By Manal Nahhas
A number of countries in the Arab region harnessed modern technology in combating the COVID-19 pandemic. Local production in the face of the pandemic was not limited to sewing cloth masks and manufacturing sterile medical materials, but extended to developing technologies and mobile phone applications, and modifying and developing drones to impose health control.
For example, Farasha Systems in Morocco developed "health" drones, as they came to be called, for temperature assessment and to spray sterilizers. The same applies to the Saudi company, Voxel, and the Tunisian company, Talent.
Even in a country suffering from economic and political crises such as Sudan, modifications were made to drones to equip them to combat COVID-19. According to Arab media, including Sky News Arabia, this task was entrusted to the Defense Industries System.
Drones have been used across the Arab world in different ways, including monitoring people during curfews and measure the temperatures of drivers in their vehicles, all in an effort to combat the virus. China, where the virus originated, was the first to use this technology, but after its spread, Arab countries were quick to adopt it. At a time when Washington’s concerns about the widespread use of Chinese-made drones in a number of US states and in a number of European cities revolved around the possibility of China getting its hands on data threatening US and Western national security, the fate of the data collected by drones in the Arab countries did not receive much attention among citizens or in parliaments.
Although several European cities, including Nice and Brussels, have resorted to Chinese-made drones during COVID-19, their use was limited to dispersing gatherings when detected by broadcasting an audio message or spraying pesticides. However, even this deployment was controversial.
In Paris, the French National Consultative Commission suspended invoking the use of drones to monitor gatherings and impose quarantine. It viewed their use as means to collect data of people without resorting to a regulatory framework, according to reports by FranceTVInfo.com.
In a number of Arab countries, such as Saudi Arabia, Tunisia, Oman and the United Arab Emirates, the Chinese model was adopted on a larger scale, and drones were used to measure the temperature of the general population to scan for COVID-19 cases.
Such a model prompted Edward Snowden, the former US intelligence agent who exposed large-scale spying programs, to express his fear that a long life would be written for the "watchdog state," as he called it, until after the end of the COVID-19 crisis. He said, “They already know what you’re looking at on the internet. They already know where your phone is moving. Now they know what your heart rate is, what your pulse is.” He asked, as if sounding an alarm, "What happens when they start to mix these and apply artificial intelligence to it?" according to reports by The NextWeb.com. Tracing the source of the drones being used in the Arab world was not possible, except in a limited number of countries.
In Morocco, for example, the start-up Farasha Systems modified the work of environmental Chinese-made drones in order to combat COVID-19. In Saudi Arabia on the other hand, it was Voxell who announced the development of drones.
In Jordan, drones are being used to monitor compliance with the general quarantine "to capture all those who violate the quarantine and transfer them to the public prosecution to take legal measures and to seize the vehicles used,” according to the Jordanian Public Security Directorate.
As for Tunisia, the use of drones equipped with a thermal camera and loudspeakers is the result of cooperation between Talent Holding and the Tunisian Ministry of Health, according to the ministry. In Sudan, the Sudanese Defense Industries System introduced modifications to drones to combat COVID-19. The modifications aimed to introduce these drones into surveillance service, voice awareness, and body temperature assessment. The health authorities in these countries announced the deployment of drones.
It is likely that China is the most prominent source for commercial drones in the Middle East, considering that it is the largest producer of drones in the world. The sale of the non-military Chinese DJI drones in the Middle East increased this year by 70% compared to last year, according to Nikkei.com, which added that more than two-thirds of all global sales of non-military drones are by this company.
According to a report entitled "Chinese drone market 2019-2025,” issued by Drone Industry Insights website, China accounts for 70% of these non-commercial drone sales. The report also expects the Chinese drone market to reach $43 billion in 2024. As for commercial (non-military) drone revenues, Statista website expects them to reach $2,367 million this year.
DragonFly, which has major offices in Canada and the United States, did not disclose the volume of its drone sales in the Middle East, despite press releases and reports published by the British House of Commons library indicating its role in the Gulf region.
There is close cooperation between China and a number of Arab countries. For example, in 2017, following the visit of Saudi King Mohammed bin Salman to China, the establishment of a factory for manufacturing Chinese armed drones in Saudi Arabia was announced.
However, Arab countries went a long way in invoking digital and cellular technology for censorship before the COVID-19 crisis.
A study titled "Colonial Cables: The Politics of Surveillance in the Middle East and North Africa," issued in Vienna earlier this year by the Austrian AIES Institute, shows that since the Arab Spring in 2010, Arab governments have intensified censorship and spying on data and have used European and Israeli companies to spy on opponents and access their data even if they left their countries to Canada or Britain.
Thus, the technology used to combat COVID-19 did not constitute an unprecedented turning point in monitoring individuals in a number of Arab countries, but rather firmly rooted what was present through more advanced technology, with the knowledge of, and often even welcoming from citizens.
Some human rights organizations such as Amnesty International argue that the most dangerous applications to civil liberties are those used in Kuwait and Bahrain. These applications, in addition to being mandatory, collect information and data on the movements of citizens and track the details of their daily lives, going beyond health measures taken for the pandemic.
Amnesty International analysed 11 applications in the world (Algeria, Bahrain, France, Iceland, Israel, Kuwait, Lebanon, Norway, Qatar, Tunisia and the United Arab Emirates), and found that the Kuwaiti and Bahraini applications adopt an "excessive" or even "hostile" approach to collecting data and tracing their owners.
Unlike applications based on Bluetooth technology such as "Ehmi - Protect" in Tunisia, which is used to track people, GPS technology used in the Kuwaiti "Shlonak" and the Bahraini "Conscious Society" application reveals the person's location and the identities of those surrounding them through phone numbers or ID cards.
Data Helps Track the Virus’ Spread
While most countries in the region adhered to a decentralized approach, keeping data on phones and using Bluetooth technology to monitor contact with patients, applications in Bahrain, Kuwait and Qatar transferred user data to central servers. This is a source of security risk to individual freedom, and a source of fear of sharing data with other parties, which may be security, commercial or entertainment parties, as seen in Bahrain.
In Kuwait, for example, and after cooperation between government agencies, the Public Authority for Communications and Information Technology “hosted and stored the Shlonak application data through its operational activities," according to what was stated on the website of the Public Authority for Communications and Information Technology.
But the most prominent question is about the fate of applications and data after the pandemic, and the fate of data even if it is not transferred to central government servers. Can the two most prominent internet giants Google and Apple keep this data? Will its exploitation be confined to its commercial potential, to market certain commodities based on data collected? Or will it be exploited in security work? It did not take long for Apple and Google to announce an update of the Bluetooth feature in their operating systems starting mid-May, that would function in the background without the need to unlock the device and expose it to spying by others or exhausting its battery, according to maharat.
Are Applications Mandatory?
With the exception of the Qatari application “Ehtiraz,” Kuwaiti "Shlonak" and Bahraini "conscious society," applications for combating COVID-19 are purely optional and not mandatory, according to the Tunisian Ministry of Health, although they are published by the ministries of health in the concerned countries.
In the United Arab Emirates, for example, "al-Hisn" application is optional and free. It enables users to obtain medical examination results directly on the phone and to track contacts of patients. The application relies on the use of Bluetooth short-range signals in the event that the same application is available on other people's mobile phones, as the phones exchange the metadata that is then stored on the al-Hisn application in an encrypted form only on the user's phone. Through this data, the competent health authorities can quickly identify people at risk of infection, to be contacted and tested.
The same applies in Saudi Arabia with the application "Tataman." Likewise, the Jordanian “Aman” application facilitates identifying contact with COVID-infected people by “using technology to serve the health of society,” according to the Jordanian Minister of State for Media Affairs, Amjad Al-Adayleh.
On the official government website, Bahrain appears to be out of step with Arab governments in announcing the fate of the data it collects in its fight against COVID-19. The government announced that it is committed to protecting the privacy of data according to the Personal Data Protection Law, and it also confirmed that using the data collected through this application is limited to health authorities in tracing contacts in order to limit the spread of COVID-19, and that the identities of users will not be disclosed to a third party. It indicated that it uses "Information encryption feature to protect sensitive data." But it soon became evident that this data was being used by a TV program that distributes prizes to people committed to their quarantine.
The most prominent question today is, at a time when “data sanctity” is perhaps most important, how can personal data be protected?
In Oman, the application "Tarassad Plus" by the Health Ministry warns the users that there is a person in their vicinity wearing a smart bracelet, which means the wearer is infected and is supposed to be in home isolation. This requires users to activate GPS and Bluetooth services.
The UAE, Kuwait, Oman, Jordan and Bahrain have resorted to providing patients with smart electronic bracelets in cases of home quarantine, whether symptomatic or not, if they were not suffering from chronic diseases and were not over the age of 60. Among the conditions required for home isolation are a well-ventilated room, a separate bathroom and a smartphone. These bracelets were imported from South Korea and China and were also used to trace breaches of isolation.
In Qatar, the application "Ehtiraz," mentioned above, is mandatory.
As for Egypt, new modifications were introduced to "Egypt Health" mobile application to provide information about COVID-19. The most prominent features of the application is reporting suspected cases of COVID-19, where one can report his or another person's condition by pressing on the application's "Report" screen, entering the name and the national number of the case and answering some questions to determine the likelihood of infection.
The security-orientation is striking in the “Report” screen, as reporting other people requires entering their names and national numbers issued by the Ministry of Interior. This is another kind of violation, because it does not collect the data of those who download the application, but rather calls on people to report infected or suspected cases and provide their national numbers. This is also the case with the Lebanese application MOPH APP., which calls for "reporting any case of COVID-19," as if the patient has committed a misdemeanor or crime.
There are two kinds of these applications, the first transfers users' data to central servers, and the second relies on Bluetooth instead of relying on tracking contacts. However, in some cases, such as Lebanon, Egypt, the United Arab Emirates, Saudi Arabia, Oman, and Jordan, it requests a number of permissions, such as access to camera and microphone recordings and the geographical location, which allows collecting many personal information about users stored in smartphones, making them easy to be hacked. In contrast to the Arab Gulf countries, where the centralized role of government health agencies in preparing anti-COVID-19 applications is clearly evident; in Algeria, Tunisia and Morocco, community bodies took the initiative to provide such applications, some of which cooperated with official bodies and ministries.
In Algeria, the application “Cov-19” is free and was developed by an Oran-based organization specializing in geolocation. Another application to consult a doctor through video call, Tabib.zad, was launched by a government agency, in cooperation with the Chinese company Huawei, the promotion agency Algérie Telecom and the Algerian company FORTINET, which handles technical insurance and the flow of medical data.
In addition to these two non-governmental applications, there is an official application called "Coronavirus Algerie," which is the result of cooperation between the Ministry of Health and "IncubMe". Algeria asked Google to enable it to access all information related to the epidemic. In Tunisia, "Ehmi - Protect" was developed by Whizlabs company for free, and the Tunisian Ministry of Health invited its citizens to download it. In Morocco, the Ministry of Health called on Moroccans to download the optional "Weqayatona" application on their mobile phones.
In areas where the role of the central authority has weakened as a result of war, the role of community initiatives is rising. In a post-ISIS Mosul, “Mosul Space,” an organization funded by the German Foundation for International Cooperation and the American Field Ready Organization, seeks to develop drones for use in the sterilization process and to provide food and medicine to patients and those in quarantine. In Syria, an unofficial application called COVID-19 was developed by young web and mobile application developer and translator Mohammad Diob. The application was not adopted by any official body and is still in the experimental stage. In the Palestinian territories, an Israeli application was imposed on Palestinian workers working in Israel, and its goal is security-oriented, more than health-oriented.
A Supervisory Role
In Arab countries, some international and local human rights organisations have responded to what they called "disguised governmental violations" on health grounds, as described by Amnesty International. These organisations, such as Amnesty International and SMEX, which is a Lebanese organization that seeks to "support self-regulating information societies in the Middle East and North Africa, as well as work to promote digital rights,” have sought to defend the right to privacy and data protection at a time when governments invoke the pandemic to collect huge amounts of data, either through COVID-19 applications or drones.
Supervisory Authority Outside the Judiciary
These organizations, or some of them, played a supervisory role on government applications that did not provide adequate protection for their users' data. For example, Amnesty International's discovery of a vulnerability in the Qatari application “Ehtiraz” to combat COVID-19 has shed light on what threatens the private life.
Its security lab detected a vulnerability in the central server to protect personal data and was able to access sensitive information, including names of users, their health status, and the coordinates of their locations using a GPS system.
SMEX also detected a vulnerability in the Lebanese government’s protection of user data while fighting COVID-19. The organization said that the updated Ministry of Health application used to provide information about COVID-19 and its spread in different regions
"requires a lot of unnecessary permissions, such as permissions to view camera, microphone and geographic data, and some necessary permissions to operate application services. Activating all of these permissions allows applications to collect personal information about the users and opens the door for attackers to easily obtain the data or exploit permissions to access users' devices."
In the Arab world, medical authorities did not ask the developers of COVID-19 applications to delete personal data after the end of the pandemic, and we have not seen this issue discussed in the representative political circles, such as the House of Commons or Parliament. However, since the entry into force of the European Law for the Protection of Personal Data in 2018, this region has witnessed government efforts to formulate laws aimed at protecting personal data, as monitored by SMEX.org. This protection, however, was limited to that of digital markets and online shopping, as is the case with Egypt’s ratification of the Personal Data Protection Law on February 24, 2020.
In Saudi Arabia, the e-commerce law was ratified in 2019 in a bid to foster a trustworthy online transaction environment. Lebanon, in turn, began implementing the Law on “Electronic Transactions and Personal Data” in January 2019. In the same year, the Law on Health Data Protection entered into force in the United Arab Emirates, which is also a data protection law that simulates European law. Reem Al-Masry, a journalist specializing in the intersections of technology and politics for the Jordanian magazine 7iber, indicated to Maharat magazine that
"there is a shortage in the legislative system for protecting personal data and protecting privacy in most Arab countries, and if this system is found, there are no standards or oversight bodies that protect the rights of individuals to privacy and protection of their personal data."
It appears that the centralized approach to fighting COVID-19 has been more effective in Arab Gulf states. Whoever takes a careful look at this fight will notice that COVID-19 has appeared in the form of a multi-armed octopus in a number of Arab countries, where cooperation arose between a number of government and civil agencies. For example, in the cooperation between health authorities and public security, as seen with the Saudi application "Tawakalna," which grants exit permits during quarantine, and the Egyptian application, “Egypt Health,” which calls for reporting suspected cases of COVID-19 and providing their national numbers. In addition, universities cooperated with one another such as the Saudi King Abdulaziz University for Science and Technology, the United Arab Emirates University and Sultan Qaboos University, as did artificial intelligence agencies, as seen in Oman and Saudi Arabia, and the emerging companies sector, such as the Saudi start-up, Bader, the Internet giants (Google and Apple), mobile phone companies, the Ministry of Housing in Saudi Arabia, all the way to the Defense Industries System, as seen in Sudan.
This investigation was carried out with the support of Arab Reporters for Investigative Journalism (ARIJ).
The views expressed in this article do not necessarily reflect those of Al Bawaba News.
© 2000 - 2020 Al Bawaba (www.albawaba.com)