State of Privacy Egypt

Egypt

Table of contents

Introduction

Acknowledgment

The State of Privacy in Egypt is the result of a collaboration by Privacy International and its partners.

Key privacy facts

1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy.

2. Data protection law: There is currently no data protection law in Egypt.

3. Data protection agency: Egypt does not currently have a data protection agency.

4. Recent scandals: In December 2017, at the Cairo International Exhibition for Communications and Information Technology, the head of Egypt Post, Mr. Essam El Sagheer, declared that his department was using "unconventional methods" to collect customer data, based on what seems to be an independent system for automating the reading of national ID cards, fingerprints and iris recognition, and linking them to the financial accounts of customers.

5. ID regime: First introduced in 1996, Egypt has a National ID Card system mandatory for all citizens aged 16 and older.

Right to Privacy

The constitution

Egypt adopted a new Constitution in a referendum in January 2014. The document guarantees the right to privacy.

Article 57 states that:

"Private life is inviolable, safeguarded and may not be infringed upon. Postal, telegraph, e-correspondence, telephone calls and any other means of communications are inviolable and their confidentiality is guaranteed and they may only be confiscated, examined or monitored by causal judicial order, for a limited period of time, and in cases specified by the law.

The state shall protect the rights of citizens to use all forms of public means of communication, which may not be arbitrarily disrupted, stopped or withheld from citizens, as regulated by the law"

Furthermore, Article 99 of the Constitution stipulates that:

".. any assault on individual freedom or the inviolability of citizens' private lives and any other public rights and liberties guaranteed by the Constitution shall be considered a crime."

Regional and international conventions

By virtue of Article 93 of the Constitution, the state is committed to international agreements, covenants, and conventions that Egypt ratifies. It is signatory of a number of treaties with privacy implications, including:

Communication Surveillance

Surveillance laws

The interception of telecommunications in Egypt is permitted under the Telecommunication Regulation Law No 10 of 2003. The law grants the National Telecommunication Regulation Authority (NTRA) - a body chaired by the ICT minister and composed of government representatives - the authority to regulate ISPs and mobile network operators.

Article 64 of the law "mandates telecommunications operators to provide all technical equipment, systems, software and communications, which enable the armed forces and national security agencies to exercise their powers within the Law." The same article also bans the use of encryption.

Surveillance actors

i. Armed forces and national security entities

There are three main intelligence-gathering agencies in Egypt.

1) The General Intelligence Directorate (GID) is Egypt's intelligence agency responsible for national security intelligence, both domestic and foreign, with a counter-terrorism focus. One of the oldest intelligence gathering agencies in the world, the Mukhabarat, as it is commonly known, works under the direct authority of the president.

2) The Egyptian Military Intelligence (also known as el Mukhabarat el-harbeya) is under the authority of the Ministry of Defense.

3) Homeland Security (or Ketaʿ El Amn El Watani) is responsible for counter-intelligence, internal and border security, counter-terrorism, and surveillance. The agency works under the authority of the Interior Ministry. It was established in 2013 to replace the now-defunct State Security Investigations Service (also known as SSIS or Mabahith Amn ad-Dawla), which had carried out various human rights violations during the government of President Hosni Mubarak.

Homeland Security has, however, quickly acquired much of the previous agency's infamous reputation in recent years. After General Abdel Fattah el-Sisi swept into power in a military-led coup in the summer of 2013, the agency spearheaded a campaign of violence leading to a bloody crackdown against alleged members of the now-banned Muslim Brotherhood.

ii. Investigating judges, public prosecutors and judicial officers

Article 58 of the Egyptian Criminal Code and Article 150 of the Criminal Procedure Code allow prosecutors and investigative judges, at their own discretion, to issue warrants authorizing judicial officers to intercept and record communications when investigating a possible crime.

The said warrants can cover a period of up to 30 days and can only be renewed once.

Furthermore, authorised members of the armed forces or security agencies may also issue communications surveillance warrants, according to Article 95 of the Criminal Procedure Code.

The Telecommunications Act authorizes (Article 69) the National Telecommunications Regulatory Authority (NTRA) — the telecommunications industry regulator—, the Armed Forces and intelligence agencies to appoint judicial officers to conduct investigations that may involve the interception and recording of communications for the purpose of investigating a suspected crime.

iii. Other government agencies

The Administrative Oversight Authority (AOA), an anti-corruption government body, has interception capabilities, according to the Telecommunications Act.

Privacy International has also identified the existence of a little-known agency, the Technical Research Department (or TRD). The agency is thought to be responsible for running telecommunications monitoring centres on behalf of the Interior Ministry.

iv. Telecom operators

The Telecommunications Act details how telecommunications providers should cooperate with law enforcement agencies:

Article 64 states that each operator is expected to "provide all technical potentials including equipment, systems, software and communication which enable the Armed Forces, and National Security Entities to exercise their powers within the law."

Article 67 further states that authorities can "subject to their administration all Telecommunication Services and networks of any Operator or Service Provider [...] in cases concerning National Security."

Surveillance capabilities

Internet monitoring

In 2014, as part of a transparency effort, Vodafone, the largest mobile provider in Egypt, published its first "Law Enforcement Disclosure Report", a document identifying the surveillance laws and policies to which it is subjected in the 29 countries in which it operates.

In Egypt, the report suggested widespread government interference and unrestricted access to communications data over its networks by the armed forces and national security agencies, who enjoy broad latitude to intercept communications with or without an operator's control or oversight. The report prompted speculation that other network operators in the country might be subjected to similar arbitrary surveillance.

In Mars 2016, Privacy International discovered that the Technical Research Department (TRD), an obscure Egyptian intelligence service, had purchased a sophisticated monitoring equipment from Nokia Siemens Network, a joint venture between Siemens AG and Nokia. The equipment apparently included wide-ranging interception capabilities, in addition to a monitoring system for fixed and mobile networks.


In April 2016, the Italian authorities decided to strip Hacking Team, a Milan-based electronic surveillance vendor, from its license to export outside of the European Union. Hacking Team's dealings with repressive regimes, including the Egyptian TRD, came under media scrutiny following the hack of their internal systems in 2015 revealing that they had sold surveillance technology to some of the world's most authoritarian states.


In early 2017, subsequent to a joint letter to the Italian export authorities by a coalition of rights groups including Privacy International, Italy revoked authorization from surveillance company Area SpA to sell equipment to Egypt's Technical Research Department.

Intrusion malware

The Citizen Lab has been able to document the use of Finfisher and RCS intrusion malware products in Egypt.

Packet inspection

Under President Mubarak's administration, Egypt purchased packet inspection technologies from US technology company Narus.

Similarly, research by The Citizen Lab has identified that US technology company Blue Coat's packet inspection technologies were used on Etisalat networks.

In 2017,the French magazine Telerama revealed that a €10 million contract was signed in 2014 between Nexa Technologies (ex Amesys) and al-Sisi regime for the sale of a technology using Deep Packet Inspection.

Other surveillance capabilities

Other commonly used surveillance methods include surveillance cameras (CCTV), which are widely used in public place

Surveillance oversight, checks and balances

Any victim of illegal wiretapping or another privacy violation can file a civil case for damages and seek to have illegally obtained evidence dismissed. However, as Vodafone's Law Enforcement Disclosure Report points out, the armed forces and security agencies are largely exempt from any control or oversight by the telecoms regulatory authority.


Furthermore, there is no judicial oversight over the NTRA's own use of its investigative powers (as per Telecommunications Regulation Act No. 10 of 2003, Article 69).

 

Surveillance case law

Privacy International is not aware of any specific surveillance case law in Egypt. Please send any tips or information to: research@privacyinternational.org

Examples of surveillance

Surveillance in Egypt is traditionally linked to the Emergency Law that has been frequently applied and repeatedly extended since its first enactment in 1958. The continuous state of emergency was one of the major grievances for demonstrators giving rise to the Egyptian Revolution of January 2011 against the government of former president Hosni Mubarak.

While the state of emergency was eventually lifted in November 2013, it was re-enacted in North Sinai amid an increasingly violent Islamist insurgency in the region. It has been extended in the peninsula ever since.

The law allows the state to conduct unwarranted searches of persons, places and correpondence without being restricted by the provsions of the Criminal Procedure Code.

In early March 2011, following the downfall of the Mubarak regime, protesters fearing that incriminating documents might be destroyed raided several State Security Investigations Service (SSIS) buildings across Egypt.

Protesters were able to secure some of the agency's internal documents showing the agency's alleged involvement in rigging elections, widespread surveillance of citizens as well as evidence of torture practices and the use of secret detention centres. Most incriminating documents are feared to have already been destroyed.

The documents were shared widely on the internet, leading to popular outrage and forcing the interim government to dissolve the SSIS on March 15, 2011.

On July 3, 2013, President Mohamed Mursi, the first democratically elected head of state in Egyptian history, was removed from office in a military coup led by General Abdel Fattah el-Sisi (commonly known as Sisi), who went on to win the May 2014 presidential election with more than 93% of the vote, to become the sixth President of Egypt.


Since his inauguration, al-Sisi escalated his clampdown on civil society groups.

In short succession, laws restricting basic rights were passed, including a controversial Anti Terror Act which bans anti-government protests, sidelines judicial supervision over the police, the military and intelligence services, legalizes emergency police powers and expands military court jurisdiction over civilians.

 

Throughout 2015 and 2016, human rights activists have reported having their emails and private communications leaked and published on public forums or printed out and left on their doorsteps as a way of intimidation.

A television programme in Egypt, entitled 'Black Box' also broadcasted phone calls of activists to document how they were supposedly engaged in treasonous activities. The programme was suspended during the summer of 2014 amid other controversies.

Between November 2016 and early February 2017, a number of Egyptian human rights activists, journalists, bloggers and local rights organizations reported being the target of a seemingly coordinated campaign of phishing attacks. The University of Toronto's research group the Citizen Lab which uncovered the attacks called the operation "Nile Phish." The Citizen Lab documented over 92 such phishing attempts during that period. Sophisticated phishing messages were sent to targets attempting to lure them into revealing their account credentials.


Although the Citizen Lab says it is "not in a position to conclusively attribute Nile Phish to a particular sponsor," the scale of the campaign and its persistence in the particular political context in Egypt has further compounded the already difficult situation faced by NGOs in the country.


Later in February 2017, the Citizen Lab said it received evidence that the Nile Phish operator has engaged in phishing of 2-factor authentication codes and announced a future follow up on its report.


In July 2017, Egyptian activist Ola Shohba said that many of her online accounts were reset and taken over after her SIM card registered with Vodafone had been deactivated and unlawfully issued to another person.

In December 2017, the Paris Prosecutor's office opened a judicial investigation into the sale of surveillance equipment by French company Nexa Technologies (formerly known as Amesys) to the Egyptian government. The investigation follows a request by rights groups FIDH, LDH and the Cairo Institute for Human Rights Studies who hope that it could lead to charges being brought for complicity to torture and enforced disappearances.


The request was prompted by revelations in the French press of a €10 million contract signed in 2014 between Nexa Technologies and al-Sisi regime for the sale of a mass electronic surveillance equipment. Code name of the transaction: "Toblerone".


Back in 2011, Nexa Technologies (then named Amesys) had sold a similar surveillance system named "Eagle" to the Libyan government under Muammar Gaddafi. Using Deep Packet Inspection, the system would have allowed the Libyan regime to track down, hunt down and torture opponents.

 

Data Protection

Data protection laws

On October 30, 2017, a member of the Egyptian House of Representatives submitted to Parliament a proposal for a "Draft Data Protection Law". The proposal, currently under parliamentary review, would establish the first data protection law in Egypt.


In the absence of specific legislation, however, a number of provisions outline confidentiality obligations relating to criminal investigations, employee information, markets data and banking secrecy.


Article 113 of the Egyptian Criminal Code no. 58/1937 imposes criminal penalties on the unauthorized collection of images or recordings of individuals in private places.


Article 309-bis of the same law provides for: "a penalty of detention for a period not exceeding one year [...] inflicted on whoever encroaches upon the inviolability of a citizen's private life, by committing one of the following acts in other than the cases legally authorized, or without the consent of the victim:

 

  • "Eavesdropping, recording, or transmitting via any instrument whatever its kind, talks having taken place in a special place, or on the telephone.
  • Shooting and taking or transmitting by one of the instruments, whatever its kind, a picture of a person in a private place."

The Labour Law (enacted in 2003) makes it mandatory for employees to provide personal information to employers, including name, address, military and social status. Employers must then keep a file for each employee which includes their personal data. The information is kept in the employee's file and reviewed periodically by the relevant government authority. Although Article 77 of the law stipulates that only authorised individuals can have access to personal employee data, little is known about the legal and technical protections in place to protect databases from abuse.


Article 97 of the Banking Law stipulates that all bank customer data shall remain confidential, including account numbers and related dealings. They may not be disclosed even in the event of severance of relationship between the customer and the bank.


However, in the case of a transaction deemed suspicious, the Anti-Money Laundering Law prohibits banks from disclosing to clients or beneficiaries any information suggesting that such transaction is under investigation.


Article 13 of the Egyptian Civil Status Law no. 143/1994 protects the confidentiality of data recorded on the civil status of citizens.
The Capital Markets Law protects against insider dealings by prohibiting the exploitation of any confidential information for personal gain or for the account of a third party, or the divulging of information to a third party, whether directly or indirectly.


There seems to be no laws restricting the transfer of data offshore.


The Mortgage Finance Law has clauses which provide for the confidentiality of the data of the clients of mortgage finance companies.


The Egyptian Telecommunications Law protects the privacy of telecommunications and imposes penalties in some cases on the unauthorized violation of such privacy.

Accountability mechanisms

i. Freedom of Information

Human rights groups in Egypt have long demanded greater transparency from the government. Those demands culminated after the 2011 revolution, when activists called for greater access to publicly held information to ensure that past abuses are not repeated.

Article 68 of the 2014 Constitution recognizes that state information, data, statistics, and official documents are the property of the people, and that every citizen has a right to access this information.

As early as January 2013, the government announced the drafting of a Freedom of Information Act and plans to establish a national council for information, inviting public input on the draft law.

In December 2016, the government announced the establshment of a new committee headed by the Prime Minister tasked with completing the draft law.

As of December 2017, a Draft Freedom of Information Act was still under discussion between the journalist union, media professionals and the National Council for Human Rights before its anticipated referral to the House of Representatives for final review sometimes in 2018.

ii. Consumer protection

The Egyptian Consumer Protection Act, enacted in 2006, does not provide for the specific protection of consumers' personal data.

The law does not provide for a transparency mechanism that would define who processes the private data of consumers and the means by which they can exercise the rights of information, access, rectification, cancellation or opposition.

The Consumer Protection Agency does receive complaints from consumers through various means, including a dedicated Facebook page, an official website and a call centre hotline.

The telecoms regulator, NTRA, is entitled by virtue of the Telecommunications Regulation Act of 2003, to protect the rights of the customers of telecom operators. However, those rights remain vaguely worded and our research has not identified any specific examples in which the NTRA has intervened to protect the rights of consumers vis à vis their personal data.

And although the Consumer Protection Act does not have specific provisions which regulate electronic marketing, the Consumer Protection Agency has referred Orange and Vodafone to prosecution for misleading ads in June 2017.

iii. Legal remedies

As a general rule, any prejudiced individual data subject may raise a civil liability claim before Egyptian courts in connection with any perceived violation of the individual's' right to privacy. However, the onus is on the victim to establish the unlawful act, the damage that occurred and the causal relationship between the unlawful act and the damage before the competent court.

Data breaches: case law

Privacy International is not aware of any case law related to data breaches in Egypt. Please send any tips or information to: research@privacyinternational.org

Examples of data breaches

Egyptian law does make mandatory the reporting of data security breaches or losses to the authorities or to data subjects.

Though not a data breach, Egypt has seen a number of important leaks of classified information. In February 2015, an Egyptian court has put ousted president Mohamed Mursi on trial on charges of endangering national security by leaking state secrets to Qatar, furthering a state crackdown on the outlawed Muslim Brotherhood. The public prosecutor accused Mursi and his aides of "leaking documents which exposed the location of and weapons held by the Egyptian armed forces" to Qatari intelligence.

Our research has not yet identified examples of widescale data breaches related to data breaches in Egypt. Please send any tips or information to: research@privacyinternational.org

Identification Schemes

ID cards and databases

i. National ID card

The National ID Card currently in use is machine-readable. First introduced in 1996, it was re-issued in 2000. It is mandatory for all citizens aged 16 and older, and is required in most daily transactions such as accessing medical care in hospitals, employment, education, banking, and for acquiring property.


In its current format the National ID card is not suited for recording biometric features. It does contains an ID number, a photo, the full name, gender, birthplace, birthdate, address, religion, marital status, parents' names and signature of the cardholder.


In November 2014, during his official visit to Paris, president Abdel Fattah al-Sisi contracted Morpho, a French electronic security company (subsidiary of Safran) specialized in "identity management solutions" to produce national biometric ID cards (or eID cards).


As of December 2017, it is not known when the deployment of the electronic ID cards will be completed or what specific data will be collected on them.

ii. Egyptian Passport

In 2008, Egypt introduced its first machine-readable passport (MRP) in lieu of the previous passport which was handwritten and easily forged. In its current format the Egyptian Passport is not suited for recording biometric features.

The passport contains personal information digitally printed on an ID page. Personal information includes the passport number, the photo, full name, date and place of birth, nationality, sex, the National ID number, profession, marital status, military status and postal address of the passport holder. No signature is required.

A scannable barcode stores additional information that can be decoded by special software.

iii. Egypt Post

In December 2017, at the Cairo International Exhibition for Communications and Information Technology, the head of Egypt Post, Mr. Essam El Sagheer, declared that his department was using "unconventional methods" to collect customer data, based on what seems to be an independent system for automating the reading of national ID cards, fingerprints and iris recognition, and linking them to the financial accounts of customers.

It is not clear whether this system was sanctioned by the competent authorities. In the absence of a proper legislation or of a data protection authority, little is known about how the collected information is protected against use beyond its intended purpose.

 

Voter registration

Voting is compulsory in Egypt. Article 87 of the Constitution guarantees citizens' right to vote, run in elections, and express their opinion in referenda. [Article 87 of the Constitution, on Citizen participation in public life]

 

The state reserves the right to "enter the name of every citizen in the voter registration database without request from the citizen himself, once the citizen meets voting requirements." The state retains the right to "purge this database periodically in accordance with the law."

 

In 2014, during the constitutional referendum, the government deployed a system of touchscreen tablets for electoral purposes provided by the company Morpho. In the absence of a data protection authority, little is known about the government's data management and storage policy for electoral data.

 

SIM card registration

Egypt has a policy of compulsory SIM card registration. Starting in May 2010, NTRA embarked on a campaign that culminated in 2014 requiring that all SIM cards in the market are registered. As a result, operators were obliged, that year, to wipe clean their subscribers databases off unregistered SIM card holders.

Operators then required their clients base to provide them with personal data including ID card copies and numbers. SIM cards were suspended pending a verification process that required customers to call the operator to activate their suspended line.


Mobile operators are required to review the personal data they hold in order to correct, update and complete the data of their customers. This requirement means that operators have access to at least parts of the civic registry database of their clients. Bulk access to the database, however, is not permitted under Article 13 of the civic registry law 143/1994.


In February 2005, it was reported that the Ministry of the Interior ordered internet cafe managers to provide access to the personal data of internet users of interest to the Ministry. The Ministry reportedly threatened to close establishments if managers did not comply. In August 2008, this practice became a policy whereby the government demanded that internet cafe customers provide their names, email addresses and phone numbers before being given permission to use the Internet café facility.

Policies and Sectoral Initiatives

Cybersecurity policy

Eg-CERT, the Egyptian computer emergency response team, was established in April 2009 under the authority of NTRA, the telecoms regulator.

Eg-CERT is charged with providing computer and information security incident response and support to government and financial entities.

Eg-CERT is also tasked with providing an early warning system for cyber attacks against critical information infrastructure.

In 2015, Eg-CERT reported 464 incidents and attacks against critical information infrastructure, including a large number of malware infections, phishing attempts and SQL injections.

Cybercrime

As of December 2017, a controversial cybercrime law has been under review for a few months by the Telecommunications and Information Technology Committee at the Egyptian House of Representatives.

The bill raised concerns among a coalition of local human rights organizations who said it left "nothing much to be added should this law be passed, other than a total ban on internet use". They pointed to its vaguely worded language: it incriminates internet users for crimes ranging from hacking into an official email, to publishing "illegitimate ideas."

The bill, which seems to receive the tacit support of the NTRA, grants the armed forces, Interior Ministry and the General Intelligence Directorate with larger discretionary powers allowing them to conduct mass surveillance operations and suspend the accounts of unregistered network users arbitrarily.

Promoters of the bill argued that "deterring measures" were necessary "to counter these [online] threats in order to protect our oblivious citizens through legislation that ensures the Egyptian state's safety."

The house of parliament has yet to vote on the bill in a general session.

Encryption

The use of encryption is strongly regulated in Egypt by the 2003 Telecommunication Regulation Law, as seen in article 64. It states:

"Telecommunication Services Operators, Providers, their employees and Users of such services shall not use any Telecommunication Services encryption equipment except after obtaining a written consent from each of the NTRA, the Armed Forces and National Security Entities, and this shall not apply to encryption equipment of radio and television broadcasting.

With due consideration to inviolability of citizens private life as protected by law, each Operator and Provider shall, at his own expense, provide within the telecommunication networks licensed to him all technical potentials including equipment, systems, software and communication which enable the Armed Forces, and National Security Entities to exercise their powers within the law. The provision of the service shall synchronize in time with the availability of required technical potentials. Telecommunication Service Providers and Operators and their marketing agents shall have the right to collect accurate information and data concerning Users from individuals and various entities within the State."

Licensing of industry

With the largest population in the Middle East, Egypt boasts one of the biggest telecom market in the region. Still, the country suffers from one of the slowest internet speeds worldwide ranking in the bottom five countries for broadband and 95th for mobile.

The body regulating the telecom sector in Egypt is the National Telecommunications Regulatory Authority (NTRA). It was established in 2003 in accordance with the provisions of the Telecommunications Regulation Act.

Several operators compete for the market:

Telecom Egypt (also known as TE, or El Masreyya le-l Ettesalat) is the historic operator. It controls the terrestrial fixed infrastructure shared in part with the Egyptian Electricity Transmission Company (EETC) and the national railroad company (ENR): TE owns and operates a 15,000 km long fiber-optic backbone extending to nearly all populated areas in the country in addition to the copper line network.


In the summer of 2016 TE entered the mobile market after being granted a 4G license. It participates in the internet retail market through a subsidiary, TE Data, which controls 75% of the ADSL Market and leases internet capacity to several internet service providers including the three major mobile operators, in addition to Raya, Link, and Internet Egypt, among others.

Three major operators compete for the mobile market. They include Vodafone, which holds the largest share of the market. It is owned by Vodafone Group which holds a 55% share in the company, with the rest held by the state-owned Telecom Egypt. Orange (previously, Mobinil), the second largest mobile operator, is owned by French company Orange S.A. Etisalat Misr, owned by Etisalat in the United Arab Emirates, also operates in Egypt.

All three mobile operators also have internet subsidiaries.

The high demand for more bandwidth led the government in 2011 to introduce a new strategy for broadband: the e-Misr National Broadband Plan.

Between August and October 2016 the NTRA started granting 4G licences to all the operators who were tasked with extending the long-delayed broadband services across the country's territory and into the rural communities. The early commercial operations of 4G services were subsequently launched in early October 2017.

The NTRA has also announced plans to open the fixed-line voice and internet services markets to existing GSM operators.

E-governance/digital agenda

Privacy International is not aware of any privacy issues related to e-governance in Egypt. Please send any tips or information to: research@privacyinternational.org

Health sector and e-health

Privacy International is not aware of any privacy issues related to the health sector and e-health in Egypt. Please send any tips or information to: research@privacyinternational.org

Smart policing

Privacy International is not aware of any smart policing issues in Egypt. Please send any tips or information to: research@privacyinternational.org

Transport

In June 2017, the New York Times reported that a bill under review in the Egyptian Parliament would require ride-sharing services Careem and Uber to place their server computers inside Egypt and to provide the government access to their internal data concerning customer and driver movements, "a recipe, some worry, for intrusive and sweeping surveillance," the newspaper commented.

Smart cities

Privacy International is not aware of any smart city issues in Egypt. Please send any tips or information to: research@privacyinternational.org

Migration

Privacy International is not aware of any privacy issues related to migration in Egypt. Please send any tips or information to: research@privacyinternational.org

Emergency response

Privacy International is not aware of any privacy issues related to emergency response in Egypt. Please send any tips or information to: research@privacyinternational.org

Humanitarian and development programmes

Privacy International is not aware of any privacy issues related to humanitarian and development programmes in Egypt. Please send any tips or information to: research@privacyinternational.org

Social media

Upwards of 17 million Egyptians use Facebook on a regular basis, making up almost one-quarter of all users from the Middle East.

The social network played a central role in fueling the popular uprising that eventually led to the overthrow of the Mubarak regime in early 2011. It has ever since been at the epicenter of the government's attempts to control the internet.

In 2014, the Ministry of Interior publicly announced that it had a plan to monitor social media use in Egypt. The Ministry claimed that its aims were to monitor security hazards by tracking new security issues that spread on the internet through social media, private conversations and messaging apps.

Alarmed by the move, activists denounced the plan as unconstitutional and an attempt to neutralize political mobilization through social media.

In January 2016, days ahead of the fifth anniversary of the popular uprising in Egypt, police reportedly raided thousands of apartments in downtown Cairo and asked people about their Facebook accounts.

Since the fall of 2014, hundreds of activists have been arrested, some disappeared in secret detention facilities and charged in relation to content they posted on social media sites, according to various rights organisations.

In April 2017, parliamentarians considered radical new proposals to restrict Egyptians' access to social media.

A draft bill would, in the words of its author MP Reyad Abdel Sattar, "facilitate state surveillance over social networks in Egypt by making users enroll in a government-run electronic system that will grant them permission to access Facebook."

Under the proposed plan, users would be required to register in a government database. They would then be issued a login linked to their national ID before they can "legally" access sites like Twitter or Facebook. Unauthorized use could result in prison sentences.

The proposed bill came against the backdrop of an unprecedented government crackdown against hundreds of critical news sites (more than 400 websites blocked by October 2017) and the disruption or outright blocking of encryption and circumvention tools.

To circumvent government surveillance and censorship, Egyptians have been relying on end-to-end encrypted texting apps like Signal.

In December 2016, the government blocked access to Signal prompting Signal to introduce a circumvention feature called "domain fronting" to its Android app allowing users to conceal and encrypt their traffic inside of Google's servers.

In late April 2017, voice over internet protocol (VoIP) services like Skype, Facebook Messenger, WhatsApp, Apple's FaceTime and Viber were repeatedly disrupted, ostensibly for security reasons. The services have since been blocked intermittently despite the NTRA denying that the VoIP calls had been restricted.

As early as July 2016, authorities have infiltrated social media apps such as Grindr to entrap gay and transgender Egyptians, some of whom were subsequently arrested and charged with "debauchery" under a 1961 law that is used to prosecute men for homosexuality and women for prostitution.