Following my interrogation by Hezbollah last month, I was left wondering what data they may have been able to copy from my phone, which had been seized for several hours. But one does not need to be held by a military organization to have sensitive, personal information stolen without warning. Find out who else in Lebanon and elsewhere may have your data in my latest column for Bold Magazine.
WHO’s GOT YOUR DATA? // BOLD Magazine June 2015
By Habib Battah
Projecting images of Lebanon’s various undersea cables, best-selling American author James Bamford revealed how the US National Security Agency possessed technology to easily intercept those communications and feed them directly to Israel. Speaking during a packed presentation at the American University of Beirut earlier this year, Bamford also noted that many Arab states such as Saudi Arabia, Jordan and the UAE were “secret partners” with the NSA, which also shares their information “unfiltered” with Israeli intelligence.
As troubling as this may sound, there is often very little journalistic reporting or public debate in Lebanon or other Middle East countries about who is collecting our data and which countries our governments have decided to share it with. In Lebanon, the most explosive debate came in 2006, when a pro-Western Lebanese government attempted to outlaw Hezbollah’s private underground fiber-optic local network. Many of the party’s opponents tersely accused it of trying to circumvent state phone tariffs. But did the party of God know about the NSA back then?
It is only recently and thanks to Wikileaks and whistleblowers like Edward Snowden, that a significant amount of NSA spying has been disclosed, sparking very public and embarrassing debates, culminating in a US Federal court ruling this month that the agency’s wiretapping program was unlawful. So how much do we know about the agencies and individuals that manage our information here in Lebanon?
Internet policy expert Mohamad Najem says the Lebanese government is regularly violating state privacy laws when it comes to information sharing. Speaking at a recent panel organized by the Samir Kassir Foundation, Najem gave an example of how local authorities reacted to the case of missing person by handing over data from every cell phone in the city and surrounding suburbs (i.e over one million persons) with one approval from the Prime Minister. Najem, who heads Social Media Exchange, a regional digital rights and advocacy group, also cast doubt on Lebanon’s Cyber Crime Bureau. According to one of the Kassir foundation organizers who spoke during the Q and A, the Bureau– which falls under the judicial police– has recently been investing its time in scouring Lebanese social media to collect all references to the words “terrorist” and “ISIS.”
Najem explained that the head of the Bureau, Major Suzan Hajj Hobeiche, recently spoke at an event criticizing the web browser, TOR, which is popular with activists across the world to protect from hacking and surveillance. Describing it as “al basli” (the onion)–based on its vegetable logo– Hobeiche said the US-based non profit TOR project, used by millions of users per day, was a product used by “criminals.”
Yet far from foiling nefarious plots, Lebanon’s Cyber Crime Bureau has made a name for itself by interrogating and intimidating young local bloggers. The crimes range from a post that made fun of a minister’s mustache to more serious posts that asked important questions about unethical business practices among Lebanese companies, such as pyramid schemes and exorbitant hidden fees. One blogger was even held over a post that criticized the predictions of a prominent fortune-teller. Another was arrested for merely sharing an article on Facebook that claimed a company working with the Lebanese government had ties to Israel.
When summoned, the cyber crime bureau agents reportedly pressure bloggers to sign draconian documents vowing to refrain from mentioning the company or individuals they have criticized in the future. In some cases, bloggers have claimed that police agents tricked them into giving up information by sending malware to their computers, a practice Hobeiche seemed to endorse by claiming ‘ethical hacking’ used by law enforcement is sometimes needed to protect the greater good. Yet, increasingly that greater good seems to be defined by the interests of the wealthy and well-connected and many activists and lawyers worry that the bureau is unregulated and poses a threat to free speech.
For her part, Hobeiche has repeatedly claimed she is opposed to censorship and seeks to expand free expression– within limits of course. “We will teach public how to express themselves freely without crossing the line,” she said during the May Chidiac “Free Connected Minds” conference last year.
Hobeiche also seems to indicate she is handcuffed by an archaic legal system that puts defamation cases into the criminal courts–thus requiring police questioning–rather than the civil courts, which is where such cases are often handled in countries with more progressive legal systems.
I put the question to Hobeiche during the Chidiac conference. “I am one billion percent with you,” she replied, when asked if defamation cases should be civil matters, free from police intervention. This echoes a similar statement Hobeiche made at the 2014 Arab Internet Governance Forum. But beyond promises of goodwill at live public events, what progress has actually been made on this issue within the corridors of power?
In fact, the infringement of privacy and expression in the name of security transcends the digital realm. On the streets of Beirut today, some 2,000 high definition cameras are being installed for surveillance purposes. Little is known about the company undertaking the installation save a court decision a year ago noting that the $40 million contract it was awarded was ruled illegal due to irregularities in the municipality bidding process. Nonetheless, over the last few weeks, the streets have been dug up and the cameras are being mounted on intersections and sidewalks. Who will be watching the feeds? What regulations will govern how the video is used?
The silence is worrying. It’s time for journalists and the public to start taking privacy and surveillance issues seriously. These discussions should not be limited to brief panel appearances couched in vague language. There needs to be investigative reporting to produce specific questions that can inform public debates. The government will not regulate itself.
This column was first published in the June issue of Bold Magazine.
4 comments
Somewhat related:
An Italian company selling cybersurveillance software to governments has been hacked a few weeks ago. One document was leaked which was a 1M dollar bill addressed to the “Lebanese Army, Directorate of Military Intelligence, YARZE” for their Galileo surveillance system.
More info: https://lebgeeks.com/forums/viewtopic.php?id=16361
Yes heard about that, thanks for the reminder!