Introduction
Developing future strategies for all sectors of work, production, and social interaction is necessary for progress and development in all countries. As our world delves into the age of information and technology, the rapid advancement of digital technology has become one of the main challenges for decision-makers everywhere.
One important aspect of dealing with this challenge is developing carefully considered strategies to achieve key general objectives. These goals are to exploit the opportunities offered by technological progress, prepare society to deal with it, and avoid the negative economic and social impacts that may arise from it.
In the past few years, the Egyptian government has published several documents presenting its prepared strategies, either through the cabinet, the ministries, or specialized authorities and councils. These documents cover various fields of work, production, and economic and social development.
All of these strategies fall under the umbrella of Egypt Vision 2030, which represents the comprehensive strategy of the Egyptian state and its vision for the development goals that must be achieved within fifteen years, extending from the announcement of this strategy in 2016 until 2030.
It can be noted that the information and communications technology (ICT) sector has received a large number of documents that present the Egyptian state’s strategies for several aspects of the activities of this sector, such as cybersecurity, artificial intelligence, cloud computing, and e-commerce.
All state policies and strategies are closely related to enabling citizens to exercise their rights and enjoy their fundamental freedoms. Thus, any national strategy in any sector must focus on guaranteeing and protecting these rights and freedoms from any potential violation, especially by state agencies and institutions themselves. This applies, in particular, to strategies related to the ICT sector, given its growing role in the daily lives of citizens.
The services and applications of this sector are the main fields for practicing many daily life activities, including work, education, training, entertainment, obtaining goods and services, social communication, accessing information, and expressing opinions. The fields of work in the ICT sector are also characterized by the existence of a wide range of possibilities for many forms of violations of citizens’ rights, foremost of which are the right to privacy, the right to access information, and the right to freedom of expression. Therefore, any state strategy in any of these areas is assumed to pay special attention to protecting these rights and avoiding violations that may affect them.
This paper seeks to provide a critical reading of a number of documents through which Egyptian government institutions present their future strategies in their fields of work. The paper focuses on several strategies of particular importance to the ICT sector. It addresses the extent to which these strategies are concerned with providing guarantees for citizens to exercise the right to privacy, the right to access information, and the right to freedom of expression, and the extent to which they impose precautions to protect these rights from various forms of violation.
In its first section, the paper briefly presents the most important points in the selected documents. Then it moves on to clarifying the attention these documents pay to rights and freedoms compared to the aspects that should be available to provide sufficient guarantees for them. Finally, the paper presents a set of recommendations for what state strategies should contain in terms of guarantees and commitments that allow citizens to exercise their basic rights and ensure that they are not violated.
Egypt’s 2030 ICT Strategy
There is no single, comprehensive document detailing an updated general strategy for Egypt’s ICT sector. The most recent public strategy dates back to 2007. Instead, the Ministry of Communications and Information Technology (MCIT) provides a brief overview of its sector strategy within the broader framework of Egypt Vision 2030 on its website.
The MCIT states that the ICT 2030 strategy aims to support Egypt’s Vision 2030 goals by building “Digital Egypt.” This includes developing ICT infrastructure, promoting digital and financial inclusion, building capacity, encouraging innovation, fighting corruption, ensuring cybersecurity, and enhancing Egypt’s regional and international standing.
The Digital Egypt initiative is described as a comprehensive vision and plan to transform Egypt into a digital society. It focuses on three main pillars: digital transformation, digital skills and jobs, and digital innovation. These pillars rely on developing digital infrastructure and establishing a legislative and regulatory framework.
The MCIT website details efforts to achieve digital transformation through the Digital Egypt initiative. Key achievements include establishing data centers for digital government services, providing electronic payment options, regulating electronic signatures, and creating the Digital Egypt platform for citizen access to government services.
Notes
The Egyptian constitution mandates the state to uphold rights such as privacy, access to information, and freedom of expression. These rights are particularly relevant to the ICT sector, as citizens increasingly rely on technologies like mobile phones and the Internet to carry out their daily activities. This reliance exposes citizens’ personal and sensitive data to potential breaches, violating privacy rights.
Furthermore, the Internet has become the primary platform for expressing ideas and opinions, and discussing public issues, making cyberspace essential for exercising the rights to information and free expression. However, these rights are vulnerable to violations through censorship, surveillance, and content moderation policies enforced by social media platforms, search engines, and other online applications.
The ministry responsible for regulating the ICT sector should, on behalf of the state, present a comprehensive strategy to fulfill these constitutional obligations. However, a key observation is the absence of such a strategy. While the ministry’s documents on ICT strategies contain scattered references to privacy protection, they need a clear articulation of the government’s overall approach to upholding digital rights in cyberspace and protecting them from various forms of infringement.
Recommendations
- The MCIT should publish a comprehensive strategy outlining its approach to the various areas it oversees. This strategy should serve as a guiding document for detailed, sector-specific strategies and should be accessible to the public, thereby upholding citizens’ right to access government information.
- The comprehensive strategy should dedicate a section to clarifying how the ICT sector intersects with the state’s constitutional obligations regarding citizens’ rights and freedoms, particularly the rights to privacy, access to information, and freedom of expression. It should also outline the MCIT’s strategy for enabling citizens to exercise these rights.
- Right to Internet Access: The MCIT should develop a strategy to ensure equitable internet access for all citizens, recognizing this as a fundamental right in the digital age. This strategy should address disparities in access based on gender, geography (urban vs. rural), and socioeconomic status. Potential solutions include reforming internet service pricing, expanding network coverage to rural and remote areas, and promoting digital literacy among underserved populations.
- Right to Privacy: While Egypt made some steps toward protecting privacy with the 2020 Personal Data Protection Law, the law remains unimplemented due to the absence of executive regulations. The law also doesn’t comprehensively address privacy threats within the context of citizens’ interactions with communication services and cyberspace. The MCIT’s strategy should outline general principles for safeguarding privacy, including:
- Policies for licensing and installing networks and equipment, with stringent security requirements to prevent unauthorized access and backdoors.
- A mechanism to investigate allegations of insufficient security or the presence of backdoors/malware in devices and equipment available in the market.
- Collaboration with state agencies to enact or amend legislation and regulations to enforce these protections.
- Right of Access to Information: Egypt has yet to fulfill its constitutional obligation to enact a Freedom of Information Law and establish a commission to resolve related disputes. The ICT strategy should prioritize collaborating with other state entities to advance this legislation. The competent ministry should also articulate clear principles for enabling citizens to exercise their right to access information, leaving detailed implementation to sector-specific strategies. This includes plans to improve online access to government information by enhancing infrastructure, standardizing technologies, and ensuring user-friendly interfaces and content formats.
- Right to Freedom of Expression: Given the numerous threats to freedom of expression online, the ICT strategy should include general principles and recommendations for protecting this right. This could involve developing legislation that regulates content moderation practices by social media platforms, similar to the European Union’s Digital Services Act.
National Artificial Intelligence Strategy
Egypt has recently demonstrated a heightened interest in artificial intelligence (AI). Notably, the National AI Strategy, published in July 2021, is prefaced by a message from the President, underscoring its significance. The strategy was developed by the Technical Secretariat of the National Council for Artificial Intelligence, a body established in 2019 that is comprised of government representatives and independent AI experts.
The strategy addresses digital rights concerns and offers recommendations for safeguarding these rights. It acknowledges the potential for AI systems to perpetuate biases against minorities and hinder gender equality (p. 8). Conversely, it also highlights the potential of AI to empower marginalized groups through initiatives focused on human development and self-improvement (p. 28). Additionally, the strategy emphasizes the importance of making AI awareness campaigns accessible to individuals with limited or no formal education (p. 37).
Regarding data protection and privacy, the strategy references Egypt’s Personal Data Protection Law (p. 48) and recommends that the National Council for Artificial Intelligence incorporate the law’s provisions into ethical frameworks for AI use (p. 46). The strategy further advises the council to collaborate with government agencies to develop legislation and regulations that build upon the existing data protection law and expand data anonymization efforts.
Egyptian Charter for Responsible Artificial Intelligence
The Egyptian Charter for Responsible AI is a significant and positive step, reflecting the Egyptian government’s proactive approach to AI technology. The Charter embodies a progressive perspective on the potential risks of AI systems, particularly regarding privacy, equality, and justice.
The Charter outlines two sets of principles:
- General Guiding Principles: Comprehensive rules applicable to all components of the AI ecosystem.
- Executive Guiding Principles: Technical considerations for entities developing, deploying, or managing AI systems.
Key general guiding principles related to citizens’ rights include:
- Transparency and Explainability: Users have the right to know when interacting with an AI system, not a human.
- Fairness and Equity: AI systems should not harm individuals, with special protections for vulnerable groups (children, people with disabilities, and those with low socioeconomic status) against potential biases in AI training data and lack of diversity and representation of different social groups in developing teams
- Redress: Individuals potentially affected by AI systems have the right to challenge outcomes and seek redress.
- Human Oversight and Accountability: Humans must make final decisions, and they are ultimately responsible for the consequences of AI applications.
Executive Guiding Principles include:
- Additional Safeguards: Systems handling sensitive data or performing critical tasks require extra measures to ensure data protection, stakeholder engagement, and harm prevention.
- Data Access for Research: Scientific communities should have access to data used in AI applications.
- Data Protection: Data owners must consent to the use of their data, except for publicly available data. Personal data should be anonymized and encrypted, and explicit written consent is required for its use.
Notes
The National AI Strategy, when combined with the Egyptian Charter for Responsible AI, represents a commendable effort to address citizens’ digital rights. The Charter includes vital principles to ensure that the widespread use of AI systems in various fields does not infringe upon fundamental rights. These principles are informed by the challenges and issues that have emerged from real-world AI applications, particularly those employing deep learning and artificial neural networks.
Cloud Computing Strategy
Cloud computing offers the potential for high-quality, cost-effective digital services, making it particularly attractive for governments in developing countries seeking digital transformation. In 2014, Egypt’s MCIT published a “Cloud Computing Strategy in the ICT Sector,” outlining its approach to leveraging cloud technology.
The strategy acknowledges the need for greater transparency in government services and addresses the security challenges of existing government systems. It recognizes that while cloud computing can improve data security, it also introduces new risks. These risks include concerns about government data security, the need for legislative changes, bridging the digital divide, and protecting data privacy (p. 8, 13).
The strategy emphasizes the importance of robust governance for Egyptian cloud computing, including stringent security measures to protect data confidentiality and prevent unauthorized access (p. 16). It also discusses the impact of data location on ownership, access, privacy, and security. Notably, many of these considerations were later addressed in the 2020 Personal Data Protection Law. This points out the need for updating the cloud computing strategy to catch up with the different changes in recent years and build upon them to develop a future vision for the coming years.
Notes
A primary concern is the obsolescence of the current cloud computing strategy document, published in 2014. Since then, cloud computing technologies have evolved significantly, with increased adoption and usage. Additionally, the original plan’s timeframe suggests that many of its initiatives and programs should have been completed.
The Egyptian landscape has also changed, notably with the enactment of new legislation, including the Personal Data Protection Law. This law imposes obligations on entities that collect, control, and process data, requiring government cloud computing policies to align with these obligations. A key requirement is compliance with regulations for transferring data collected within Egypt to other countries, necessitating data localization policies and potentially influencing government agencies’ use of cloud services based on foreign infrastructure.
Furthermore, the strategy neglects the goal of making government data accessible to citizens through cloud computing, despite this being a constitutional obligation and cloud computing being a cost-effective solution for achieving it.
The strategy also lacks a clear vision regarding citizens’ fundamental rights and how cloud computing can impact them. While it mentions data security and privacy, it fails to distinguish between government-owned data and citizen-owned data held by the government. This distinction is crucial, as citizens have a right to access their personal data, and cloud computing can facilitate this.
Recommendations
- It is imperative to update Egypt’s cloud computing strategy, building upon the progress made in implementing the recommendations of the 2014 strategy. This update should address the significant advancements in cloud technology, as well as the evolving Egyptian context, particularly the legislative landscape following the enactment of the Personal Data Protection Law.
- The updated strategy must articulate a clear vision for how cloud computing intersects with citizens’ fundamental rights, primarily the rights to privacy and access to government information. This vision should encompass both the risks to data security and privacy that need to be mitigated and the opportunities cloud computing offers government agencies to fulfill their constitutional obligation to make data accessible to citizens.
National Cybersecurity Strategy
Cybersecurity is a top priority for many countries, including the United States, the European Union, and China. This is due to the increasing impact of cyberattacks on economic and military infrastructure, as demonstrated by numerous incidents in the past decade.
Additionally, cyber warfare and espionage have escalated, with both state actors and organized cybercrime groups operating under state protection. The importance of cybersecurity extends beyond national security to encompass institutions of all sizes and individuals. No internet-connected system is immune to security risks, making cybersecurity a universal concern.
Egypt’s “National Cybersecurity Strategy,” published in December 2018 by the Supreme Council for Securing Communications and Information Infrastructure (Supreme Cybersecurity Council), outlines the country’s approach to addressing these challenges. The strategy:
- Identifies cybersecurity challenges and risks, such as digital identity theft and data breaches.
- Sets the strategic objective of countering cyber threats and enhancing trust in ICT infrastructure across sectors to create a secure digital environment for Egyptian society.
- Outlines strategic pillars, including developing a legislative framework for cybersecurity, combating cybercrime, protecting privacy and digital identity, and raising public awareness.
- Establishes the Supreme Cybersecurity Council as the strategy’s implementing body. The Council works under the cabinet and is headed by the MCIT, with representatives from various stakeholders, including national security, infrastructure management, the private sector, and academia. The council started its preliminary work in January 2015, and the Prime Minister approved the formation of its executive bureau and executive committee and the description of its competencies in June 2016.
- Reviews key strategic programs from 2017-2021, focusing on legislative development, digital identity protection, and public awareness campaigns.
Notes
Cybersecurity is a top priority globally, as cyberattacks increasingly threaten economic, military, and personal data. The interconnected nature of information systems means that no one is immune to these risks, making cybersecurity a universal concern.
Cybersecurity fundamentally intersects with both the right to privacy and the right to data security. The latter right is more comprehensive as it relates to the protection of personal data and data owned by individuals and institutions from a number of risks. All of these risks relate to unauthorized access to information systems so that the perpetrator of the cyber attack can view the data and publish it, share/sell it, deprive its owner of access to it, tamper with it, modify or erase it, or threaten any of that as a way to blackmail the data owner.
Cyber attacks can also cause direct material damage to the information systems they penetrate or to infrastructure, facilities, and production tools that information systems may use to control them. For all of the above, the right to data security is a vital necessity for individuals, institutions, and countries as well.
Egypt’s National Cybersecurity Strategy addresses these challenges but requires updating to reflect recent technological advancements and legislative changes, such as the Cybercrime Law and the Personal Data Protection Law. The strategy lacks a forward-looking vision that builds upon the current situation and adjusts its principles, recommendations and plans accordingly.
Furthermore, the strategy needs more clarity in differentiating between various levels of information systems, from large networks to personal devices. Security requirements differ across these levels, and the strategy’s failure to distinguish between them hinders assessing their adequacy, especially for individuals.
While the strategy addresses protecting information systems that hold personal data, it primarily focuses on raising awareness about cybersecurity among citizens. However, the state’s responsibility extends beyond awareness to actively safeguarding individuals’ privacy and data security.
Notably absent from the strategy is a discussion of regulating equipment and software in the local market. Many devices, such as routers, smartphones, and pre-installed software, lack adequate security or contain backdoors and malware. Addressing these threats is crucial, as they not only endanger individual users but also the information systems they access, such as those in workplaces.
Recommendations
- Egypt’s National Cybersecurity Strategy requires updating to address evolving threats, advancements in protective technologies, and changes in the ICT sector and relevant legislation. This update should present a revised vision for cybersecurity development based on these new realities.
- Given the rapid pace of change in the cybersecurity landscape, the strategy should be updated regularly, ideally every few years.
- The updated strategy should clearly distinguish between different levels of information systems, ensuring it adequately addresses each level’s diverse security requirements, including those for personal devices, which are currently overlooked.
- The strategy should also include general principles for regulating the market for equipment, supplies, and software, along with recommendations for implementation mechanisms, whether through legislation, regulations, or administrative decisions. This regulation should be based on principles outlined in the strategy, such as designating a government body responsible for setting security standards for equipment and software marketed in Egypt. Additionally, the strategy should recommend mechanisms for reporting security vulnerabilities in these products, whether due to manufacturing errors, code flaws, or intentional unauthorized access to data.
National E-Commerce Strategy
Egypt’s National E-commerce Strategy, developed in collaboration with UNCTAD and published in 2017, primarily focuses on boosting e-commerce to stimulate economic growth. According to the document, Egypt was the first country to benefit from the diagnostic framework for e-commerce integration in the policy review program. UNCTAD prepared this strategy at the request of the Egyptian MCIT.
The 94-page document emphasizes the need for legislation to protect consumers engaging in e-commerce through specialized platforms or social media. It also recommends a law on limited liability for online intermediaries, though these laws still need to be enacted.
On the other hand, the strategy recommended several other legislations that were actually issued during the past years, including the Electronic Signature Law, the Cybercrime Law, and the Personal Data Protection Law. However, its focus remains predominantly on the economic aspects of e-commerce, with limited attention to broader citizen rights beyond consumer protection.
Notes
E-commerce intersects with individual rights in two key ways: consumer protection against fraud and privacy protection regarding personal data collected by sellers or platforms. The National E-commerce Strategy addresses both aspects through legislative recommendations.
In its recommendation to issue a law on limited liability for providers of intermediary services (e-commercial and social media platforms through which goods and services are displayed), the document adopts the philosophy followed in the US. This philosophy exempts providers of intermediary services from any criminal liability in the event that one of those who provide goods and services through their websites commits crimes related to commercial fraud.
Therefore, intermediary service providers are exempt from any obligation to verify the accuracy of the information provided by the seller, including the validity of the means of communication with them or the validity of their legal status. This approach contrasts with that of the EU, where the Digital Services Act holds intermediaries accountable if they fail to verify basic seller information to ensure a minimum level of credibility.
Recommendations
- As with many of the MCIT’s sector-specific strategies, the National E-commerce Strategy requires updating. E-commerce in Egypt has grown significantly in recent years, and many of the strategy’s legislative recommendations have already been enacted, diminishing the relevance of the current document.
- The strategy’s legislative recommendations should be reevaluated in light of evolving global regulations. Given the cross-border nature of e-commerce, the strategy must address potential conflicts between Egyptian laws and those of other countries involved in these transactions, ensuring the protection of Egyptian parties’ rights.
- The recommendation to limit the liability of online intermediaries (platforms and social media sites) should be reconsidered. User trust in these platforms directly influences their willingness to engage in e-commerce. Therefore, intermediaries should bear a responsibility commensurate with this trust. This approach strikes a balance between protecting citizens’ rights and facilitating commercial exchange.
Open Source Software, Arabic Content, and Social Responsibility Strategies
These strategies represent commendable initiatives by the Egyptian government, showcasing a progressive vision for developing the ICT sector and fostering citizen engagement with digital services.
Promoting free and open-source software (FOSS) can stimulate the growth of Egypt’s software industry while lowering barriers to entry for smaller players. The FOSS strategy also highlights the potential of FOSS to increase transparency and empower citizens’ right to access information.
Policies encouraging online Arabic content creation can help bridge the information gap between different socioeconomic and educational groups, as well as those facing gender or geographic discrimination. Additionally, the social responsibility document envisions voluntary commitments from ICT companies to address the impact of their practices, ultimately benefiting the protection of citizens’ rights and freedoms.
Notes
The primary and recurring observation is the need for regular updates to these strategies, ensuring they remain relevant to each field’s evolving landscape and incorporate lessons learned from past implementations.
Recommendations
Based on this observation, the key recommendation is to establish a general policy for the periodic review and update of these strategies. This process should include a thorough assessment of the implementation of previous recommendations, plans, and programs, evaluating their successes and failures to inform future strategy development.
Conclusion
The Egyptian government’s commitment to developing strategies and action plans across various sectors is commendable and should be expanded upon while addressing existing shortcomings. One crucial area for improvement is ensuring easy public access to relevant government documents.
Unlike the Ministry of Communications and Information Technology, which makes many documents available online, other government agencies lack accessible platforms for sharing similar information. A centralized portal should be established to provide citizens with easy access to government strategies and plans in user-friendly formats.
This paper critically examined several government documents outlining future strategies in various sectors, focusing on those related to ICT and digital rights, particularly privacy, access to information, and freedom of expression.
A key criticism of these documents is their lack of clarity regarding the Egyptian government’s policies on safeguarding citizens’ digital rights within the ICT sector. The paper highlights specific areas where government strategies should explicitly address these rights to ensure adequate protections and enable citizens to exercise them fully.