For much of the world’s population, the digital realm has become central to the human experience. Yet access to information and essential services is often mediated by digital platforms, with or without users’ knowledge. This means that the governments, businesses, or individuals who dominate the digital realm have the potential to gain control over the public sphere. There is now little trace of the widespread optimism that once defined public views of the digital revolution. Far from being a prelude to liberation, this revolution has increasingly allowed states to exercise control and even engage in repression. As Egyptian technologist, blogger, and activist Alaa Abdel-Fattah argued in a 2017 essay written in Tora Prison: “the authorities have decided: meaning is dangerous, defending it is a crime, and its proponents are enemies.” Civil society organizations have strained to find ways to protect themselves from digital attacks, bypass state censorship, or challenge disinformation – but this has not proved to be a fair fight.
It is nothing new for governments to repress their populations or seek to control the flow of information – authoritarians have always wanted to stop the spread of dangerous ideas and replace them with official narratives. And they have always sought information about citizens by monitoring their activities. The difference now is that governments have an astonishing array of tools with which to achieve these goals – ranging from spyware to facial recognition technology and mass surveillance. And they can use these tools with little concern that they will be held accountable for doing so. The human costs of digital authoritarianism are evident across the world, but particularly in the Middle East and North Africa (MENA) – where the rule of law was, at best, under severe strain even before the digital revolution. Saudi Arabia and the United Arab Emirates have invested heavily in new technologies, including through intensified collaboration with China and Israel, as part of an effort to become digital superpowers. The lack of an international consensus on how such tools should be governed has created a fractured landscape of competing principles and multilateral initiatives that digital authoritarians often exploit.
European policymakers are rightly concerned about these developments. As this author argued in 2021, governments in the MENA region are becoming even more authoritarian. The digital dimension of authoritarianism is central to this trend. Given that repeated human rights violations and a lack of accountability frequently lead to societal breakdown, the European Union seems misguided in its reliance on authoritarians to guarantee stability and security in its southern neighborhood. EU policy should treat digital authoritarianism in the region as a significant security and political concern. But there is no sign that it is doing so. As a 2021 European Parliament research paper put it, the EU “still has to decide whether tackling digital repression is a core geopolitical interest at the highest political level”. And authoritarian states’ use of surveillance technology shows why this is a problem. Responding to the risks associated with digital technologies, the European Commission published in January 2022 a draft Declaration on European Digital Rights and Principles with the aim of creating a “human-centered, secure, inclusive, and open digital environment, where no one is left behind”. The draft includes the principle that “no one shall be subjected to unlawful online surveillance or interception measures”.
Yet it will be challenging to adhere to this principle in Europe. Trade in surveillance technology – including that involving European companies – has spun out of control. Until 2020, Israeli company NSO Group had an office in Cyprus – which was a hub for surveillance consultants – and promoted its products at UK defense fairs while under investigation by the FBI and facing a lawsuit for hacking brought by WhatsApp. The EU has declined to sanction the company. The United States has restricted export licenses involving NSO Group (a move that Israel is lobbying to reverse) but, in the EU, such decisions are made by member states. The EU is poorly suited to dealing with the graduated, subtle trend towards digital repression (in contrast to more urgent threats to democracy and human rights, such as Russia’s war on Ukraine). The International Institute for Democracy and Electoral Assistance has reported “a deep and dangerous cleavage in the EU’s internal fundamental consensus on liberal democratic values”, with Hungary and Poland transitioning into “soft authoritarianism”. Governments in Hungary, Poland, Germany, and Spain have all been accused of using NSO Group’s Pegasus technology to target domestic critics, including journalists and politicians. The company told the European Parliament in June 2022 that at least five EU countries had used Pegasus. Meanwhile, the company’s technology has played a critical role in engendering and cementing relationships between Israel and authoritarian states around the world, including Saudi Arabia, the UAE, India, and Hungary.
Therefore, European policymakers need to prioritize their response to the threat of spyware, which human rights experts argue can cause the kind of harms often associated with conventional weapons. Decisive action on spyware would not only support human rights activists around the world but also serve the EU’s security interests, given that the communications of European officials have been intercepted using this technology. In this, policymakers should study the European data protection supervisor’s recommendations: while the prospect of a full prohibition on spyware might be unpalatable to member states, it is hard to overstate the gravity of the threat it poses to privacy, freedom of expression, and – ultimately – democratic systems. At a minimum, the EU should dramatically increase democratic and judicial oversight of the development of, and trade in, surveillance equipment.
In the meantime, European policymakers should look to impose costs on those involved in the trade of such tools that are used to violate human rights – a task complicated by the fact that some European law enforcement and intelligence agencies have employed Pegasus. The EU’s lack of direct action against NSO Group since the Pegasus revelations is striking. Indeed, in June 2022, just as the European Parliament was preparing for a hearing into the activities of NSO Group, the company was sponsoring an event in Prague. The lack of consequences for NSO Group could contribute to a sense of impunity among spyware firms. The union’s review of Israel’s adequacy status will signal how it intends to apply its commitment to data protection to a strategic partner that has been at the centre of a privacy breach with global ramifications. More broadly, the EU should raise the profile of spyware-related human rights violations in bilateral discussions with partners such as the UAE, Egypt, Saudi Arabia, and Qatar. The EU should also review its policy of providing surveillance equipment to its migration partners to support its goals of reducing migration flows.
The lesson of the scandal around NSO Group – which may have received export licenses in Europe through subsidiaries as well as in Israel – is that Europeans need to pay far greater attention to the private sector’s role in providing technologies to third countries. Alongside its suite of digital regulations, the EU should provide specific guidance on how its human rights due diligence regulation applies to the technology sector – including by setting expectations for companies’ approach to risk mitigation when they provide technologies or digital services that are likely to be used by government agencies. Meanwhile, member states that provide diplomatic, advisory, or financial support to domestic tech firms should carry out risk assessments on products and services they support that could be used for digital repression.
The EU has taken a leading role in the regulation of AI and is seeking workable international governance arrangements for this enabling technology – potentially in the form of a legally binding treaty through the Council of Europe. A treaty could potentially include a requirement for “Human Rights, Democracy, and the Rule of Law Impact Assessments” for certain systems – which would be a significant development. The union’s normative approach should provide an important complement to more geopolitical efforts by the US in the area. The EU should now make a case for international controls on AI by stressing the potential ramifications of the poor regulation of the technology on economic, social, and cultural rights – not least the risks of discrimination, marginalization, and exclusion to specific communities. Finally, the resources the EU allocates to initiatives to defend against digital authoritarianism still pale in comparison to the scale of the challenge, with civil society groups in many Middle Eastern countries almost entirely unable to communicate domestically or internationally using the internet. In this context, it is more urgent than ever for the EU take up a 2015 European Parliament resolution calling for a human rights and technology fund to support such activists.
‘Iron Net: Digital Repression in the Middle East and North Africa’ — Policy Brief by James Lynch — European Council on Foreign Relations / ECFR.
(The Policy Brief can be downloaded here: