The MCS scandal and Egypt’s mass surveillance project

For Egypt, cyber security and intelligence aren’t imperatives for national security; they are the cement holding together the state institutions that the Egyptian people rebelled against in 2011. The 26 January Revolution relied heavily on social media to topple the Mubarak regime, so it is no wonder that the coup government has been cracking down on cyber intelligence.

Mideast Communication Systems (MCS), an IT company based in Egypt, has received a lot of criticism since Google discovered that it is selling fake digital certificates. Buying such a certificate for a website, say Facebook, would enable the user to steal login information for those who login with the server that uses the fake document. They can be bought through certificate authorities such as MCS; official protocols say that it has to carry out various checks on people who want to buy a certificate for websites such as Facebook to prove that they actually belong to the company. MCS has been caught by Google failing to carry out those essential checks and selling digital certificates to people outside Google who can store user information, such as login details, search history and so on.

The peculiar aspect of this case is that when looking at the path the Egyptian government is taking with regards to online surveillance, it is highly unlikely that it hasn’t been taking advantage of MCS corruption in an unofficial public-private partnership. In early June last year, a document from the ministry of the interior was leaked; it called for the mass surveillance of citizens‘ use of social networks. It stated that ministry officials intend to use the information they gather as pre-emptive “counter terrorism”, the means of which is software with a unique form of Arabic fluency, capable of reading Arabic text and transliteration in the Roman alphabet; it has the added ability of being able to gather detailed information on specific targets. Human rights advocates have voiced their concerns about this, especially given that Egypt, under Al-Sisi especially, has a track record of sanctioning people inhumanely if they criticise the government on social media. Just three months after that interior ministry document was leaked, anonymous officials announced that the government in Cairo is in partnership with a company called Systems Engineering of Egypt (SEE Egypt) to develop the aforementioned software and train governmental officials to make the most effective use of it. Ali Miniesy, CEO of SEE Egypt, spoke proudly about how the software even has the potential to penetrate encrypted applications such as WhatsApp and Viber, which involves hacking. He insisted, though, that the software will only be used for counter-terrorism purposes, thus denying allegations of mass surveillance and contradicting the information leaked from the interior ministry.

When looking at the Egyptian government’s partnership with SEE, it’s obvious that it would benefit from using fake digital certificates to hack encrypted websites and apps such as Google, Facebook and WhatsApp. If anything, buying MCS’s fake digital certificates is one of the only ways to collect data for such a mass surveillance project. It’s also undeniable that the Egyptian government is relying on national IT companies to provide it with the technology and training to do so. In the case of MCS specifically, although any alleged partnership with the Egyptian government with this project hasn’t been made official, when looking at the wider context of the case, it is extremely doubtful that officials in Cairo have not been taking advantage of the fake digital certificates.

In November 2014, it is claimed, Egypt joined the fight against ISIS by forming a cyber-army. The spokesman for the group is a policeman; Khaled Abu Baker was interviewed by Mashable and explained that the Egyptian Cyber Army is a “loose-knit” group that accepts help from anyone with the same aims. At the moment it is made up of hackers with backgrounds in the military and police, entrepreneurs and civilians; all are Al-Sisi sympathisers. Nevertheless, this project alone isn’t enough to prove that MCS is involved or has even worked with the Egyptian government.

The MCS newsletter dated October 2012 included a letter from Managing Director Amr Farouk, who said that the company had a “flourishing relationship” with the Egyptian army, though he did not provide further details. Farouk himself has displayed his sympathy with the Egyptian coup on social media; his Twitter account contains a lot of condemnation of the Muslim Brotherhood, and he has tweeted that Al-Sisi should be nominated as “Time Person of the Year”.

Farouk’s LinkedIn page gives further evidence of his connections with members of the Egyptian government. For example, he was endorsed by Ahmed Mustafa, the publication and server security unit manager at the Egyptian ministry of communication and information technology. He has also been endorsed by Karim Sheba, one of SEE Egypt’s senior lead engineers. According to his Yatedo page, Farouk also worked with SEE Egypt between 2000 and 2006, though his position and activities are unspecified.

Recent events have shown that current developments in mass surveillance by the Egyptian government have created a unique cyber-military industry complex, in which even civilians are involved. A network of military officials and national companies in Egypt is undeniable; they are open to working together through formal contracts and in the Egyptian Cyber Army. Leaked information has also proven that the public-private partnership between the government and MCS includes mass surveillance activities that raise big concerns within human rights groups. Although no information has yet has been leaked with regards to MCS’s illegal activities and the Egyptian government, it would be naïve to believe that Cairo hasn’t taken advantage of illegal activities to enhance its mass surveillance project; it is also naïve to think that MCS would refuse to allow the Egyptian military and intelligence services to do so.

The views expressed in this article belong to the author and do not necessarily reflect the editorial policy of Middle East Monitor.