There are growing fears over surveillance of delegates at Egypt’s Cop27 climate talks, with cybersecurity experts warning that the talks’ official app requires access to a user’s location, photos and even emails upon download.
The revelation, which will see more than 25,000 heads of state, diplomats, negotiators, journalists and activists from around the world gather at the climate summit in Sharm el-Sheikh that begins Sunday, has raised concerns that Egypt’s authoritarian regime will be able to official platform for a United Nations event to persecute and harass attendees and critical local voices.
The official Cop27 app, which has been downloaded more than 5,000 times, requires extensive approvals from users before it is installed, including the ability for the Egyptian Ministry of Communications and Information Technology to view emails, search photos and the locations of users, according to an expert analyzing it for the Guardian.
This data could be used by Abdel Fatah al-Sisi’s regime to further crack down on dissent in a country that already holds some 65,000 political prisoners. Egypt has carried out a series of mass arrests of people accused of being protesters in the run-up to Cop27 and is trying to screen and isolate any activists near the talks, which will mean governments will try to stop a Reach agreement on how to deal with the climate crisis.
“This is a cartoon supervillain of an app,” said Gennie Gebhart, advocacy director of the Electronic Frontier Foundation. “The biggest red flag is the number of permissions required, which are unnecessary for the app to operate and indicate they are attempting to monitor attendees.
“No sane person is going to want to consent to surveillance by a nation state or having their email read, but often people click on those permissions without much thought.”
She added: “I can’t think of a single good reason why they need these permissions. How this information will be used is an open question – it opens up many frightening possibilities. It can certainly have a silent effect, with people censoring themselves when they realize they are being watched in this way. It can have a chilling effect.”
Amnesty International’s Hussein Baoumi told the Guardian that technical staff at the human rights organization investigated the app and raised a number of concerns before Cop27. The app could access users’ camera, microphone, Bluetooth and location data, as well as pairing two different apps.
“It can be used for surveillance,” he said.
Baoumi added, “The issues they found were primarily the permissions being asked for. If granted, the monitoring app can be used against you. It collects data and sends it to two servers, including one in Egypt. The authorities do not say what they do with this data and they can use this app for bulk data collection from anyone who uses it.”
Human Rights Watch’s Amr Magdi said his organization also evaluated the app and found it “opens doors to abuse.”
Magdi added that conferences like Cop27 are “an excellent intelligence-gathering opportunity from a security perspective,” including for specific activists “that they want to know more about.”
Abdel Fatah al-Sisi, Egyptian President. Photo: Christian Mang/PortalHuman rights activists in Egypt raised concerns about the Cop27 app almost immediately after it became available.
“You can now download the official one #cop27 mobile app but you must provide your full name, email address, mobile number, nationality and passport number. Also, you need to enable location tracking. And then the first thing you see is this:” tweeted Hossam Baghat, head of Egypt’s Personal Rights Initiative, links to an app screen that shows the Egyptian president’s face.
He then tweeted a screenshot of the app’s terms of service, they were: “Our application reserves the right to access customer accounts for technical, administrative and security purposes.”
The digital surveillance of Cop27 participants relies on a sophisticated infrastructure for monitoring Egyptian citizens’ communications with grid flagnets, prompted in large part by Egyptian officials’ concerns about the power of digital communications and its relationship to the 2011 popular uprising. This includes Deep Packet Inspection technology, made available by an American company in 2013, which allows authorities to monitor all web traffic moving through a network. The Egyptian government is also blocking online access to over 500 websites, including the country’s only independent news agency, Mada Masr, using technology from Canadian company Sandvine.
Surveillance by major phone providers such as Vodafone gives Egyptian authorities direct access to all users’ calls, text messages and information. A Cop27 attendee said Vodafone gave out free SIM cards to conference attendees upon arrival at Sharm el-Sheikh airport.
“The Cop27 app is really part of the broader surveillance structure in Egypt,” Baomi said. “This app comes from a country that has uncompromising mass surveillance of its own population. It makes sense that the Egyptian government’s app could of course be used for surveillance to collect data and use it for purposes unrelated to Cop27. It is sad but expected from Egypt.”
Human rights activists and anti-government members of Egyptian civil society have been under close surveillance by the Egyptian authorities for years, raising concerns about the risks to high-profile activists participating in Cop27. The Egyptian Initiative for Personal Rights and Citizen Lab identified in 2017 an “ongoing and large-scale phishing campaign against Egyptian civil society”, targeting organizations dealing with human rights issues, political freedoms and gender, as well as individual targets such as lawyers, journalists and activists. Four years later, Citizen Lab identified a new targeted hacking attempt against the phone of a prominent ex-Egyptian opposition leader based abroad.
South Sinai Governor Khaled Fouda recently boasted to a domestic cable broadcaster about the level of surveillance at Cop27, including cameras on the backs of taxis that provide footage to a local “security observatory.”
“Sisi’s idea of ’security’ is mass spying on everyone,” says Magdi tweeted In response.
The Cop Presidency and the Egyptian Foreign Ministry have been asked for comment.