There is growing concern about the surveillance of delegates during the Cop27 climate talks in Egypt, with cybersecurity experts warning that the official app for the talks requires access to a user’s location, photos and even emails when downloading it.
The revelation, as more than 25,000 heads of state, diplomats, negotiators, journalists and activists from around the world gather at the climate summit starting Sunday in Sharm el-Sheikh, has raised concerns that Egypt’s authoritarian regime will be able to an official platform for a United Nations event to track and harass attendees and critical domestic voices.
The official Cop27 app, which has been downloaded more than 5,000 times, requires extensive user permissions before installing, including the ability for Egypt’s Ministry of Communications and Information Technology to view emails, search photos and locate the locations of users, according to an expert who analyzed it for the Guardian.
This data could be used by Abdel Fatah al-Sisi’s regime to further combat dissent in a country that already holds about 65,000 political prisoners. Egypt has carried out a series of mass arrests of people accused of being protesters in the run-up to Cop27 and has sought to investigate and isolate all activists close to the talks, with governments trying to reach an agreement on how to deal with them. the climate crisis.
“This is a cartoon supervillain of an app,” said Gennie Gebhart, advocacy director for the Electronic Frontier Foundation. “The biggest red flag is the number of permissions required, which is not necessary for the app to work and suggests they are trying to control visitors.
“No reasonable person will agree to be monitored by a nation-state or have their emails read by them, but many times people click on these permissions without giving it much thought.”
She added: “I can’t think of any good reason why they need these permissions. It’s an open question how this information will be used – it raises a lot of scary possibilities. It may very well have a calming effect by having people censor themselves when they realize they are being watched in this way. It can have a cooling effect.”
Amnesty International’s Hussein Baoumi told the Guardian that tech agents working for the rights group had investigated the app and identified a number of concerns ahead of Cop27. The app could access users’ camera, microphone, Bluetooth and location data, and could pair two different apps.
“It can be used for surveillance,” he said.
Baoumi added: “The issues they found were mainly the permissions it asked for. If granted, the app could be used for surveillance against you. It collects data and sends it to two servers, including one in Egypt. Authorities do not say what they do with this data, and they can use this app for massive data collection from everyone who uses it.”
Amr Magdi of Human Rights Watch said his organization has also reviewed the app and found it “opens doors to abuse.”
Magdi added that conferences such as Cop27 “are an excellent information-gathering opportunity from a security perspective”, including for certain activists “that they want to learn more about”.
Rights activists in Egypt expressed concern about the Cop27 app almost immediately after it became available.
“You can now download the official #Cop27 mobile app but you need to provide your full name, email address, mobile number, nationality and passport number. You also need to enable location tracking. And then the first thing you see is this,’ tweeted Hossam Baghat, the head of the Egyptian Initiative for Personal Rights, links to an app screen showing the face of the Egyptian president.
He then tweeted a screenshot of the app’s terms and conditions, which read: “Our application reserves the right to access customer accounts for technical, administrative and security reasons.”
Digital surveillance of Cop27 visitors comes on top of a highly developed infrastructure for dragnet monitoring of Egyptian citizens’ communications, prompted largely by Egyptian officials’ fears of the power of digital communications and their relationship to the 2011 popular uprising. 2013 was provided by a US company, allowing authorities to track all web traffic passing over a network. The Egyptian government is also blocking online access to more than 500 websites, including the country’s only independent news channel, Mada Masr, using technology from Canadian company Sandvine.
Surveillance by major telephone providers such as Vodafone gives the Egyptian authorities direct access to all telephone calls, text messages and information from all users. A Cop27 participant said Vodafone distributed free SIM cards to conference participants upon arrival at Sharm el-Sheikh airport.
“The Cop27 app is really part of the wider surveillance structure in Egypt,” Baomi said. “This app comes from a country that unashamedly massively monitors its own people. It makes sense that the Egyptian government’s app could of course be used for surveillance, to collect data and use it for purposes unrelated to Cop27. It is sad, but expected from Egypt.”
Rights activists and members of Egyptian civil society who are critical of the government have been under targeted surveillance by Egyptian authorities for years, raising concerns about the risks to high-profile activists attending Cop27. The Egyptian Initiative for Personal Rights and Citizen Lab identified in 2017 an “ongoing and extensive phishing campaign against Egyptian civil society”, targeting organizations working on human rights issues, political freedoms and gender, as well as individual targets such as lawyers, journalists and activists. . Four years later, Citizen Lab identified another targeted hacking attempt against the phone of a prominent former Egyptian opposition leader abroad.
South Sinai governor Khaled Fouda also recently boasted to a domestic cable channel about the level of surveillance at Cop27, including cameras in the back of taxis relaying images to a local “security observatory”.
“Sisi’s idea of ’security’ is mass spying on everyone,” Magdi tweeted in answer.
The Cop Presidency and the Egyptian Ministry of Foreign Affairs were approached for comment.