Put human rights on the agenda of security discussions ahead of Dubai Expo 2020
17/1/20 - Diana Eltahawy, Gulf Programme Manager, BHRRC
Tech companies are turning a blind eye to how their products are being used by governments like the UAE, writes Diana Eltahawy
As policymakers, security experts, businesses and other stakeholders gather on 19-21 January for the Intersec Future Security Summit in Dubai to discuss 'Disrupting Technologies: Integrating Physical and Digital Security', human rights considerations are conspicuously absent from the agenda.
This is despite UAE's troubling record of abusing technology to launch attacks on human rights defenders and other critics of the government.
A significant part of the event is dedicated to discussing security preparedness for Expo 2020, the six-month international fair set to begin in October 2020 and expected to bring some 25 million visitors to the emirate.
Amid the official promotion for Expo 2020 - designed to showcase Dubai as a hub of technological innovation, cultural tolerance, and visionary leadership - it is important to remember the UAE's record of crushing any form of dissent expressed offline or online, frequently in the name of security.
Human rights organizations have long raised concerns about the UAE's aggressive acquisition of cyber-surveillance technology and its misuse to target journalists, human rights defenders, and other perceived critics. An investigation by Reuters revealed how the UAE's spying programme dubbed 'Project Raven' used powerful tools to hack into the accounts of individuals considered threats, including foreign journalists and a 16-year-old boy whose tweets were deemed offensive.
According to Reuters, in 2016, the spy operation moved to a domestic cyber-security company, DarkMatter, which also happens to be the Expo's official cyber-security provider. The company denies taking part in the hacking operation.
In addition, Citizen Lab investigations revealed how prominent Emirati human rights defender Ahmed Mansour had been subjected to several hacking attempts, including by Pegasus spyware linked to Israeli company NSO. He is currently serving a ten-year prison term for posts on Twitter and Facebook, illustrating the UAE's draconian approach to freedom of expression and digital rights.
In addition to targeted surveillance, the UAE authorities heavily monitor social media, instant messaging and blogs, as well as block access to thousands of websites deemed inappropriate. UAE residents also report increasing difficulties in accessing these via VPN – an act which is also criminalized. Expo 2020 visitors should be aware of the draconian cyber-security laws in the UAE, used in the past against foreigners.
An investigation by the NYT published last month alleged that a popular app, ToTok - developed and widely used in the UAE due to bans of VoIP including Skype and WhatsApp - has been used as a spying tool by the government. While ToTok vehemently denied the allegations, further questions were raised regarding its alleged links to a senior UAE official
According to the UAE's Telecommunications Regulatory Authority, 12,734 websites have been blocked since 2016, many for "pornographic" or "immoral" content. In the past two years, 135 websites were blocked for "offenses against the UAE and public order". Dozens of others have also been blocked on vague grounds of "illegal activities", insult and defamation or by order from the judicial authorities for unspecified reasons.
Surveillance and monitoring and other technology products will be showcased at the Insterc security, safety and fire protection fair running concurrently with the Summit. Companies participating in the Summit and/or showcasing their products at the security fair, as well as those expected to flock to the UAE for Expo 2020, need to be mindful of the risk that their technology could be used and abused by the Dubai government to track or target activists.
Such companies should carry out due diligence to assess and mitigate human rights risks associated with their presence, starting by being more transparent in disclosing their business operations
Efforts are ongoing to hold surveillance companies to account for complicity in human rights abuses. A group of activists have taken legal action in Israel to revoke NSO's export license to prevent future sale of its spyware to regimes spying of peaceful critics.
WhatsApp is seeking a court injunction in the US to block NSO from accessing its computer systems. NSO has denied all allegations of wrongdoing, including in responses to the Business & Human Rights Resource Centre.
Recognizing the human rights risks of surveillance companies globally, the UN Special Rapporteur on freedom of opinion and expression noted that:
"Companies appear to be operating without constraint. It is critical that companies themselves adhere to their human rights responsibilities, including by disclosing their transfers, conducting rigorous human rights impact assessments, and avoiding transfers to States unable to guarantee their compliance with their human rights obligations.”
He recommended a moratorium on the sale, transfer and use of surveillance tools until human rights-compliant regulatory frameworks are in place.
Despite some limited efforts at regulating the surveillance trade, a lot more needs to be done by companies themselves currently turning a blind eye to how their technology might be used by governments like the UAE to silence independent voices.
Participating in events on security in the UAE without addressing human rights concerns serves to promote the UAE's brand as modern, tech-savvy and open for business and investment, while human rights defenders likes Ahmed Mansour languish in jail.