Human Rights Responsibilities of Tech Companies Operating in MENA

Human Rights Status in the MENA Region

Governments within the MENA region have been increasingly purchasing and using powerful digital tools, including wiretapping tools, spyware tools, and facial recognition tools for mass surveillance. These tools are often used for silencing journalists and activists, and repressing organized opposition.

This is done through national security and anti-terrorism laws facilitating state practices that infringe on fundamental human rights and freedoms. As a result, these practices lead to the emergence and growth of companies that do not fear being held accountable.

Also, a similar trend can be witnessed in terms of migration and border management in recent years. Authoritarian regimes in MENA have been increasingly initiating policies or taking part in programs with European nations geared towards controlling migration in ways that increase the susceptibility of refugees and migrants. Economic instability and conflict continue driving the rising number of forcibly displaced persons.

Numerous surveillance technology companies are deeply implicated in these trends. Private companies, worldwide, including Israeli and European companies, create, transfer, and service surveillance technologies for authoritarian governments in the MENA region in unaccountable and opaque ways.

The MENA Surveillance Coalition highlighted that the region has increasingly become a fertile ground for invasive surveillance, enabling private tech companies to reap profits off egregious human rights violations. In addition, companies in the MENA region have played decisive roles in perpetuating human rights abuses against citizens, migrants, asylum seekers, and refugees.

This paper contributes to unearthing and understanding the responsibilities that tech companies, which provide these tools, have in safeguarding rights and freedoms, particularly in the MENA region.

How Surveillance Tools Are Used in MENA

Governments operate drones on migrants to monitor their movements, preventing them as they arrive by boat and detaining them in abusive conditions when they arrive at their borders, as in Libya for example. They also force millions of Syrian refugees within Jordan to exchange their biometric data without meaningful consent. There is also the use of facial recognition and predictive policing for targeting and racial profiling of Palestinians as they cross West Bank checkpoints. Ideally, these cases demonstrate the way data-driven or algorithmic decision-making can result in discrimination against marginalized communities as well as strengthen authoritarian governments.

Companies in the private surveillance sector operate under secrecy. Thus, the public lacks adequate information regarding the way in which they violate human rights. The UNGPs offer a framework for the assessment of whether surveillance companies respect the rights of those impacted by their services and products. More specifically, the UNGPs emphasize business commitments to respecting human rights by conducting due diligence processes for identifying, preventing, mitigating, and accounting for human rights impacts. Notwithstanding, the lack of mechanisms for ensuring compliance with the principles remains a key barrier to more corporate accountability and transparency, especially in industries renowned for their secrecy, including surveillance tech companies. A decade after the UNGPs were adopted, voluntary due diligence measures that companies have undertaken are weak, thus leaving glaring gaps within human rights protections.

Responsibilities

The major challenges in the protection of human rights are the lack of transparency, unclear human rights policies, inadequate and ineffective due diligence, inadequate consultations, inaccessibility of remedy mechanisms, and human rights concerns related to discrimination, privacy, and civil liberties. Tech companies can play a pivotal role in protecting and safeguarding human rights. They can achieve this through the mechanisms explained below.

Promoting Transparency

The lack of transparency denoted that tech companies need to commit to the principles and tenets of democracy regarding the activities that they undertake within the surveillance industry. The broad lack of transparency about clients, contracts as well as licensing in relation to human rights impacts and protections is a key impediment. Companies usually cite confidentiality clauses as reasons for the lack of transparency. None of the companies want to disclose the MENA countries that they operate in or the surveillance solutions that they provide. For instance, Airbus, Thales Group and G4S have on various occasions declined to disclose the contracts or details regarding their contracts with government clients or the number of surveillance solutions, services, products, or equipment that have been distributed. In a report by the Business and Human Rights Centre, G4S argued that laws and regulations restricted it from doing so, whereas Thales Group argued that the information is subject to confidentiality agreements and contractual relationships with their clients and security reasons. Amnesty International reported in 2019 that companies exploit confidentiality clauses or national security considerations to hide information on their activities from the public domain.

Cellebrite and IrisGuard have also argued that they do not provide surveillance or technology solutions to governments within the MENA region. This highlights the lack of commitment by these companies to be transparent regarding their activities in the surveillance sector. It also calls for the importance of such tech companies to not only comprehend but also mitigate their human rights impacts. Some companies have also not embraced human rights policies as they should despite stating that they do. This demonstrates a disconnect between existing human rights and the activities of tech companies. Also, some tech companies are complicit since they assist governments to repress and censor dissenting voices, limit digital rights, and facilitate unlawful detentions. This helps authoritarian regimes to succeed in their efforts, thus illustrating that there is a need for awareness creation to deter these companies from engaging in these activities.

Respect for Human Rights

Principle 15 of UNGP argues that companies should adopt a human rights policy, hence outlining the responsibility that they have in respecting human rights. Principle 16 also calls for companies to embed respect for human rights within a publicly available human rights policy statement. It is quite crucial in high-impact sectors like surveillance technology where human rights risks remain prevalent. Some tech companies have been linked to state represstate repression in Egypt, censoring voices and constraining digital rights in Palestine, sale of products that have a history of taking advantage of technology for perpetrating human rights abuses in Saudi Arabia and Egypt, and facilitating detentions, prosecutions as well as the harassment of civil rights activists, minorities, dissidents, and journalists.

Due Diligence

Tech companies should conduct effective and adequate due diligence for identifying human rights risks. More specifically, tech companies should engage in honest human rights impact assessment through tools and processes. They should also prioritize the impact of services and products on the right to life and liberty as a human rights issue by embedding risk-based human rights. For example, tech companies have the responsibility of developing strong integrity commitments for the design of ethical, socially accountable systems and technologies. Furthermore, they should conduct regular reviews for identifying the countries where human rights risks are deemed as high. Their policies should clearly state that prior to them getting into any contract, they ought to do due diligence on suppliers, customers, and subcontractors to check for evidence of past or current human rights abuses.

The due diligence responsibility should also entail putting in place strict licensing restrictions and policies for governing the sale of its commodities and the way customers use its solutions. As they operate in high-risk solutions or conflict-affected regions like those in the MENA region, all tech companies should clearly state that they will not engage in selling or providing various surveillance solutions, services, or equipment to MENA states that have a human rights violation track record. This should be done by publicly disclosing their due diligence policies, making it harder to assess whether they are being rolled out in practice and whether they can be effective.

Stakeholder Engagement

Tech companies have a responsibility to meaningfully engage with stakeholders. Regular and effective stakeholder engagement is an integral component of human rights due diligence processes and plays a critical role in preventing and remediating business-related human rights.

Grievance mechanisms

Moreover, tech companies should have tech mechanisms in place for enabling people to submit complaints about human rights abuses facilitated by company services and products. The grievance mechanism responsibility can also entail the monitoring of communications channels on a regular basis to respond to any concerns regarding its products.

Conclusion

Tech companies have been contributing to detrimental human rights violations in the MENA region. Thus, it implies that they can play a critical role in reversing the trend and safeguarding fundamental human rights. In an era of increased public criticism and heightened state intervention, tech companies find it difficult to balance human rights and business interests, especially in the MENA region where human rights violations remain rampant. The core responsibilities identified in this paper are promoting transparency, respecting human rights, conducting due diligence, stakeholder engagement, and developing grievance mechanisms. In this regard, these companies should strengthen human rights risk management in tandem with international standards set out by the OECD and UNGPs Guidelines, including strong rightsholder/stakeholder engagement. They should also carry out more human rights due diligence and embrace a conflict-sensitive approach in the MENA region to avoid being involved in severe human rights abuses as well as violations of international humanitarian law. In addition, they should stop selling and using surveillance technologies. Finally, they should create and publish transparency reports revealing the potential capabilities and uses of their products, misuse incidents, and information on sales to government bodies.

References

Access Now (26 July 2021). MENA Surveillance Coalition: stop all surveillance tech sales to the region’s autocratic governments. https://www.accessnow.org/pegasus-project-mena/ 

Amnesty International (August 16, 2019).  A Dangerous Alliance: Governments Collaborate with Surveillance Companies to Shrink the Space for Human Rights Work. https://www.amnesty.org/en/latest/research/2019/08/a-dangerous-alliance-governments-collaborate-with-surveillance-companies-to-shrink-the-space-for-human-rights-work/ 

Article 19 (November 04, 2020). Censorship and website blocking. https://www.article19.org/resources/egypt-human-rights-organisations-call-on-government-to-end-internet-censorship-and-website-blocking/ 

Business & Human Rights Resource Centre (18 February, 2019). Novalpina Capital buys spyware co. NSO Group, commits to greater transparency but rights groups call out unaddressed issues. https://www.business-humanrights.org/en/latest-news/novalpina-capital-buys-spyware-co-nso-group-commits-to-helping-it-become-more-transparent/

Business & Human Rights Resource Centre (18 February, 2019). Occupied Palestinian territory: Report claims tech giants & Israeli telecommunication cos. are limiting digital rights; Twitter & Facebook respond. https://www.business-humanrights.org/en/latest-news/occupied-palestinian-territory-report-claims-tech-giants-israeli-telecommunication-cos-are-limiting-digital-rights-twitter-facebook-respond/ 

Business & Human Rights Resource Centre (21 December 2020). Citizen Lab report finds clients of cyberespionage company Circles include govts. with a history of surveillance abuses. https://www.business-humanrights.org/en/latest-news/report-from-the-citizen-lab-finds-clients-of-cyberespionage-company-circles-include-govts-with-a-history-of-surveillance-abuses/ 

Business & Human Rights Resource Centre (23 July, 2018). NGOs accuse French companies of contributing to state repression in Egypt, mixed response from companies. https://www.business-humanrights.org/en/latest-news/ngos-accuse-french-companies-of-contributing-to-state-repression-in-egypt-mixed-response-from-companies/ 

Business & Human Rights Resource Centre (5 July, 2021). Intelligence co. Cellebrite and Japanese Sun Corporation accused of facilitating human rights violations by selling its products to repressive regimes; incl. co. responses. https://www.business-humanrights.org/en/latest-news/intelligence-co-cellebrite-accused-of-facilitating-human-rights-violations-by-selling-its-products-to-repressive-regimes-incl-co-response/ 

Cellebrite (2022). Ethics and Integrity at Cellebrite. https://cellebrite.com/en/ethics-integrity/

Impact International (20 April, 2022). All are responsible: MENA’s unregulated business arena – the need for human rights due diligence. https://impactpolicies.org/en/news/266/all-are-responsible-menas-unregulated-business-arena-the-need-for-human-rights-due-diligence 

Krapiva, N. & Micek, P. (3 September 2020). Francisco Partners-owned Sandvine profits from shutdowns and oppression in Belarus. Access Now. https://www.accessnow.org/francisco-partners-owned-sandvine-profits-from-shutdowns-and-oppression-in-belarus/

Marczak, B., Dalek, J., McKune, S., Senft, A., Scott-Railton, J. & Deibert, R. (March 9, 2018). Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads? Citizen Lab. https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/ 

Masaar (October 24, 2020). Sandvine: The surveillance octopus in the Arab region. https://masaar.net/en/sandvine-the-surveillance-octopus-in-the-arab-region/ 

Qurium (September 21, 2020). How operators use Sandvine to block independent media in Egypt. https://www.qurium.org/alerts/egypt/how-operators-use-sandvine-to-block-independent-media-in-egypt/ 

UN Human Rights (2011). Guiding principles on Business and Human Rights. https://www.ohchr.org/sites/default/files/documents/publications/guidingprinciplesbusinesshr_en.pdf 

UNDP (June 16, 2022). Heightened Human Rights Due Diligence for Business in Conflict-Affected Contexts: A Guide. https://www.undp.org/publications/heightened-human-rights-due-diligence-business-conflict-affected-contexts-guide