Delegates at the climate talks in Egypt are apprehensive of surveillance, with cybersecurity experts warning that the official Cop27 app for the talks requires access to a user’s location, photos and even emails upon downloading it. As more than 25,000 heads of state, diplomats, negotiators, journalists and activists from around the world gather at the climate summit that starts in Sharm el Sheikh today, the revelation has raised concerns the authoritarian regime in Cairo will be able to use an official platform for a UN event to track and harass especially domestic players critical of the dispensation, The Guardian has reported.
Ironically, the activists who are scared of the current regime are those who led a disruptive movement sponsored by the CIA, the US’s foreign intelligence agency, that unseated a moderate Hosni Mubarak regime in 2011 and brought in successive theocratic, autocratic and unstable regimes — Field Marshal Mohamed Hussein Tantawi, Mohamed Morsi, Adly Mansour and Abdel Fattah el Sisi.
The official Cop27 app, already downloaded more than 5,000 times, asks for sweeping permissions from users before it installs. These include the ability for Egypt’s Ministry of Communications and Information Technology to view emails, scour photos and determine users’ locations.
Abdel Fatah al-Sisi’s regime could use the data to come down heavily on dissent in a country that already holds about 65,000 political prisoners. Egypt has conducted a series of mass arrests of people accused of being protesters in the lead-up to Cop27 and sought to vet and isolate any activists near the talks, which will see governments attempting to hammer out an agreement over dealing with the climate crisis.
“This is a cartoon super-villain of an app,” said Gennie Gebhart, the Electronic Frontier Foundation’s advocacy director. “The biggest red flag is the number of permissions required, which is unnecessary for the operation of the app and suggests they are trying to surveil attendees. “No reasonable person will want to consent to being surveilled by a nation-state, or having their emails read by them, but often people click these permissions without thinking much.”
Gebhart said, “I can’t think of a single good reason why they need these permissions. It’s an open question of how this information will be used — it raises a lot of scary possibilities. It may well have a silencing effect in that people self-censor when they realize they are being watched in this way. It can have a chilling effect.”
Technical operatives working for the rights organisation, Hussein Baoumi of Amnesty International said. had examined the Cop27 app and flagged a number of concerns prior to Cop27. The app was able to access users’ camera, microphone, Bluetooth and location data as well as pair two different apps. “It can be used for surveillance,” he said.
Baoumi said, “The issues they found were primarily the permissions it asks for. If granted, it allows the app to be used for surveillance against you. It collects data and sends them to two servers, including one in Egypt. The authorities don’t say what they’re doing with this data, and they’re able to use this app for mass data collection from everyone using it.”
Amr Magdi of Human Rights Watch said that his organisation had also assessed the app and found that it “opens doors for misuse”.
Magdi said that conferences like Cop27 were “an excellent chance from a security perspective for information gathering,” including for certain activists “they want to know more about”.
Rights activists in Egypt flagged concerns about the Cop27 app almost immediately after it became available.
“You can now download the official #Cop27 mobile app but you must give your full name, email address, mobile number, nationality and passport number. Also, you must enable location tracking. And then the first thing you see is this,” tweeted Hossam Baghat, the head of the Egyptian Initiative for Personal Rights, linking to an app screen showing the face of the Egyptian president. He then tweeted a screenshot of the terms and conditions put forth by the Cop27 app, which read: “Our application reserves the right to access customer accounts for technical and administrative purposes and for security reasons.”
Digital surveillance of Cop27 attendees comes atop a highly developed infrastructure for dragnet surveillance of Egypt’s citizens’ communications, prompted in large part by Egyptian officials’ fears of the power of digital communications and their relationship with the popular uprising of 2011. This includes deep packet inspection technology provided by an American company in 2013, allowing authorities to monitor all web traffic moving through a network. The Egyptian government also blocks online access to over 500 websites, including the country’s lone independent news outlet Mada Masr, using technology provided by Canadian company Sandvine.
Snooping by major telephone providers such as Vodafone allows the Egyptian authorities direct access to all users’ phone calls, text messages and information. One Cop27 attendee said that Vodafone was distributing free sim cards to conference attendees on arrival at the Sharm el-Sheikh airport.
“The Cop27 app is really part of the wider surveillance structure in Egypt,” Baoumi said. “This app is coming from a country doing mass surveillance unapologetically on its own population. It makes sense that of course the Egyptian government’s app can be used for surveillance, to collect data and use it for purposes unconnected to Cop27. It’s sad but expected from Egypt.”
Rights activists and members of Egyptian civil society critical of the government have been subject to targeted surveillance by the Egyptian authorities for years, raising concerns about the risks for high-profile activists attending Cop27. EIPR and Citizen Lab identified one “ongoing and extensive phishing campaign against Egyptian civil society”, in 2017, targeting organisations working on human rights issues, political freedoms and gender as well as individual targets such as lawyers, journalists and activists. Four years later, Citizen Lab identified a fresh targeted hacking attempt against the phone by a prominent former Egyptian opposition leader based overseas.
South Sinai governor Maj Gen Khaled Fouda also recently boasted to a domestic cable channel about the level of surveillance at Cop27, including cameras in the back of taxis feeding footage to a local “security observatory.”
“Sisi’s idea of ‘security’ is mass spying on everyone,” Magdi tweeted in response.
The Cop presidency and the Egyptian ministry of foreign affairs were approached for comment.