The revelation, as more than 25,000 heads of state, diplomats, negotiators, journalists and activists from around the world gather for a climate summit starting in Sharm El-Sheikh on Sunday, has raised concerns that Egypt’s authoritarian regime could used an official platform for a United Nations event to monitor and harass attendees and critical domestic voices. The official Cop27 app, which has already been downloaded more than 5,000 times, requires users to scan permissions before installing it, including allowing Egypt’s Ministry of Communications and Information Technology to view emails, scan photos and identify locations of users, an expert who analyzed it for the Guardian. That data could be used by Abdel Fattah al-Sisi’s regime to further crack down on dissent in a country that already holds some 65,000 political prisoners. Egypt has carried out a series of mass arrests of people accused of being protesters ahead of Cop27 and has sought to control and isolate any activists near the talks, where governments will attempt to forge a deal to tackle the climate crisis. “This is a cartoon app supervillain,” said Gennie Gebhart, the director of advocacy at the Electronic Frontier Foundation. “The biggest red flag is the number of permissions required, which is not necessary for the app to function and suggests that they are trying to track participants. “No sane person would want to consent to being tracked by a nation state or having their emails read, but often people click on these permissions without a second thought.” He added: “I can’t think of a single good reason why they need these permits. It is an open question how this information will be used – it raises many scary possibilities. It may well have a silencing effect in that people self-censor when they realize they are being watched in this way. It can have a chilling effect.” Amnesty International’s Hussein Baumi told the Guardian that technicians working for the rights organization had reviewed the app and flagged a number of concerns ahead of Cop27. The app had access to users’ camera, microphone, Bluetooth, and location data, as well as mapping two different apps. “It can be used for surveillance,” he said. Baumi added: “The issues they found were mainly the permits he was asking for. If granted, it allows the app to be used to track you. It collects data and sends it to two servers, including one in Egypt. The authorities are not saying what they do with this data, and they can use this app to bulk collect data from everyone who uses it.” Amr Magdi of Human Rights Watch said his organization had also evaluated the app and found it “opens doors for misuse.” Magdi added that conferences like Cop27 are “a great opportunity from a security point of view to gather information,” including some activists “who want to know more about.” Abdel Fattah al-Sisi, the Egyptian president. Photo: Christian Mang/Reuters Rights activists in Egypt raised concerns about the Cop27 app almost immediately after it was made available. “You can now download the official #Cop27 mobile app but you must provide your full name, email address, mobile number, nationality and passport number. Also, you need to enable location tracking. And then the first thing you see is this,” tweeted Hossam Baghat, head of the Egyptian Initiative for Personal Rights, linking to an app screen showing the face of the Egyptian president. He then uploaded a screenshot of the app’s terms and conditions, which read: “Our app reserves the right to access customer accounts for technical, administrative and security purposes.” The digital surveillance of Cop27 participants comes on top of a highly developed infrastructure for monitoring the communications of Egyptian citizens, fueled in large part by Egyptian officials’ fears about the power of digital communications and its connection to the 2011 popular uprising This includes deep packet inspection technology provided by a US company in 2013, allowing authorities to monitor all internet traffic traveling through a network. The Egyptian government is also blocking online access to over 500 websites, including the country’s lone independent news agency Mada Masr, using technology provided by Canadian company Sandvine. Surveillance by major phone providers such as Vodafone allows Egyptian authorities direct access to phone calls, text messages and information of all users. A Cop27 attendee said Vodafone was handing out free sim cards to conference attendees upon arrival at Sharm El Sheikh airport. “The Cop27 application is really part of the wider surveillance structure in Egypt,” Baomi said. “This app comes from a country that does unapologetic mass surveillance of its own population. It stands to reason that of course the Egyptian government’s app can be used for surveillance, data collection and use for non-Cop27 purposes. It is sad but expected from Egypt.” Rights activists and members of Egyptian civil society critical of the government have been subject to targeted surveillance by Egyptian authorities for years, raising concerns about the risks to high-profile activists attending Cop27. EIPR and Citizen Lab identified an “ongoing and widespread phishing campaign against Egyptian civil society” in 2017, targeting organizations working on human rights, civil liberties and gender issues, as well as individual targets such as lawyers, journalists and activists. Four years later, Citizen Lab identified a new targeted hacking attempt on the phone of a prominent ex-opposition leader based abroad. The governor of South Sinai, General Khaled Fouda, also recently boasted to a domestic cable channel about the level of surveillance on Cop27, including cameras in the back of taxis that feed video to a local “security observatory.” “Sisi’s idea of ’security’ is mass spying on everyone,” Magdi wrote in response on Twitter. The police presidency and Egypt’s foreign ministry were approached for comment.
