A lethal combination: How MENA governments use cybercrime laws and spyware to target activists · Global Voices
Gulf Center for Human Rights

Israa Al-Ghomgham as a child. Photo widely circulated online.
This post was written by Khalid Ibrahim, executive director of the Gulf Center for Human Rights (GCHR) an independent, non-profit organisation that promotes freedom of expression, association and peaceful assembly in the Gulf region and its neighbouring countries.
Human rights advocate Israa Al-Ghomgham may soon be facing the death penalty in Saudi Arabia, for her non-violent human rights related activities.
Arrested in 2015 along with her husband, activist Mousa Al-Hashim, over their roles in anti-government protests in Al-Qatif, Al-Ghomgham was charged under article 6 of the Cybercrime Act of 2007 for “preparing, sending and storing material that would harm the public order”. She also stands accused of “inciting rallies and young people against the state and security forces on social networking sites”, and posting photos and video of these protests online. She has been in detention ever since, and was put on trial in early August 2018. State prosecutors for her case are seeking the death penalty.
The stakes in Al-Ghomgham's case could barely be higher. But the circumstances of her arrest, detention and prosecution have become chillingly common across the MENA region.
For nearly two decades, activists like Al-Ghomgham in the MENA region have been using online tools to demand democratic societies that respect fundamental rights, and freely express other ideas that are not welcome in traditional media, which in many cases is controlled by governments.
But following the cascade of social movements across the MENA region in 2011-2012, several governments and their security forces endeavoured to tighten their controls over the internet and cripple its use to promote human rights and social justice.
In countries where human rights groups documented serious human rights violations, such as Saudi Arabia, the United Arab Emirates (UAE), Bahrain and Qatar, governments invested millions of dollars in surveillance, espionage and hacking tools to target human rights defenders, including internet activists and bloggers.
Alongside these technical measures, they sought out legal mechanisms to further this cause. Their tactics included the adoption and strict implementation of anti-cybercrime laws that have been used to stifle freedom of expression on the internet and to criminalise and imprison activists.
A recent report by the Gulf Centre for Human Rights (GCHR), entitled “Mapping Cybercrime Laws and Violations of Digital Rights in the Gulf and Neighbouring Countries” illustrates how this combination of technical and legal measures has led to a new era of repression in the region.
The report highlights these trends and anticipates that regional governments may expand their capacity to prosecute such “cybercrimes”:
There are two trends at hand we anticipate to proliferate and feel compelled to warn against. First, legislation will introduce more restraints on online freedom of speech and expression under the label of combating ‘fake news.’ Second, now that the UAE and Syria have developed two branches that are specialised in the prosecution of cybercrimes i.e. the police units and courts, other countries are likely to follow suit.
In addition to using cybercrime laws as an arbitrary legal cover to target activists, governments and their security agencies hire foreign companies, often based in Western democracies, to provide them with the latest software and hardware to fully control the activities of internet activists and civil society.
The Canadian company Netsweeper sold filtering tools to the UAE government to block websites including that of the GCHR, which has been blocked in the country since January 2015.
In addition to monitoring and surveilling the online activities of civil society organisations, government actors have attempted to hack their accounts and obtain the sensitive data contained therein.
Human rights activist Ahmed Mansoor is currently serving a ten-year jail sentence in the UAE. Photo Credit: Martin Ennals Foundation, via Citizen Lab.
Emirati blogger and human rights defender Ahmed Mansoor, who is currently serving a 10-year prison sentence for merely expressing his opinions online, was targeted with spyware known as Finfisher and sold by Gamma International which is incorporated in the UK and Germany. Technical research indicates that Mansoor was also targeted with software developed by Hacking Team, an Italian firm.
Through 2015 alone, authorities in the UAE used Hacking Team software bought for USD $634,500 to spy on 1,100 people. In 2016, Mansoor was once again the target of a phishing attempt this time using the technology of the Israeli company NSO Group.
Across the region, when human rights defenders and online activists are arrested, their electronic equipment and those of their family members are confiscated. When Mansoor was arrested in March 2017, the security forces confiscated his children’s cell phones and laptops.
As crackdowns across the MENA region continue unabated, governments in Western democracies should take action against companies that aid such repression. EU, US and Canadian governments need to impose controls on digital security companies to prevent them from exporting censorship, blocking and spying technologies to repressive governments.