(Beirut, November 30, 2023) – Participants attending the 28th annual United Nations Climate Change Conference (COP28), hosted by the United Arab Emirates (UAE) in Dubai, will be under extensive surveillance by Emirati authorities, violating human rights and threatening the conference’s success, Human Rights Watch said today.
Government representatives, civil society groups, and climate activists from all over the world are arriving in Dubai for COP28, held from November 30 to December 12, 2023. From the moment COP28 participants land in Dubai, they will be exposed to intrusive government surveillance. Authorities will capture the face and iris scans of those who participate in an optional program at Dubai International Airport known as “smart gates.” Whether or not they use this program, an expansive network of surveillance cameras throughout Dubai is able to identify all visitors based on data taken at customs as they travel throughout the city.
“The Emirati government should allow COP28 delegates to do their important work on the climate crisis without needing to worry about pervasive surveillance and the targeting of critical voices,” said Zach Campbell, senior surveillance researcher at Human Rights Watch. “Negotiations aiming to deliver the ambitious outcome the world urgently needs to address climate change are unlikely to succeed if delegates can’t communicate without fear.”
The government also carries out extensive communications surveillance. Participants may be subject to government monitoring of their online posts and comments, interception of their text messages, and scanning of their network traffic. Given the UAE government’s severe punishment of dissent, this surveillance poses a risk to COP28 participants, especially those criticizing the authorities.
UAE authorities maintain a zero-tolerance policy toward criticism of the government and enforce that policy with an arsenal of invasive surveillance tools, including, in the worst cases, by directly monitoring messages, emails, and mobile devices in the UAE and beyond its borders. This has produced a chilling effect on public discourse, including extensive self-censorship, to the point where there is no independent civil society left in the country.
In March, conference organizers of an international climate and health summit in the UAE warned participants not to criticize the government or engage in protest while in the country.
United Nations Climate Change Executive Secretary Simon Stiell said in August, “there will be space available for climate activists to assemble peacefully and make their voices heard” at COP28. But the mass surveillance and repression make it unclear how this can happen, Human Rights Watch said.
The UAE has a long history of shuttering space for politics, public discourse, and activism. Over a decade ago Emirati authorities threatened to ban the use of Blackberries, then one of the few consumer mobile devices with encrypted email and messaging, until they were able to unroll what multiple security researchers described as a “back door,” allowing the government to gain entry into the devices, according to security researchers. In 2016, according to US court documents published by the New York Times, Emirati authorities hired former National Security Agency (NSA) hackers to break into dissidents’ devices.
A year later, the Guardian reported that UAE authorities purchased technology for intercepting and analyzing network traffic. And in 2019, multiple security researchers consulted by the New York Times found that ToTok, a popular messaging app in the UAE, contained a back door, giving security forces direct access to peoples’ messages, charges that the company has denied. Citizen Lab, a research institute at the University of Toronto that focuses on internet security and human rights, has documented cases of the UAE targeting dissidents dating back to 2012.
Emirati authorities have also extensively used the Israeli spyware Pegasus to break into dissidents’ mobile devices. Such was the case for Ahmed Mansoor, an Emirati human rights defender who, in 2018, was sentenced to 10 years in prison for “harming the reputation of the state” among other offenses, convicted on the basis of material that had been taken off of his phone following a Pegasus infection. The company behind Pegasus, NSO Group, has repeatedly denied having knowledge of or responsibility for how its spyware is used.
The UAE has become an industry hub for the sale of invasive surveillance tech, and regularly uses this technology on its own population. Dubai’s ruler has boasted of a network of over 300,000 cameras, as well as drones, in that city alone, to achieve a goal of “zero crime.” The surveillance system, called Oyoon, connects cameras with databases of face photos and can track people as they move throughout Dubai. A similar system, Falcon Eye, was also developed in Abu Dhabi.
At the same time, the government restricts the voice communication functions of many applications, like WhatsApp and Skype, and bans the encrypted messaging app Signal. This forces UAE mobile phone users onto less secure apps like ToTok before it was removed from the Google and Apple mobile app stores in 2019.
The use of facial recognition in public spaces and mass communications surveillance both violate international human rights standards. Surveillance by Emirati authorities has led to extensive self-censorship by UAE residents and UAE-based institutions.
The UAE’s cybercrimes law, Federal Law no. 34 of 2021 on Combatting Rumors and Cybercrime, replaced a notoriously repressive 2012 cybercrimes law that was frequently used to silence dissidents, journalists, activists, and anyone the authorities perceived to be critical of the government, its policies, or its representatives.
The current cybercrimes law prohibits using the internet “to advocate the overthrow, change, or usurpation of the system of governance in the state, or obstruct provisions of the constitution or existing law, or oppose the fundamental principles on which the system of governance is based,” with a sentence of up to life imprisonment. Another provision prohibits any act that may “offend a foreign state.”
The cybercrimes law also includes severe restrictions on the rights to peaceful assembly and free association. Emirati authorities have used it to imprison UAE citizens and residents for peaceful social media posts that were deemed to be critical of the governments in the UAE, Egypt, and Jordan.
Nasser bin Ghaith, an Emirati academic, was sentenced in 2017 to a decade in prison following online comments he posted that were critical of the Egyptian president and government. Bin Ghaith faced charges including “engaging in hostility against Egypt” and “attempting to put UAE-Egyptian relations at risk.”
That same year, Tayseer al-Najjar, a Jordanian journalist living in the UAE, was also sentenced under UAE cybercrime laws to a three-year sentence, two of which he had already served in pretrial detention. Al-Najjar was charged with “insulting the state’s symbols” for Facebook posts critical of the UAE that he had posted before moving there. The trial judgment also cited comments he allegedly made to his wife on the telephone that were critical of the UAE. The judgement did not state how authorities obtained records of the calls.
In 2020, Ahmed Etoum, also a Jordanian living in the UAE, was sentenced to 10 years in prison for peaceful Facebook posts that were critical of the Jordanian royal family and government. The court convicted him under UAE cybercrime laws of using Facebook to commit “acts against a foreign state” that could “damage political relations” with that state and “endanger national security” inside the UAE.
Hosting COP28 is part of a decades-long effort by the UAE government to improve its reputation on the international stage. These efforts were made explicit in the government’s 2017 Soft Power Strategy, which includes cultivating “cultural and media diplomacy” as a central pillar and aims “to establish [the UAE’s] reputation as a modern and tolerant country that welcomes all people from across the world.”
But these efforts to project a public image of openness are at odds with the government’s efforts to prevent scrutiny of its human rights violations, Human Rights Watch said. The UAE’s pervasive use of surveillance technology and zero tolerance for criticism even extends to detaining and deporting foreign residents and foreign nationals visiting the country.
The UAE’s far-reaching restrictions on the rights to privacy and to freedom of expression, assembly, and association, in particular through the types of surveillance employed by the UAE government, are inconsistent with its obligations under international human rights law.
“The Emirati government should ease its grip on civic space and end its surveillance of critical voices in the UAE and beyond, starting by immediately releasing human rights defender Ahmed Mansoor,” Campbell said.