Restricting cybersecurity, violating human rights: cybercrime laws in MENA region

Photo: Freedom House/Flickr


The majority of the Middle Eastern and North African countries (MENA) today are currently living in various conflicts that are leading to economic, social and political deterioration. The internet was and continues to be one of the main engines and tools that contribute to the crystallization of the political situation. The wide and far-reaching use of social media has not only contributed to regime change in some cases, but has also facilitated the dissemination of disinformation in critical situations. In other cases, simply uploading a video to a video sharing platform can help document grave human rights abuses. As such, the current trend of using new technologies—including various social networking platforms—has played a critical role in affecting regional politics and the flow of information and how it is controlled.

In the meantime, governments, enterprises, and individuals in the MENA region have adopted new digital technologies and applications on a massive scale in a process known as digitization. Instead of working to limit the negative ways the internet and other technologies can be used (e.g., for disinformation), Middle Eastern governments have taken to closing the online space by implementing harsh and oppressive cybercrime laws. Governments all around the region are enthusiastically crafting such laws that do little other than robbing internet users of their basic human rights.

With the number of internet users in the region expected to reach 574.8 million in 2019, modern technology and social media outlets offer people the ability to self-mobilize and create online communities. Sometimes, it is the only available tool to exercise fundamental rights and freedoms, such as expressing opinions and sharing ideas in spite of oppressive policies often imposed on offline activity. However, these platforms also increased the frequency and scope of cyberattacks, cybercrime, cyberterrorism, malware, digital surveillance and violations of privacy. Governments have responded by regulating user practices on the internet through various legal instruments, such as cybercrime laws.

In effect, cybercrime laws have worked to replace similar, older laws that regulate offline practices and transactions. This quantum leap means that practicing basic rights as freedom of expression in the written press, radio or even protesting in streets, transitioned to online platforms, and thus, the very same oppressive measures that many of these countries have offline are now reflected online.

For example, the Bahraini “Cybercrime Law”, passed in 2014, gives various government organizations, including the Ministry of Interior and the Ministry of Public Information, the capacity to block and censor a wide range of websites. No court order is needed to censor websites that host content deemed a “challenge” to the government, such as any published content that is critical of the Bahraini government, the royal family, or the status quo generally. Similar censorship is found in the Egyptian Cybercrime Law passed in 2018. Under Article 7, any website can be blocked if its content is considered a crime under the law, provided that it poses a threat to national security or jeopardizes the security of the country or its national economy—effectively legalizing the blocking of websites.

These laws also facilitate and legalize mass surveillance by the state and foreign governments. For instance, the Egyptian law enables the violation of Egyptians’ right to privacy by foreign governments. Article 4 of the law addresses the exchange of data and information between Egypt and foreign countries through the Ministries of Foreign Affairs and International Cooperation within the framework of international, regional, and bilateral agreements or the application of the principle of reciprocity. The article does not include any requirements for the exchange of such information, such as the existence of data protection laws in the requesting country or requirements regarding the scope, duration of retention, or processing of information.

This, along with greater government control of information online, leads to a “chilling effect” where people and organizations in these areas begin to reduce their use of the internet. The loose concepts and vague and broad provisions contained within these laws allow for the violation of basic and fundamental rights such as the freedom of expression and the right to privacy.

Some cybercrime laws take things a step further by not only criminalizing the activities of individuals, but imposing criminal liability on internet service providers (ISPs), telecommunications companies, and online platforms for content uploaded by its users. Article 2 of the Egyptian Cybercrime Law, for example, requires telecommunications companies to retain and store users’ data for 180 days. This includes data that enables the identification of users, “metadata” about the content of their communications, the computer “IP” address, and the devices they use. This means that telecom providers could be asked to turn over to authorities detailed information about users’ communications, including information on voice calls, text messages, website visits, and the use of apps on computers and smartphones. The same article requires that telecommunications companies comply with regulations for any “other data decided by the National Telecom Regulatory Authority (NTRA) board,” which means that companies could be forced to collect and retain data not provided for in the law, based on a decision by the NTRA. The article also expands the legality of telecommunications service providers to collect user data, extending it to the agents and distributors responsible for marketing their services.

In addition, Article 2 gives national security authorities the right to access these data, and telecommunications service providers are obliged to offer the technical assistance necessary to facilitate such access. In other words, the law provides security services with extensive powers to obtain user data, without limitation or standards.

As previously documented in other regions, platforms start to operate with a constant fear of criminal accountability, opting to remove content rather than risk the possibility of prosecution. This, in effect, becomes a form of censorship—affecting innovation, creativity, and freedom of expression through social networking platforms as well as economic growth.

All over the world, new technologies afford exciting new spaces for innovation and creativity. Such oppressive laws impacting the online space criminalize fundamental freedoms and rights instead of embracing or encouraging them. They create an internet that is full of walled gardens.

A positive agenda for MENA governments would be to increase the use of the internet as a platform of communication and development as an effective tool for education, health, trade and economic and social development. Improving digital security is an integral part of this effort, as is expanding universal access to information communication technologies (ICTs). Protecting human rights online is a core part of online security.