Surveillance technology: Different levels of accountability | IGF 2023 Networking Session #186

11 Oct 2023 01:15h - 02:15h UTC

Event report

Speakers and Moderators

Speakers:
  • Marwa Fatfata, AccessNow, Middle East and North Africa
  • Marianne Rahmé, SMEX, Middle East and North Africa
  • Khalid Ibrahim, GCHR, Middle East and North Africa
  • Nardine Alnemr, GCHR, Middle East and North Africa
  • Meredith Viet, Business and Human Rights Resource Centre, Europe
  • Samuel Jones, Heartland Initiative, North America
Moderators:
  • Khalid Ibrahim, Gulf Centre for Human Rights
  • Nardine Alnemr, Gulf Centre for Human Rights

Table of contents

Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.

Full session report

Audience

The panel discussion explored various important topics concerning the connection between gender and human rights defenders. Stephanie Mickelson, representing the UNFPA, highlighted the importance of considering gender when analysing reports on human rights defence. Mickelson posed a question about whether the gendered element of human rights defenders is adequately examined in these reports and how progress in this area is monitored.

Another significant point raised during the discussion was the issue of digital attacks on women and human rights defenders. These attacks were identified as a form of gender-based violence, with limited research conducted on their psychological impact. Specific examples, such as Abdessam Saag in Bahrain and Hala Ahed in Jordan, who have experienced digital attacks, were given. It was also noted that these attacks have a negative impact on family life.

The fear of surveillance and the potential release of personal data were identified as factors that compel women to adapt their activism. This adaptation was seen as another form of oppression that women face. The panel highlighted that women, particularly those involved in activism, are significantly affected by the constant threat of surveillance. It was argued that this fear not only hinders their activities but also violates their rights.

Surveillance was also examined in terms of its secondary effects on journalism. The panel discussed how the publication of articles revealing surveillance technologies like Pegasus has led journalists, even in the Western world, to feel intimidated and fearful of contacting human rights activists and other journalists. Some journalists expressed hesitation in covering certain activities or organizations due to prevailing surveillance practices.

In conclusion, the panel stressed the importance of considering gender in reports on human rights defence and addressing the gendered aspect of human rights defenders. It shed light on the impact of digital attacks on women and the lack of research on the psychological consequences. Additionally, it highlighted the fears and constraints imposed on women’s activism in the face of surveillance and the resulting intimidation of journalists. This comprehensive discussion provided valuable insights into the complexities surrounding gender, human rights defenders, and the harmful effects of surveillance in modern society.

Marwa Fatafta

Access Now and the Gulf Center for Human Rights have collaborated to establish the MENA Coalition at Rights Con 2021. This coalition aims to address the widespread use of spyware and digital surveillance in the MENA region, particularly targeting human rights defenders, journalists, lawyers, and civil society. The negative sentiment surrounding this issue stems from the fact that surveillance technology from democratic countries often ends up in the hands of authoritarian regimes.

One of the main challenges in holding the surveillance industry accountable lies in its lack of transparency and accountability. Companies involved in these activities often operate under hidden identities and conceal information about their investors. Additionally, the transfer and sale of surveillance technologies are shrouded in secrecy, making it difficult to attribute responsibility on an individual level. This lack of accountability is further exacerbated by the absence of robust rule of law and law enforcement in the home countries of the victims.

Targeted surveillance of women represents a significant concern and a gendered dimension in this issue. Women are disproportionately affected by privacy violations resulting from surveillance. Adversarial governments exploit personal information to discredit and tarnish the reputation of women. Women also become targets of doxing campaigns, where personal information is shared without consent, leading to various forms of harm. Moreover, women may face increased risks during protests, as authorities can confiscate their devices, potentially exposing them to danger if personal information falls into the wrong hands. Recognizing this, international norms should acknowledge the intersection between gender-based violence and targeted surveillance.

To effectively address these challenges, there is an urgent need for democratic countries to regulate their surveillance industries and enforce human rights due diligence. Such regulation would help prevent the export of surveillance technologies to authoritarian regimes and ensure that human rights principles are upheld. It is also crucial for these countries to prioritize the protection of individuals and communities impacted by targeted surveillance.

The ultimate purpose of surveillance, particularly in the MENA region, appears to be the suppression of dissent and independent media reporting. Surveillance serves as a tool for authoritarian regimes to silence activists, journalists, and other individuals critical of the status quo, allowing them to maintain control over information and prevent the exposure of human rights abuses.

On a positive note, the awareness of surveillance issues has prompted more people, including journalists, to prioritize their digital security. Individuals are seeking assistance from digital security helplines to have their devices checked and scanned, recognizing the importance of safeguarding their data and communications.

Exposing and holding spyware companies accountable is seen as a crucial step in safeguarding journalists and uncovering the truth. Digital security has become paramount for journalists working with limited resources, and efforts should be made to ensure their protection.

The MENA Coalition aims to map surveillance technologies and spyware in the region, prioritizing advocacy campaigns. By shedding light on the surveillance industry and promoting accountability, the coalition aims to protect the rights and privacy of individuals and communities across the MENA region.

In conclusion, the establishment of the MENA Coalition is a critical step in combating spyware and digital surveillance in the MENA region. By addressing the targeted surveillance of human rights defenders, journalists, and civil society, regulating the surveillance industry, and prioritizing the protection of women, the coalition seeks to promote peace, justice, and strong institutions in line with the relevant UN Sustainable Development Goals.

Samuel Jones

Investors have the potential to significantly contribute to advancing corporate accountability by encouraging rights-respecting behavior from companies. This can be achieved through direct engagement with companies to improve their policies, practices, and governance. By doing so, investors can send a strong public signal that certain sectors, such as surveillance technologies, should be considered toxic asset classes.

One area of concern is spyware, which presents high risks to companies and their shareholders. Potential regulatory enforcement, litigation, operational disruptions, and brand damage pose material financial risks. For instance, the Israeli spyware maker NSO Group faced strategic litigation and regulatory blacklisting, resulting in massive financial and reputational costs. Other companies, including Google, Nokia, Thales Group, and Sun Corporation, have also made contentious business decisions regarding surveillance technologies.

To address these risks, it is recommended to designate spyware as a toxic asset class among public and private equity investors. This would involve developing investment exclusionary criteria and releasing a white paper highlighting the severe human rights and financially material risks associated with the technology. Collaboration with investors and companies would be crucial in tackling the threats posed by spyware.

Integrating grassroots civil society experts on targeted surveillance into investor-led company engagements would strengthen efforts to address the risks associated with spyware. Collaborating with partners to map out the spyware ecosystem is also essential. In addition, organizing a global gathering that integrates experts on targeted surveillance into investor-led company engagements would further enhance accountability in this area.

Engaging tech industry leaders in private collaborative discussions is another important step in addressing surveillance-related risks. This collaboration, in partnership with a coalition of North American and European investors, would focus on various ways to address surveillance-related risk. This includes better market entry analysis, improved harm-value chain monitoring, and implementing contractual and operational human rights guardrails.

It is crucial to shift the focus from high-level policy discussions to the operational impacts of technologies on people on the ground. Understanding the direct consequences of tech companies’ technologies is key to ensuring accountability. By doing so, investors can mitigate potential harm and promote responsible practices.

Investors should exercise caution when considering spyware investments, especially in light of the controversies surrounding NSO Group. Education is necessary to help investors recognize how spyware may manifest in different forms within their portfolios. Spyware, often marketed under the rubric of law enforcement or counterterrorism, requires a deeper understanding of its true nature and implications.

To gain a comprehensive understanding of the impact of their investments, investors need to rely on information from human rights defender organizations. These organizations provide critical insights that help investors assess the human rights implications of their investments and make informed decisions.

There is optimism about ending the unaccountable cooperation between companies and democracies in the near future. A collective effort, including the involvement of investors, is expected to lead to increased corporate responsibility and accountability.

Overall, investors have a significant role to play in advancing corporate accountability in relation to surveillance technologies. Through engagement with companies, designation of spyware as a toxic asset class, collaboration with experts and industry leaders, and a focus on operational impacts and human rights, investors can contribute to a more responsible and accountable corporate culture.

Asya Abdelkarim

The ANSIM Network in Iraq plays a crucial role in supporting and empowering internet activists who advocate for human rights and digital security. They provide comprehensive training on digital security and privacy, equipping activists with the necessary skills and knowledge to navigate the online landscape safely. Additionally, they document and report on cases of surveillance and digital attacks, shedding light on the extent of these threats and ensuring they are not overlooked.

One of the main challenges faced by activists in Iraq is the risk of threats and attacks from pro-government groups, including militias. These groups exploit online platforms to intimidate, harass, and even arrest activists, leading to severe consequences. Despite the importance of digital security and privacy, activists still face significant risks and challenges.

The ANSIM Network recognizes the urgent need to protect internet activists against surveillance and digital attacks. They actively advocate for policies and laws that safeguard digital rights, ensuring legal frameworks that support and preserve the rights of activists. Moreover, they provide crucial support to activists who come under attack, serving as a reliable source of assistance and guidance.

However, it is important to note that accountability for digital rights in Iraq is still in its early stages. The ANSIM Network engages in discussions with members of parliament concerning cyber crimes, data protection, and access to information. Nevertheless, the government has been slow to pass and implement laws that effectively protect digital rights, posing a hurdle for activists seeking justice and accountability.

Asya Abdelkarim, a human rights defender, is actively involved in efforts to safeguard human rights in Iraq. She maintains direct communication with the Iraqi political leadership, regularly sending reports of violations to the Media and Communication Commission and the Ministry of Communication. Asya also organizes meetings to highlight the importance of recognizing and preserving digital human rights.

Recognizing the power of international pressure, Asya Abdelkarim utilizes international press releases to put pressure on the Iraqi authorities. This approach can be effective, particularly given the influence of external political interference in Iraq. By bringing attention to human rights violations through international channels, Asya seeks to hold the authorities accountable and push for change.

In Iraq, women face significant challenges and digital violence. Asya conducted research that revealed a majority of Iraqi women have experienced digital violence, yet many are afraid to report these incidents due to fear of backlash. Tragically, there have been cases where women who reported threats have faced dire consequences, such as the case of Youtuber Thiba Ali who was found dead after reporting threats from her father. Even sharing an image of a woman without her hijab is considered a violation and can attract threats.

To address this pressing issue, Asya and her team have launched a hotline helpdesk that aims to assist women facing digital blackmail and related issues. This platform provides a safe and secure channel for women to report incidents and seek support, emphasizing the need to create a supportive environment that encourages reporting and addresses the prevalence of digital violence.

Asya Abdelkarim stresses the importance of collaboration in addressing the threats faced by human rights defenders, activists, and journalists. She expresses concern over the shared challenges of threats and surveillance and calls for collective action to confront these issues. By working together, they can develop effective strategies and mechanisms to protect human rights and foster a more secure environment for activists and journalists.

In conclusion, the ANSIM Network’s efforts in supporting and empowering internet activists in Iraq are commendable. Through training, advocacy, and documentation, they equip activists with the necessary tools to navigate the challenges of the digital landscape. However, there is still a need for increased accountability for digital rights in Iraq. Asya Abdelkarim’s work in engaging with political leadership and utilizing international channels showcases the importance of collective action in addressing threats and advocating for change.

Moderator-Khalid Ibrahim

Concerns have been raised regarding the misuse of surveillance technology in the Middle East and North Africa (MENA) region, particularly in relation to oppressive spyware tools. Authoritarian governments in the region have obtained and used these tools without transparency or accountability, leading to serious human rights violations. Examples of this misuse include the murder of Saudi journalist Jamal Khashoggi and the case of Ahmed Mansour. The Israeli software company NSO has come under scrutiny for its role in these violations, with the Gulf Center for Human Rights filing a complaint against them.

To combat the sale of surveillance tools to repressive governments, the MENA Coalition to Combat Surveillance (MCCS) was established. This coalition advocates for accountability and action against the misuse of digital surveillance tools. The Gulf Center for Human Rights has taken legal action by filing a complaint in France against NSO.

Marwa Fatafta emphasizes the need for a united front among civil society organizations in the MENA region to combat the proliferation of digital surveillance strategies. Activists and human rights defenders face challenges, as the surveillance industry operates across borders, allowing their home countries to target them abroad. Access Now and other partners have formed a forensic analysis team to investigate whether the devices of these individuals have been infected or targeted.

However, the victims of surveillance face obstacles in seeking justice. The lack of rule of law and enforcement in their home countries prevents them from pursuing legal action against responsible parties. Efforts are underway to find alternative ways to enable victims to seek remedy, including the initiation of lawsuits against surveillance companies like Dark Matter.

The targeting of women through digital attacks is a significant concern. Research in Iraq has revealed cases of digital violence against over 100 Iraqi women, including blackmail, hate speech, and even instances where victims have been killed after reporting threats. Recognizing these attacks as gender-based violence is essential to provide appropriate support and protection to the affected women.

The psychological impact on women who have been victims of spyware attacks also requires further investigation. Cases in Bahrain and Jordan have shown negative impacts on family life. More research is needed to fully understand the psychological consequences and develop suitable interventions.

Respecting the right to privacy is crucial, as it is a fundamental human right. Any infringements should be addressed, and action should be taken against companies and governments involved in such activities. Journalists play an essential role in exposing the illegal activities of companies supporting oppressive governments and should continue to shed light on these issues.

Despite the challenges posed by surveillance, tools are available to ensure privacy when communicating sensitive information. It is vital to explore and utilize these tools to safeguard individuals’ privacy rights in the digital age.

In conclusion, addressing the misuse of surveillance technology in the MENA region requires cooperation between governments, civil society organizations, and individuals. Holding accountable those responsible for human rights violations and establishing robust mechanisms to protect the right to privacy is of utmost importance.

Session transcript

Moderator-Khalid Ibrahim:
Good morning, ladies and gentlemen. Welcome to this session, which is going to be focused on surveillance technology, different level of accountability. Let me first introduce the speakers. On my left, Marwa Fatafteh, MENA policy and advocacy manager at Access Now, and the coordinator of the MENA Coalition to Combat Surveillance, MCCS. Access Now is a non-profit organization founded in 2009 with a mission to defend and extend the digital civil rights of people around the world. On my right, Asya Abdelkarim, researcher at the Iraqi Network for Social Media, ANSIM. ANSIM is a network of bloggers and social media trackers on a number of issues that concern Iraq. ANSIM serves as a great source of accurate and verified news and updates of the digital rights in Iraq. And with us online, we have Samuel Jones. Samuel Jones is the president of Hardland Initiative, which is a non-profit, a practice-based research organization that promotes the fundamental rights and freedom of people in conflict-affected and high-risk areas. So let me talk about the coalition, the MENA Coalition to Combat Surveillance, launched during the public session at RiotCon on the 7th of June, 2021. The MCCS, the coalition, has come together to end the sale of digital surveillance tools to repressive governments in the MENA region, fight for a safe and open internet, defend human rights, and protect human rights defenders, journalists, and internet users from government’s prying eyes. The murder of Saudi journalist Jamal Khashoggi on the 2nd of October, 2018, demonstrated both the dangerous consequences of targeted surveillance and the extent of secrecy and punity in which authoritarian governments in the region can obtain and deploy sophisticated and oppressive spyware tools. Until now, there has been no real accountability in the killing of Khashoggi. The Saudi government still never held account for his killing and the killing of other activists, while the NSO group, as you know, managed to hack into the accounts of many internet activists using the biggest spyware. I have also to mention the case of my colleague, Ahmed Mansour, a member of the board of the Gulf Center for Human Rights, who is the first victim of PICASA spyware back in 2015. It is the same year in which he got the Martin Arnold Award for Human Rights. Ahmed was arrested on the 20th of March, 2017, tortured and sentenced to 10 years in prison, only for his peaceful and legitimate human rights work. He is still in solitary confinement since his arrest. He, his family, friends, and we, his colleagues, have paid a heavy price for the use of surveillance technology against him. We are all still in pain. Now back to the NSO group. It says that it builds PICASA spyware solely for governments to use and to counter terrorism and law enforcement work. But as I said, many of my colleagues, many human rights defenders, bloggers, journalists, and internet activists, they were victims of PICASA spyware. Now I want also to talk about the level of accountability. There is not any local mechanism to address massive human rights violations in the MENA region. And as such, by using the concept of international jurisdiction, the Gulf Center for Human Rights filed a complaint in France on the 28th of July, 2021, against the Israeli software company NSO, which is responsible for harm caused to human rights defenders in the MENA region. The case is still ongoing. Now I will ask each distinguished speaker to present a brief summary of their work and the level of accountability they focus on. Let me start with my colleague Marwa. So Marwa, kindly outline the plan of actions for the MENA coalition to combat surveillance and the work you intend to do on accountability. Yes, Marwa.

Marwa Fatafta:
Good morning, everyone, and thank you very much, Khaled, and the Gulf Center for Human Rights for putting this session together. As Khaled mentioned, Access Now and the Gulf Center for Human Rights launched at Rights Con 2021, the MENA coalition to combat surveillance, and that came from the urgent need to combat the proliferating use of commercial spyware and digital surveillance tools in the MENA region. We, as Khaled had already highlighted, we have, in different countries in the MENA region, have been investigating and exposing the depth and the spread of how spyware, digital surveillance tools like NSO groups, Pegasus spyware, among others, are used systematically to target, monitor, and surveil human rights defenders, journalists, lawyers, civil society from Bahrain to Morocco, Saudi Arabia, the UAE, Jordan, Egypt, you name it. And therefore, we decided to bring local organizations together with global organizations to fight this phenomena. The issue of spyware and surveillance, as we all, I mean, for people who work on this issue, it is a transnational issue. For one, there are companies that are outside of the MENA region, or, you know, in this case, Israel is one of the top exporters of these surveillance technologies, that in order to fight, in order to combat this industry, we need to strengthen solidarity, but also information exchange and advocacy tactics between civil society organizations. That’s number one. Just looking at the transnational or cross-border nature of the surveillance industry. Another important factor was the fact that many activists and human rights defenders in the region are activists in exile, especially after the Arab Spring, and the spyware has enabled their countries to target them while they’re abroad, to spy on them, to forcibly disappear them, to kill them. In the case of this year, we have commemorated the fifth anniversary of Jamal Khashoggi’s murder at the Saudi embassy in Istanbul. His fiance, his acquaintances, his son, his ex-wife, even their lawyers, all of those individuals have been targeted with Pegasus spyware. So again, we’re talking, just to emphasize again on the point that we are dealing with a cross-border transnational issue that requires a collective commitment to fight the proliferation of spyware among civil society. Now in terms of the plans, of course, we are dealing with a ghost-like industry. It’s extremely opaque, elusive. Companies are hiding behind shell names. Their investors are also just as elusive. The transfer and the sale of these technologies are highly secretive. There is no way for us, for example, to know whether ex-country, ex-government, like has the government of Egypt contracted or had bought specific spyware? There is no way for us to know. The only way is to investigate through working with affected individuals. And Access Now, among other partners, we have built recently our forensic analysis team that we would be able to receive cases from human rights defenders, journalists, and activists to investigate and see whether their devices have been infected or targeted. Same goes with our partners like Amnesty International, Citizen Lab, among others. So the first objective here is to investigate and expose the companies and the human rights abuses that result from the use of the products that they’ve sold to the government. The second thing, once we have exposed, we have published reports where activists and victims have been targeted and what the result was in terms of human rights abuses. The second thing is looking at accountability venues, and that’s, of course, the name of the panel, which has been hard because, for one, when a victim recognizes or are told like once their device is checked that you have been infected with Pegasus, they are traumatized. If you’re a human rights defender, you’re also afraid that you might be harming the communities you work with, and then the question becomes who targeted me, and attribution is becoming harder and harder. For example, we can check if someone has been infected with Pegasus, but who is the government behind this infection is becoming difficult, and that is important for accountability, especially at an individual level. People want to know who is the entity or the government spying on them. And then they are also seeking litigation. They want access to remedy, and in all of MENA countries, you can’t just go to court and sue NSO group or sue the government because of lack of rule of law and law enforcement, and therefore the question always for us remains how can victims seek remedy or have access to effective remedy when there is none in their home countries, and we have been exploring with the Gulf Center ways we can overcome this hurdle or challenge. For instance, the Gulf Center, and Khaled maybe can speak about this, have filed a lawsuit against NSO group in France on behalf of a number of human rights defenders in the MENA region. We have also collaborated most recently, a few weeks ago, in a lawsuit filed against Emirati surveillance company Dark Matter, which has hacked the device of the prominent Saudi woman human rights defender Loujain al-Hathloul, together with three of its U.S. executives who have helped set up the Dark Matter surveillance operation. Now of course the company is trying to kill the lawsuit in the U.S. on grounds that the victim and the company and that the U.S. court has no jurisdiction over these individuals. The victim is Saudi national, the company is Emirati, and the lawsuit is taking place in the U.S. And I’m a bit simplifying the matter, but this is the summary of it. And we think, you know, we wrote to the court an amicus brief emphasizing again that this victim does not have access to effective remedy, would not be able to sue either Dark Matter or the UAE government for spying on her. And therefore the court can actually exercise its jurisdiction to uphold human rights and most importantly send a message to the surveillance industry that they can indeed be held accountable.

Moderator-Khalid Ibrahim:
Thank you a lot, Marwa. And let me just ask you briefly about what about your efforts in relation to human rights and your diligence, advocacy efforts in relation to put an end to this cooperation between companies and democracies supporting oppressive governments in the MENA region?

Marwa Fatafta:
That’s an important point because, again, going back to the issue of the surveillance industry itself, where it comes from, where is it exported from? And in some instances, like, for example, the German company Finfisher, and now thankfully they declared bankruptcy in Germany, but they had provided their surveillance technologies to the UAE, to Egypt, to Turkey. And so here, again, we go to the issue of export controls and the role of so-called democratic countries in exporting or making the surveillance technology available to authoritarian regimes. Often, and even though there are some export controls in place, these technologies find their way in the hands of authoritarians that use them to target and attack human rights defenders and journalists. Our role has been to expose where export controls have been lacking and also to add pressure on governments to regulate that industry within their jurisdictions through enforcing bylaw accountability measures that, for example, companies that work on surveillance technologies have human rights due diligence in place in order to stop selling that tech to human rights abusing countries, among other issues.

Moderator-Khalid Ibrahim:
Thank you a lot, Marwa. Let me move now to Asya, and Asya, could you just tell us about the work of ANSIM in empowering human rights activists in Iraq against the surveillance and digital attacks, and also what level of accountability we have in Iraq? Thank you.

Asya Abdelkarim:
Good morning, everyone, and thank you for this session. Actually, for those who do not know, ANSIM Network is a network for social media working in a group of digital rights defenders and digital experts. We have been working in Iraq since 2011 as a non-governmental and non-profit CSO to advocate for free, diverse, and safe Internet in Iraq. So we are a part of this MENA Alliance and MENA Coalition to Combat Surveillance, and before I begin to explain in detail, I want to tell those who don’t know and emphasize to those who do that Iraq is a country that has experienced many wars and conflict over the years in various forms. As these conflicts have evolved, so have the capabilities of civil society activists and human rights defenders in dealing with these disputes in a new way. So we now have a concept of digital resistance which has become increasingly prevalent in recent years due to its significant importance in changing the course of events. And regarding your question in Iraq, human rights defenders increasingly rely on digital technology, technology to monitor and advocate for human rights, or to share their opinion, promote debate, and mobilize. Nonetheless, malicious actors such as pro-governmental groups, including militias, have also used these online platforms to threaten, intimidate, and harass activists. With the rise of massive use of social media in Iraq, digital privacy and digital security have never been more important. So in some way Iraq plays a vital role in empowering Internet activists against surveillance and digital attacks, and we do this by providing trainings and resources on digital security and privacy, documenting and reporting on cases of surveillance and digital attacks, advocating for policies and laws that protect digital rights, supporting Internet activists who are under attack, and monitor and document digital security threats to civil society in Iraq to provide training and resources to help civil society organizations to protect themselves. And some work has been instrumental in empowering Internet activists to resist surveillance and digital attacks. So for example, NSIM has provided, as I said, many trainings, and we documented numerous cases of surveillance and digital attacks against Iraq, against the activists in Iraq. Let me talk more about the hacking of activists for arrests using surveillance technology. So Ansem have documented that a lot of apps that have been compromised, which lead to severe arrests, as reported by a protester, I caught him, we would turn up to an area to hold a protest and find a masked militia waiting for us with knives and clubs. Activists in Iraq face various forms of digital threats, ranging from hate speech to misinformation, hacking attempts, et cetera. In this regard, through our platform, the Checker, we aim to remain awake 24-7 to detect any attempts to spread misleading information that could lead to deadly consequences. Tragically, we witnessed the loss of two valuable individuals, the activist Reham Yaqoub and the politician and journalist Hisham Hashemi, who were assassinated following a very massive online campaign by electronic arms affiliated with Iranian-backed militias back in 2019. So we lost these two brilliant due to the absence of effective deterrents of the time to stop the harmful disclosure. However, today we are striving to protect the lives of these defenders with all the tools and connections at our disabled by our platforms. Also, I want to mention that the level of accountability in digital rights in Iraq are promoting is still in a very early stage. However, there are some promising signs like involving Ansem with a member of parliaments in various discussions regarding cyber crimes, law, data protection, and access to information. However, there are also some challenges that Ansem faced. The Iraqi government has a history of cracking down on dissent. And human rights activists are often targeted by the government and non-state actors like the Iranian-backed militias. Additionally, the Iraqi government is often slow to implement reforms, and it’s unclear how long it will take for the government to pass and implement laws that protect digital rights. Despite these challenges, we are playing a vital role in empowering internet activists to resist surveillance and digital attack. These tactics are helping to create more open, diverse, and democratic internet in Iraq.

Moderator-Khalid Ibrahim:
Thank you, Asya. Now, just briefly, could you talk about your plan for future work and actions in relation to this important topic? Yes, Asya.

Asya Abdelkarim:
Yes, of course. So now we have a lot of plans, actually. We are maintaining a direct communication with the Iraqi political leadership, especially the Media and Communication Commission and the Ministry of Communication. We continually send reports of these violations and hold meetings with them to emphasize the importance of recognizing that digital human rights are none less significant than natural human rights. And we also engage with international press release to put pressure on these authorities. This can be an effective method at time, given the influence of external political interference in Iraq and the consequences it can have.

Moderator-Khalid Ibrahim:
Thank you a lot, Asya. Now it’s time to move for our third distinguished speaker, our colleague Samuel Jones, who is joining us online. And the question for you, Sam, is how can investors help advance corporate accountability for civilian-related harms, including these associated with authoritarian governments? Yes, Sam.

Samuel Jones:
Thank you. So first of all, sincere thanks to Khaled for the opportunity to participate in this timely and critical discussion. Second, I wanted to mention that I’ve been fortunate enough to live in both Palestine and Iraq and once again find myself following Palestinian and Iraqi women who are both smarter and more articulate than I am. That said, I’ll do my best to respond to the question. So just a quick note about Heartland that will help set the stage for my remarks. As you mentioned, Khaled, we’re a practice-based research organization that assists investors in preventing and mitigating human rights risks across their investment portfolios, specifically those associated with business activities and relationships in conflict-affected and high-risk areas. While we work across industries, we have spent considerable time over the last several years prioritizing surveillance technology as a particularly at-risk sector in these particularly at-risk contexts. Some of the most pronounced recent human rights crises have underscored the severity and systemic risk posed by surveillance technology, whether that’s the Russian state surveillance system SORM being used against Russian dissidents or to control Ukrainian internet traffic, the deployment of spyware by the military junta in Myanmar, the surveillance state created by the Chinese government in Xinjiang Uyghur Autonomous Region in Tibet, or the use of targeted and mass surveillance throughout the occupied Palestinian territories by the Israeli government. In other words, if you introduce these high-risk technologies into areas where the human rights regime is already failing to function as intended, where regulation and enforcement are either inadequate or used in rights-violating ways, or where systematic or episodic violence and abuse are a part of daily life, you can expect these products to exacerbate these issues unless companies have taken, as Marwa alluded to, the necessary steps to address human rights and conflict risks throughout their product life cycles and specific to their business models. And yet, in spite of the rather obvious heightened risk endemic to the use of such technologies, whether that’s in Palestine or Iraq, the vast majority of companies producing surveillance technologies or those producing technologies that can be used for surveillance, like cloud-based computing, for example, do not conduct a correspondingly heightened version of human rights due diligence, as called for by the UNGPs. And this is where investors come in. Investors are becoming increasingly aware that human rights risks to people, due to high-risk products and services, high-risk value chain relationships, or in a high-risk context, can translate into financially material risks for companies and their shareholders. This could be due to regulatory enforcement, strategic litigation, operational disruptions, or brand damage. And there’s perhaps no greater example of this in the tech space than the company that’s been mentioned before, Israeli spyware maker NSO Group. Thanks to the investigative research of Citizen Lab and Misty Tech Access Now, the reporting of Forbidden Stories, which detailed the global human rights harms emanating from the sale and use of Pegasus spyware, NSO Group became the target of strategic litigation by WhatsApp and Apple, regulatory blacklisting by the US Department of Commerce, government investigation in the EU, and international advocacy campaigns, like the Pegasus Project. And collectively, these efforts resulted in massive financial and reputational costs for NSO Group, which was deemed valueless to its private equity investors during a London court case in April of 2022, only three years after being purchased for $1 billion. Now, while NSO Group may represent perhaps one of the most egregious cases of surveillance-related human rights harms, there are numerous other examples where investors have the opportunity and the responsibility under the UNGPs to engage companies whose business models are at risk of contributing to surveillance-related harms in a high-risk environment. Some examples include Google’s decision to partner with Saudi Aramco and Saudi Telecom to build a cloud platform in the kingdom where surveillance-related risks are both severe and well-documented. Nokia’s products and services being used to connect Russia’s digital network with state-run surveillance system known as SORM to suppress dissent and surveil citizens. A range of surveillance-related systems, including biometric technology from French company Thales Group, supplied to the Egyptian government, which is creating a massive surveillance infrastructure in Cairo. Celebrite, owned by publicly-traded Japanese company Sun Corporation, selling digital forensics and intelligence tools to Myanmar’s military junta. And Western Digital selling hard disk drives to Hikvision to be packaged with that company’s surveillance offerings, which have been used as part of the Chinese government’s surveillance and internment program in Xinjiang region. So as regulators and policymakers struggle to keep pace with proliferation and use of these and other technologies globally, it’s become even more critical for investors to directly engage companies and encourage rights-respecting behavior from the design to the end-use stages. In other words, in the absence of effective regulatory frameworks, investors represent a key potential driver for improved corporate policy, practice, and governance, corporate accountability for human rights harms, and most importantly, better protection for rights holders. So I’m going to just quickly try to concretize this point by reflecting on several potential roles investors can play vis-a-vis surveillance technologies. First, many of our investor partners have exclusionary screens for controversial weapons that are fundamentally incompatible with international humanitarian and human rights law. So think about nuclear, chemical, biological, cluster munitions, and landmines. We’re currently working with some of those partners, along with Access Now, Business and Human Rights Resource Center, and other experts, to develop similar criteria for spyware, meaning that it would necessarily be excluded from investment portfolios due to the emerging discourse suggesting that spyware is also fundamentally incompatible with international law. While many public equity investors may not directly be exposed to spyware, since the sector is largely funded by private equity, these massive investors in North America, Europe, and elsewhere could send a strong public signal that spyware is fundamentally a toxic asset class. Second, and especially in light of emerging regulations around surveillance technologies and mandatory human rights due diligence in Europe, there’s a role for investors to play in directly engaging policymakers concerning the need to put into place laws governing the design, marketing, and use of targeted and mass surveillance among state and non-state actors. There’s both actually a human rights imperative and a long-term financial interest for investors to advocate for the development and adoption of fit-for-purpose rules for these technologies that can contribute both to, and most importantly, a reduction or prevention of human rights harms, but that also erode public trust in state institutions and destabilize the conditions that make for a prosperous economy. And third and finally, investors can continue to engage companies, those in and adjacent to the surveillance technology industry on improved policy, practice, and governance measures that more effectively identify, assess, prevent, and mitigate surveillance-related harms. In order for these engagements to be truly effective though, investors must be equipped with technically sophisticated research and analysis like that provided from our colleagues from Palestine and from Iraq, so that companies are able to out-tech them during these dialogues with investors. And this is where civil society expertise becomes critical, providing investors with the resources they need to have conversations about contractually, operationally, and technologically preventing and mitigating these harms, even in authoritarian and other high-risk contexts. So I’ll close my remarks there.

Moderator-Khalid Ibrahim:
Thank you, Sam. So, Sam, thank you for joining us at such a late time for you. Thank you for mentioning Palestine and Iraq. Briefly, I have another question for you, Sam. What are the future plans for hard-line initiative around surveillance technologies in particular? Yes, Sam.

Samuel Jones:
Yeah, so I appreciate the question. As I mentioned, we work across industries, but in the next 12 months, we’re planning some fairly specific activities around surveillance technology. So first, an effort to designate spyware as a toxic asset class among public and private equity investors. Inspired by the anti-personnel landmine movement, this will include the development of investment exclusionary criteria that I mentioned previously, but it’ll also include a white paper on the severe human rights and financially material risk associated with this technology. Investor and company collaborations designed for these stakeholders to work together on mutual threats posed by spyware and its exploits. A global majority gathering designed to more fully integrate grassroots civil society experts into, or sorry, experts on targeted surveillance into directly into investor-led company engagements and working with partners to map out the spyware ecosystem. Second, I would mention building off an event that Heartland Access Now and the Resource Center held in London on the abuse of surveillance technologies in MENA. We’ll be working with coalition of North American and European investors to engage a handful of tech industry leaders in private collaborative discussions on concrete and meaningful ways to address surveillance-related risk through better market entry analysis, improved harm and value chain monitoring, and contractual and operational human rights guardrails. So the point of that is moving away from these 30,000-foot policy discussions with tech companies focused on the UNGPs and really focusing on the operational impacts of their technologies on people on the ground. That’s, and I’ll close there.

Moderator-Khalid Ibrahim:
Thank you, Sam. Thank you for all this work that has the potential to enhance the protection of all of us. Now we open the floor for any question, comment, discussion, or any online question. Do you have any comment, any question? Yes, please, go ahead.

Audience:
Hi, thank you so much. Stephanie Mickelson, UNFPA. So I look at kind of the gendered aspect of all of this. This is still, yeah, I’m learning a lot, so thank you again. I was wondering if this is, if that gendered element of human rights defenders is something that we consider and analyze as we have these reports and as we move forward, because as we know, you know, clearly, you know, two of the four people here today are women. So, yeah, I would just like to hear a bit more about that if we can, thank you.

Moderator-Khalid Ibrahim:
I think Marwa will address that. Yes, Marwa. Yes, take this. This is for you.

Marwa Fatafta:
Thank you, Khaled, and thank you for raising this question. We have actually started looking at the gendered dimension of targeted surveillance. As someone who has worked with surveillance victims in the MENA region, I know firsthand, and also as a woman from that region, I know firsthand how scary it is to have your personal information, or let me rephrase, to have an adversary government that is hell-bent on destroying your character, especially if you are a woman human rights defender or a human rights lawyer or a journalist, a woman who works on public interest or human rights activism, and to have all that personal information weaponized in order to smear your reputation and to discredit you and delegitimize your work. And so, just to take a step back, you know, we have been working on how women are targeted generally online from doxing campaigns, and that is sharing images or information about women without their consent, including their home addresses. We have seen cases where even the addresses of the women’s children, like the addresses of their children’s kindergartens or schools, medical records, sometimes even sexual activities, intimate conversations, screenshots of WhatsApp conversations and whatnot. Women sometimes, when they are on the streets protesting, we’ve also seen cases with their devices confiscated. So we know firsthand. as an organization that deals or provides support to those at-risk communities, how dangerous it can be if a government has its hands on that personal information and what it can do with it. And now adding to that layer, spyware. So if, let’s take Pegasus spyware as an example, and that’s not the only spyware available on the market. There are many other commercial spyware tools, some we know of, some we don’t. But you know, once your device is infected, the government client pretty much has access to everything, everything. Your microphone can turn your microphone on your phone, so it can spy on your conversations, your camera, telephone, you know, telephone calls, messages, contacts, emails, even encrypted messages like on Signal or WhatsApp, where you think that you are communicating safely with individuals, but in reality all of that is being exposed and seen by the government. Now, for women, the impact of targeted surveillance is particularly egregious, because one, women are subject to gender-based violence online and offline. They are, you know, they are afraid, it kind of restricts their, not only violates their privacy and also restricts their ability to express themselves or express their right to freedom of expression on an opinion, but also it restricts their movement. Women feel, like women I spoke to that have been spied on, feel afraid to walk on the streets. They have to change tracks, for example, because they feel that someone is following them. They know that if they are physically targeted or assaulted or harassed, they won’t receive any legal or social protection, because again, like going back to gender-based violence, especially in a region like MENA, where women are being killed and harassed without any consequences or little support, and therefore for us it was very important to advocate or to emphasize that targeted surveillance is a form of gender-based violence and should be for women rights groups, for, you know, UN agencies, for, and to develop like international norms around that, that targeted surveillance is not, we’re not only talking about the right, a violation of the right to privacy, but also in the case of women it’s a form of gender-based

Moderator-Khalid Ibrahim:
violence. Thank you, Marwa. Yes, Asya, you have something to add? Yes, so I will talk

Asya Abdelkarim:
from the side of Iraq. During the past year, I was working on digital-based violence research, and in this research we met with more than 100 Iraqi women. We did an interview with them. Most of them, in the conclusion, we found that they have faced a digital violence. Most of them are so afraid to face this truth. As Marwa said, they are very afraid to go to the police and to report that they are facing a blackmail or hate speech or any other online threat. So, because of the traditions, especially in a closed community in Iraq, they are so afraid to be killed. And I mentioned one of the story of the YouTuber Thiba Ali. She was reported to the community police in Iraq that her father threatened her to be killed because she ran away outside Iraq because she was facing domestic violence. So, they make the dad to make a commitment to the police that he will not be targeting her. He will be a good father for her, and the next morning she was dead. So, the women in Iraq are facing a lot of digital violence which reflect on the earth, and this is a very important challenge, actually. So, in Iraq also, the pornographic image is not just what is mentioned in the word. Pornographic may be that to spread an image of a girl that wears a hijab, but it spreads an image without hijab. So, that will be targeting her from the community. So, we are trying for Ansem, actually. We launched a hotline helpdesk, actually. We receive a lot of blackmail cases. We’re trying to help them because, as Marwa mentioned, they are so afraid to be in a court or in a police station. So, we are trying to help them, but it’s a very challenge. Actually, it’s a global challenge. We are trying, and we hope finally, soon, we will do our best to help all these women.

Moderator-Khalid Ibrahim:
One minute. I have little doubt that, no doubt at all, that digital attacks on women, human rights defenders, should be regarded as gender-based violence, and really little has been conducted in research with regard to the psychological impact on women when they are going to be victims of spyware, such as PICASAS. We have colleagues, such as Abdessam Saag in Bahrain, Hala Ahed in Jordan. They were victims of PICASAS, and it has a huge negative impact on their family life, and still all that never properly researched. Yes, go ahead.

Audience:
Thank you very much. Do you hear me? Yes. I just wanted to add a comment to this discussion. I’m Fatemeh Faniz of the Internet Alliance, that it is a gender- based form of violence, also because, and that’s the part of the iceberg that we do not see, like every woman in this region, but also more generally, who is slightly being an activist, or more on the spectrum, is afraid of their being surveilled, or their information being released, because of that reason. So even before being surveilled, it does impact women’s lives, like any gender’s life, of course, but women to a greater extent in societies where they’re more targeted, and it impacts, and they have to basically adapt their activism and their lives to the potential tread, which is another way of oppression. Thank you.

Marwa Fatafta:
Yes, please. I could not agree more. I could not agree more, especially when, at least in the MENA region, the whole notion around morality, and how women should behave, how should dress, how should conduct themselves in public, that’s already policed, even before these technologies were invented, and now deployed on a, you know, increasing scale. We have, for example, cases where, you know, Khaled mentioned Abtiza Mastayegh, who is a Bahraini human rights defender, and she, we published a report together with frontline defenders, showing how she was surveilled and targeted, and she told us that even in her home, like once your privacy is violated, especially right now with our devices becoming an integral part of our lives, it felt like an assault or an attacker in her own kind of bodily integrity, and she doesn’t feel safe in her own home. As a veiled woman, she’s, you know, a practicing Muslim, she doesn’t even feel like free to be herself at her own home. She has to wear the veil at all times, and that’s, that also has, you know, we have had similar testimonies from Palestine, you know, maybe it’s a separate issue with not targeted surveillance, but mass surveillance and facial recognition technologies pointing directly through the windows of people’s houses or homes, and their women also express that they have to wear the veil at all times. So just to share the, how intimately that impacts women on levels beyond what we can imagine.

Moderator-Khalid Ibrahim:
Thank you a lot, Marwa. Is there any comment, any question? If there’s nothing, I go back to Sam. You, you have a question? Yeah, go ahead.

Audience:
Hi, I’m Isamu from Japan. I want to ask you, both of you, that I think the surveillance is, has secondary effect on us, because after two years that Pegasus article was broke, published, we are so intimidated, even in, even Western world journalists, we are very afraid to contact with you or human rights activists or other journalists. So some journalists feeling that we feel very hesitant to cover such activities or organizations. What are the secondary effect after two years the Pegasus was revealed? Are there any hesitation or the shrink of activities in your spheres or countries?

Moderator-Khalid Ibrahim:
Well, I think always we have to confront perpetrators of our privacy. The right to privacy is a human right, and we shouldn’t wait. We shouldn’t be afraid from doing all what we could, whether it’s human rights litigation or taking proper actions to stop companies from attacking our rights, including the right to privacy. I agree with you, it is not easy now to communicate if you have sensitive information, but the tools are out there for you to make sure that your privacy is respected and not compromised by companies. And as a journalist, I really encourage you always to find the truth and always to shed a light on the activities, illegal activities of companies who are supporting oppressive governments in our region, MENA region, other regions, as it is very important for us to show solidarity and to cooperate and to work together in order to end this business of surveillance against human rights defenders and other

Marwa Fatafta:
citizens. Yes. Thank you Khaled. I’d like to add two points. One, thank you very much for raising that point. This is precisely one of the key impacts of targeted surveillance. It’s not only about the individual that is targeted or infected with a malware or a spyware, but also the communities that they live or interact with. So this second-hand trauma or the second-hand impact, journalists being afraid to speak to their contacts and resources confidentially, human rights organizations not being able to corroborate evidence of human rights abuses or speak to local sources on the ground, and that’s especially true for, let’s say, activists or civil society organizations working in exile. These are really all concerns and that is, at the end of the day, the ultimate purpose of surveillance, to silence dissent and to silence independent media reporting. However, after the PICASOS project, it had the opposite effect in the sense that people became, at least in the region, people became more aware about this threat. And I have to say, as we run this digital security helpline, we have more and more people coming to us, including journalists, to have their devices checked and scanned. So ultimately it led to, this awareness led to people thinking about their digital security and prioritizing that, where that wasn’t necessarily the case, especially for journalists that are working under capacity or with limited resources. Now digital security has become front and center. So that is a good, that’s a good outcome. It’s a blessing in the midst of this ongoing scandal. And so, I mean, I hope this leads to more exposing of these spyware companies and also that journalists and others find ways to protect themselves and their

Samuel Jones:
resources. I could just add from the investment front as well, I mean, in terms of limited positive outcomes, following sort of the PICASOS project and the huge controversies and the financial implosion of NSO Group, definitely in conversations with both public and private equity investors, there was sort of a stain around anything that had to do with spyware. And so when we would talk to asset owners and asset managers, they would go to great lengths to talk about how they are consciously avoiding spyware. The problem, of course, with this is that spyware is not typically marketed as spyware. It’s done under the rubric of law enforcement or counterterrorism. And so a big challenge for us, including over the next year, is really educating investors about how spyware shows up in its different forms in their portfolios.

Moderator-Khalid Ibrahim:
Thank you, Sam. And I fully agree with Marwa that digital security should be our focus to not give any opportunity for hackers or companies to get into our accounts and also to protect our colleagues, our companies, our information. Now, we are in the final minutes. So I don’t know, Asya, do you want to say something, the final say for one minute before we conclude? Yes.

Asya Abdelkarim:
Thank you all for all the questions. And thank you, Khaled, for this session. Actually, it was great to hear from you about all this threaten and surveillance. It’s actually a happy moment and a sad moment at the same time that we are sharing the same issues. I hope that all of who is attending this meeting to work together, actually, to face this huge threat against us as human rights defenders and activists and journalists. Thank you all.

Moderator-Khalid Ibrahim:
Thank you, Asya. Sam, your final say. Are you optimistic that in two years, three years, we will end this cooperation between companies and democracies, investors that we could hold into account? Yes, Sam.

Samuel Jones:
That’s the hope, but I think I just want to reiterate a critical point, and that is for investors that tend to be overwhelmed by different environmental, social, and governance issues, it’s really human rights defender organizations, whether at the international level like Access Now or at the grassroots level that provide the critical information or can provide the critical information that investors use with companies on demonstrating that there are real human beings impacted by their investments and that it’s their responsibility to take appropriate actions. Really, we depend on those civil society organizations for our own work.

Moderator-Khalid Ibrahim:
Thank you, Sam. Marwa, the coordinator of the MENA Coalition to Combat

Marwa Fatafta:
Surveillance, your final say, Marwa. Final say. We have a huge job to do. I’m not sure if two or three years would be sufficient, but it’s definitely a priority fight for us and many of our partners. As Sam mentioned, it’s also one of our key goals to map surveillance technologies and spyware being used in the MENA region, including the companies, their investors, their corporate structures, as well as the human rights abuses facilitated by the use of these technologies that for us is important for a number of reasons, for accountability, for investor advocates, for journalists, lawyers, litigators. We want to make that, you know, we want to expose that industry to the extent we can and to help others in this ecosystem hold these companies accountable. So, it is an ongoing fight for those who would like to join our coalition. I mean, it’s MENA focused, but it’s open to global and local and regional organizations. Feel free to get in touch with us. And, you know, we’re planning to revamp the coalition, so there will be more advocacy campaigns next year, hopefully. So, with that, I have to

Moderator-Khalid Ibrahim:
thank our distinguished speakers, Samuel, Marwa, and Asya. Thank you, all of you who are in the room, and also a lot of thanks to people who followed us online. And with that, I wish you a nice day. Thank you.

Asya Abdelkarim

Speech speed

143 words per minute

Speech length

1352 words

Speech time

568 secs

Audience

Speech speed

137 words per minute

Speech length

370 words

Speech time

162 secs

Marwa Fatafta

Speech speed

144 words per minute

Speech length

2727 words

Speech time

1136 secs

Moderator-Khalid Ibrahim

Speech speed

127 words per minute

Speech length

1490 words

Speech time

704 secs

Samuel Jones

Speech speed

161 words per minute

Speech length

1974 words

Speech time

735 secs