Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

N. 22 Policy Study

GREAT EXPECTATIONS: DEFINING A TRANS-MEDITERRANEAN CYBERSECURITY AGENDA

Patryk Pawlak Coordinator Adel Abdel-Sadek Samuele Dominioni Alexandra Marion Youmna Laban N. 22 Policy Study

GREAT EXPECTATIONS: DEFINING A TRANS-MEDITERRANEAN CYBERSECURITY AGENDA

Patryk Pawlak Coordinator Adel Abdel-Sadek Samuele Dominioni Alexandra Marion Youmna Laban EuroMeSCo has become a benchmark for policy-oriented research on issues related to Euro-Mediterranean cooperation, in particular economic development, security and migration. With 104 afﬁliated think tanks and institutions and about 500 experts from 29 different countries, the network has developed impactful tools for the beneﬁt of its members and a larger community of stakeholders in the Euro- Mediterranean region.

Through a wide range of publications, surveys, events, training activities, audio- visual materials and a strong footprint on social media, the network reaches thousands of experts, think tankers, researchers, policy-makers and civil society and business stakeholders every year. While doing so, EuroMeSCo is strongly engaged in streamlining genuine joint research involving both European and Southern Mediterranean experts, encouraging exchanges between them and ultimately promoting Euro-Mediterranean integration. All the activities share an overall commitment to fostering youth participation and ensuring gender equality in the Euro-Mediterranean experts’ community.

EuroMesCo: Connecting the Dots is a project co-funded by the European Union (EU) and the European Institute of the Mediterranean (IEMed) that is implemented in the framework of the EuroMeSCo network.

As part of this project, five Joint Study Groups are assembled each year to carry out evidence-based and policy-oriented research. The topics of the five study groups are defined through a thorough process of policy consultations designed to identify policy-relevant themes. Each Study Group involves a Coordinator and a team of authors who work towards the publication of a Policy Study which is printed, disseminated through different channels and events, and accompanied by audio-visual materials.

POLICY STUDY Published by the European Institute of the Mediterranean Peer Review Academic Peer Reviewer: anonymous Editing Karina Melkonian Design layout Maurin.studio Proofreading Neil Charlton Layout Núria Esparza Print ISSN 2462-4500 Digital ISSN 2462-4519 July 2021 Arabic version available

This publication has been produced with the assistance of the European Union. The contents of this publication are the sole responsibility of the authors and can in no way be taken to reﬂect the views of the European Union or the European Institute of the Mediterranean. The European Institute of the Mediterranean (IEMed), founded in 1989, is a think and do tank specialised in Euro-Mediterranean relations. It provides policy-oriented and evidence-based research underpinned by a genuine Euromed multidimensional and inclusive approach.

The aim of the IEMed, in accordance with the principles of the Euro- Mediterranean Partnership (EMP), the European Neighbourhood Policy (ENP) and the Union for the Mediterranean (UfM), is to stimulate reﬂection and action that contribute to mutual understanding, exchange and cooperation between the different Mediterranean countries, societies and cultures, and to promote the progressive construction of a space of peace and stability, shared prosperity and dialogue between cultures and civilisations in the Mediterranean.

The IEMed is a consortium comprising the Catalan Government, the Spanish Ministry of Foreign Affairs, European Union and Cooperation, the European Union and Barcelona City Council. It also incorporates civil society through its Board of Trustees and its Advisory Council. Policy Study Content

Executive Summary 7

Introduction 12 Patryk Pawlak

Digital Economy and Cybercrime 16 Alexandra Marion Youmna Laban

Stability, Internet Governance and Disinformation 34 Samuele Dominioni

Preventing Cyber Conﬂicts and Instability 54 Patryk Pawlak

Annex: Digitalisation and Cyber Resilience 74 Adel Abdel-Sadek

List of acronyms and abbreviations 86 Executive Summary

European Union (EU) cooperation on cybersecurity with the Middle East and North Africa (MENA) region is conditioned by two competing claims. Due to the geographical proximity and broad security implications for the EU, the MENA region is one of the priorities of the EU’s external relations. Over the past two decades, and especially after the Arab Spring, the EU has invested signiﬁcant resources to support the reforms in the region and align its policies with its own. At the same time, however, this ambition to cooperate closely with the region is often made more complicated by the situation on the ground. This is particularly the case of cyber resilience cooperation, where even despite overlapping interests – like the ﬁght against cybercrime or improving the overall level of cybersecurity – the EU needs to exercise enhanced due diligence in order to avoid undermining the already fragile human rights protection in some of those countries. Reconciling these two elements – the willingness to engage in closer cooperation and the need for a cautious approach to cybersecurity cooperation – remains the key challenge.

Against this background, the study aims to address two questions. First, to what extent are different initiatives and policies implemented across the region compatible with the EU’s own interests and values? Second, who are the key multipliers on cybersecurity in the region that could potentially align with the EU in certain aspects and help it achieve its policy objectives? Which of these relationships are mature enough or require further work in order to turn into concrete cooperation initiatives? These two sets of questions guide the discussion in each of the chapters.

Alexandra M. Y. Laban addresses the issue of digital economy and cybercrime. Cyberattacks, intellectual property theft facilitated by digitisation, online fraud, and ﬁnancial manipulation pose a threat to the digital economy and require an agile and speedy response from public authorities. The challenge for the MENA region is not only to carve out a place for itself in this new global economy but also to modernise its public institutions to face the new threats in cyberspace. In addition to presenting general trends, the ﬁrst chapter scrutinises the involvement of the MENA countries in the regional and global debates about the international cooperation against cybercrime (e.g., the Budapest Convention, the United Nations [UN], regional initiatives) as well as offering recommendations for the EU’s engagement with the MENA region. The chapter looks in particular at the situation in Algeria, Lebanon and Morocco.

Policy Study n. 22 Samuele Dominioni looks at the challenge of cyber resilience more from the societal perspective and analyses the link between a double challenge of digital and democratic transition across the region. His chapter addresses how the Internet Governance model has an impact on regime transition/consolidation in the MENA region. The second chapter argues that the lack of a shared understanding and common principles for the governance of cyberspace allows countries to adopt different policies at the domestic level. In particular, the chapter analyses how and to what extent policies aimed at curbing disinformation are used for crushing political dissent and limiting external influence in cyberspace. The chapter looks at different solutions adopted in Egypt, Morocco and Jordan.

Finally, Patryk Pawlak looks at the broader question of preventing conflict and promoting responsible state behaviour in cyberspace. The last chapter analyses how the increasing geopolitical competition in cyberspace impacts the region’s stability. Countries like Israel, Iran and Turkey regularly use cyber operations in support of their political objectives. In addition, the involvement of the military forces of the United States of America (USA) and the expanding presence of actors like China and Russia in the region complicates the situation further. If anything, cyber-related developments in the region illustrate very well that cyberspace is just one additional domain for pursuing political and economic objectives, in particular in the context of a pre-existing conflict. Yet, with the exception of Egypt and Iran, the majority of countries in the region are rather absent from the international debates aimed at strengthening the stability of cyberspace.

Consequently, the analysis presented in this study leads to four main observations:

• Tension between state and societal resilience. While building state and societal resilience is one of the EU’s objectives, in the MENA region these two concepts often clash: resilient society is perceived by some governments as a threat to their rule rather than an empowering element. For the EU to engage in a meaningful partnership with the region on cyber and digital policies, this tension needs to be better understood and addressed through adequate risk mitigation strategies.

• International cooperation against cybercrime. Cybercrime is one of the key priorities for the international cooperation highlighted in the EU 2020- 2025 Security Union Strategy. In addition, cybercrime is also one of the threats to trust in digital society and economy, which the EU puts as one of the priorities for its growth. Similar concerns are present in the MENA region; hence there is a solid basis for dialogue on those issues. However, the lack of proper human rights protection mechanisms and checks and balances in some of the countries in the region is still a serious impediment to closer cooperation.

• Stability and responsible behaviour in cyberspace. Through activities at the UN and in other regional organisations, the EU has advanced norms of state behaviour in cyberspace, the adherence to the existing international law, and the confidence-building measures (CBMs) in cyberspace. However, the engagement on these topics with the MENA region is to a large extent non-existent and should be strengthened to promote the EU’s vision of cyberspace.

• Role of non-state actors in strengthening cyber resilience. Participa- tion of non-state actors – civil society and the private sector – is critical for the effective and sustainable digital transition. Although strengthening multistakeholder engagement on cyber issues across the region could ultimately help to bridge the differences between societal and state resilience across the region, MENA countries have been re- luctant to engage in such cooperation and access to the policy-making process has been limited.

The study makes a number of policy recommendations for strengthening cooperation between the EU and its partners across the Mediterranean along two main axes: policies and cooperation mechanisms.

Policies

• Enhance cyber hygiene and cyber awareness policies in the region through campaigns, exercises, cyber drills, and cybersecurity competitions.

• Pursue a more robust political dialogue between the EU and partners in the region regarding their positions on key cyber diplomacy issues, in particular the application of the existing international law on cyberspace and norms of responsible state behaviour.

• Define what type of resilience to promote in the region while remaining mindful of a possible trade-off between regime and societal resilience.

• Minimise the risk of cyber capacity-building projects being used for increased surveillance, censorship, and other information control capabilities.

• Strengthen cooperation between regional organisations to develop and implement region-specific CBMs with the aim of creating a demilitarised cyber-zone.

Policy Study n. 22 Cooperation mechanisms

• Create mechanisms for better data collection to assess the risks of cybercrime across the region, including by building on the already existing projects.

• Foster inclusive participation of the private sector and civil society in cyber policy formulation and monitoring. In that sense, the EU needs to play particularly close attention to creating opportunities and channels for a more inclusive multistakeholder participation.

• Reinforce MENA capacities through existing networks across the whole range of issues by building on the existing channels of communication to mutualise and enhance intra-regional know-how and replicate the efforts.

• Strengthen collaborations with countries that are still hesitant about their policy preferences regarding international cyberspace norms. Introduction

Patryk Pawlak Brussels Executive Ofﬁcer, European Union Institute for Security Studies (EUISS)

Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 13

Strengthening state and societal resil- highest scoring countries in the region ience is one of the key objectives of are Israel, Kuwait, Qatar, Saudi Arabia the European Union (EU) Global Strat- and the United Arab Emirates. Several egy that is reﬂected in the EU’s the- other countries in the Southern Medi- matic and regional policies. This also terranean also experienced high includes cooperation on issues such as growth in connectivity between 2014 cybersecurity and cybercrime with and 2018, including Tunisia, Morocco countries in the Middle East and North and Turkey (GSMA, 2019). The reasons Africa (MENA) region. As an increasing for the region falling behind in the de- number of the partner countries em- velopment of broadband networks, In- bark on or continue with the process of ternet access and use, and creation of digital transition, the EU’s collective ex- digital content have for a long time perience in this domain – both at the been partly structural (i.e., infrastruc- EU and member state level – can be of ture, cost, regulation) and partly politi- value for countries that often struggle cal: political elites across the region with similar challenges and policy feared that democratising Internet ac- choices. cess will undermine state control over information (HRW, 1999). This ten- Acknowledging different levels of dency has been reversed in the past economic development and taking decade following the push from the into account their respective institu- business and research communities tional, regulatory or societal make-up, that stressed the value of digital trans- the EU can be a valuable partner for formation for their countries’ economic the countries in the MENA region and growth, competitiveness and demo- offer the necessary support in the pro- cratic transition. As connectivity across cess of transitioning towards becoming the region is improving, governments cyber resilient, rules- and rights- invest in building their capacities, and based digital societies. At the same several countries actively participate in time, cooperation with MENA coun- the ongoing international debates on tries on cyber resilience, cybercrime, responsible behaviour in cyberspace digital economy and responsible be- (e.g., Egypt, Jordan, Morocco, Tunisia) haviour in cyberspace is critical for or the future of international cyber- achieving the common objective of crime cooperation (e.g., Jordan, Leba- free, open, secure and stable cyber- non, Morocco, Tunisia). space. A new Agenda for the Mediter- ranean unveiled in February 2021 aims These processes, however, are vulner- for a “green, digital, resilient and just able to the same forces as the rest of recovery” based on the assumption the world: cybercrime, attacks on the that “sustainable prosperity and resil- critical infrastructure (CI), malicious ac- ience can only be built in strong part- tivities by state and non-state actors, nership across the Mediterranean.” as well as potential abuses of civil liberties and human rights as a con- The region is torn by disparities when sequence of ill-designed state policies. it comes to the degree of digitalisation However, the situation in the region and connectivity (World Bank, 2014). is particularly sensitive given the According to the Global System for still fragile nature of the transition Mobile Communications (GSMA)’s Glo- processes that these countries bal Mobile Connectivity Index, the undergo: digital, economic, political 14 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

and societal. A failure of gover- ment policies imposing limitations on nance in and of cyberspace in the citizens’ rights online might undermine MENA region could potentially the legitimacy of such processes and undermine these efforts and con- fuel discontent. Finally, the strategic in- tribute to further instability. The lack terest in the Southern Mediterranean of adequate legislation and robust in- exhibited by other regional and exter- stitutions to ensure safe and secure op- nal players – through increasing their eration of the CI might result in their economic presence, investment in in- failure, slow down the economic tran- frastructure or even state-sponsored sition, further accentuate governing cyber operations – adds to this com- challenges, strengthen anti-govern- plexity. Consequently, the EU’s en- ment sentiments and consequently gagement with the MENA countries lead to social unrest. Even a perceived needs to be constructed by recogni- effort to manipulate or inﬂuence elec- sing these different realities and dy- toral processes in the region or govern- namics.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 15

References

GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS (GSMA). (2019). Mobile Internet connectivity 2019. Middle East and North Africa factsheet. Retrieved from https://www.gsma.com/mobilefordevelopment/wp-content/uploads/ 2019/09/Mobile-Internet-Connectivity-MENA-Fact-Sheet.pdf

HUMAN RIGHTS WATCH (HRW). (1999). The Internet in the Middle East and North Africa: a cautious start. In The Internet in the Mideast and North Africa: free expression and censorship. Retrieved from https://www.hrw.org/legacy/ advocacy/internet/mena/int-mena.htm

WORLD BANK. (2014). Broadband networks in the Middle East and North Af- rica: key facts. Retrieved from https://www.worldbank.org/content/dam/ Worldbank/document/MNA/Broadband_report/MNA_Broadband_Key_Facts_ English.pdf

Digital Economy and Cybercrime

Alexandra Marion Youmna Laban Project Manager, Société Française de Réalisation, d’Etudes et de Conseil (SOFRECO)

Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 17

Introduction identify and prosecute cyber criminals (EU Cyber Direct, 2020). Access to the digital economy – both in terms of infrastructure and policy in- This chapter looks at the evolution and struments – is a prerequisite to reaping impact of cybercrime in the MENA re- its economic and developmental bene- gion, which has adapted impressively fits. The Middle East and North Africa to new technologies and, at the same (MENA) region is well positioned to time, has become exposed to new become a digital economy power- crimes in the same way as other parts house (UNESCWA, 2019a) due to its of the world. Despite the diversity 400 million inhabitants, the educated across the region regarding the expo- and young workforce, access to natural sure to cybercrime and maturity to deal resources, a relatively homogeneous with this challenge, this chapter offers language, and a privileged geograph- some conclusions regarding past and ical position. As of April 2019, the In- ongoing cooperation activities in the ternet penetration in the MENA was field of cybercrime in the MENA region 67.2% (Statista, 2019) – more than funded by the European Union (EU), in double compared to just a decade particular the European Neighbour- ago. In addition, the digital economy hood and Partnership Instrument (V. and the Fourth Industrial Revolution in Spidiron, C-PROC, personal communi- the MENA region brought a leap in cation, November 20, 2020; M. Quillé, productivity with the expanding use of Euromed Police IV Project, personal advanced robotics and manufacturing communication, November 13, 2020). techniques. While the primary focus of the chapter is on Algeria, Lebanon and Morocco, However, the reliance of a non-negli- other MENA countries are also actively gible portion of the economy on Inter- engaged in the fight against cyber- net-based platforms is accompanied crime, including Jordan, Tunisia and by new types of criminal activity that the Gulf Cooperation Council (GCC) have pervaded this new economic seg- countries. Four policy recommenda- ment. Although there is no universally tions targeted at national and EU pol- agreed definition of cybercrime, for the icy-makers conclude the chapter and purpose of this chapter cybercrime inform on the next steps of EU-MENA refers to criminal activities where com- cybercrime cooperation. The con- puters and information systems are in- clusions of this chapter are based on volved either as a primary tool or as a interviews with experts conducted be- primary target (EU Cyber Direct, 2020). tween November 2020 and February It impedes online economic growth, 2021. costing about €530 billion globally (La- tici, 2019), while threatening the secu- Cybercrime: impediment rity of citizens, businesses and states and breeding distrust in digital ser- to growth, threat to vices. By nature, cybercrime is a cross- stability border challenge, which requires international cooperation to contain Economic development is generally the uncontrolled criminal activity defined as the process that promotes growth, as well as robust domestic the improvement of a region’s eco- legislation and enhanced capacities to nomic well-being and quality of life by 18 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

providing high living standards and and diasporic remittances) (Gaub, high-quality employment. Developing 2019; Belhaj, 2021). This bleak socio- Regional the MENA region’s economy is one of economic situation is complemented stability is the key conditions for its stability. It by a chronic state of social unrest and weakened by brings highly heterogeneous countries violence, epitomised by ongoing con- the absence of in economic and cybersecurity terms flicts, sectarianism, irregular migration, security (see figure 1 below) and has, for dec- radicalisation, large weapon purchases, structures, ades, suffered from a high proportion geopolitical rivalries, and overreliance which, in turn, threatens to of autocratic regimes, high youth and on state repression (Youssef et al., make the MENA women’s unemployment rates, high 2020). Besides, regional stability is region prone to levels of government employment and weakened by the absence of security perennial inflated subsidy systems, and heavy re- structures, which, in turn, threatens to conflict, liance on volatile rent revenues (oil and make the MENA region prone to peren- including in gas commodities, as well as tourism nial conflict, including in cyberspace. cyberspace

Figure 1. Selected Economic Indicators

Sources: World Bank (2019); ITU (2018).

In 2017, the unclassiﬁed version of the sonal communication, November 13, Euro-Mediterranean Police Threat As- 2020). Historically, the MENA region sessment (EMTA) placed cybercrime as has also been a target of sophisticated a rising threat in its analysis of serious attacks, illustrated by the Iran-at- organised crime and terrorist activities tributed Shamoon cyberespionage in the Euro-Mediterranean region (M. that attacked Saudi Aramco in August Quillé, Euromed Police IV Project, per- 2012 (Shires & Hakmeh, 2020). State-

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 19

sponsored cyber operations could be anonymous way. This connection has considered criminal activities, blurring become particularly clear in the con- the lines between law enforcement text of the terrorist use of the Internet. and intelligence responses in cyber- The region’s key political features, i.e., space. Examples of cybercrime are nu- transitioning regimes, civil conflicts and merous in the region. EMTA refers to sectarianism, set favourable grounds the Moroccan Islamic Union-Mail (CIVI- for both domestic and transnational POL & Euromed Police IV, 2017) active terrorism, “making this region the epi- until March 2018 as an example of the centre of global terrorism” (Kim & terrorist organisation’s use of informa- Sandler, 2020). Even though not en- tion and communication technologies tirely new as a phenomenon (UNODC, (ICT) to conduct cyberattacks (TRAC, 2013), terrorist organisations in the n.d.). An example of a hacktivist organ- MENA region use the online strategies isation is the Tunisian Fallaga Team, and tactics of cybercriminals and hack- which defaced 33,605 websites around tivists to inspire, communicate, recruit, the world, especially in France, where train and share news of success, failure they have defaced many ministries’ and calls to actions (Vacca, 2020, p. websites (Zone-H, n.d.). Another illus- 54). The latter also rely on numerous tration of an intricate cybercriminal ac- sources of income and use a range of tivity in the MENA region is a major electronic methods to fundraise, such cyberespionage campaign, dubbed as social media, crowdfunding plat- Dark Caracal, which is also covered in forms and virtual currencies, among Pawlak’s chapter in this study. It tar- others (FATF, 2015). This became a par- geted thousands of individuals across ticularly burning challenge in the after- 21 countries and was operating out of math of the conflict in Syria when the a Lebanese intelligence agency build- Islamic State of Iraq and Syria turned ing since January 2012 (SMEX, 2018). social media and cyberspace as one of Consequently, addressing the threat of its main channels of activity with well- crime as a multiplier of conflict and in- developed communication outlets stability is paramount in the MENA re- (Berton & Pawlak, 2015). gion. Furthermore, these cyber tools enable The crime-conflict nexus vividly ex- sabotage and espionage activities to be tends to cyberspace. Instability creates upscaled in the region, where a complex space and opportunity for criminal ac- web of actors – ranging from hostile tivities to flourish (illegal trade of natu- states to organised crime networks, ter- ral resources, fees and bribes, illegal rorist organisations, and non-state actors drug trafficking, looting and selling an- – make way in this new domain to de- tiquities), while organised crime also stabilise and discredit public and pri- sustains conflict by offering lucrative vate organisations (see also Pawlak’s means to wage longer conflicts (Steen- chapter and Abdel-Sadek's Annex of kamp, 2017). These linkages are even this study). The activities range from il- easier to make as access to ICT ex- legal access to data, illegal intercep- pands and amplifies a transborder nation, data and system interference, ture of crime. As such, cyber tools are misuse of devices, computer-related used by criminals to communicate, col- forgery, computer-related fraud, child lect funds and coordinate illicit activ- pornography, and copyright and ities in an easier, faster, safer and neighbouring rights (CIVIPOL & Eu- 20 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

romed Police IV, 2017). A rather low Emirates (UAE) is reported as the sec- level of cyber hygiene across the re- ond most targeted country in the world gion contributes to the high vulnerabil- for cybercrime, costing the country an ity of the region to cybercrime estimated €1.15 billion per year, while (CIVIPOL & Euromed Police IV, 2017). cybercriminals also exploited the Common methods used in cyberat- COVID-19 crisis to their advantage tacks involve the exploitation of in- (UNODC, 2020). Mimecast Threat In- formation to perpetrate crimes, such as telligence Center reports a 751% in- spying, impersonating people to ob- crease in unsafe clicks during the first tain merchandise services, money or three months of 2020 in the MENA re- communicate with other people, com- gion (Bell, 2020). While statistical in- mitting medical fraud, theft and mon- formation about cybercrime across the etisation of sensitive corporate, region still remains a challenge, there government or healthcare data (Vacca, are some efforts to address this gap. 2020, p. 21). But there is more. Cash- Since 2018, the Tunisian National out services can be used to buy mobile Agency for Computer Security has phones illegally, thus circumventing published the Tunisian cyberspace’s the laws obliging SIM card users to statistics, which demonstrate a year- provide identification upon registra- on-year hike in detected cybersecurity tion. These unregistered mobile breaches, per type (ANSI, 2020). phones are the gateway to cybercrime. Regional hacktivists are active in the re- These trends are correlated with an in- gion and commit low impact crimes, creasing number of investigations re- such as defacements. Malware-as-a- lated to cybercrime across the MENA service is the most prevalent criminal countries, demonstrating the involve- activity in the region in terms of ment of regional policy-makers in find- flagged cybercrime. Phishing is also a ing adequate solutions to this new powerful vector for fraud across the re- threat (CIVIPOL & Euromed Police IV, gion, as the common language enables 2017). The objective for national pol- criminals to reach out to victims across icy-makers is to set up or update their national borders. There are many types existing cyber governance framework of phishing activities, such as financial to account for and prosecute these fraud, theft of personal data, illegal on- new crimes accordingly. In the past five line marketing, romance scam, man-in- years, detection and disruption of cy- the-middle attacks, and sexual bercrime rose in the policy agenda, extortion (CIVIPOL & Euromed Police partly due to the creation of specific IV, 2017). law enforcement structures. The MENA countries are Domestic efforts An effective fight against cybercrime targeted with involves a multitude of mandates and 6% more to fight cybercrime requires constant adaptation to the cyberattacks evolving threat landscape by policy- than the rest of The MENA countries are targeted with makers and Law Enforcement the world and 6% more cyberattacks than the rest of Agencies (LEAs). But no government the region is “one of the the world and the region is “one of the can do it alone, which makes cooper- world’s most world’s most targeted areas of cyber- ation with the private sector and non- targeted areas crime and data loss” (Gonçalves, governmental organizations (NGOs) a of cybercrime 2019). For instance, the United Arab key component in successful imple- and data loss”

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 21

mentation of any cybercrime strategy. when it was transferred to the MND. Such cooperation also helps avoid du- Nonetheless, the monitoring and re- plications and redundancies by focus- porting of cybercrime is under the re- ing efforts and ensuring wide sponsibility of the Centre for the consultation of all stakeholders: judicial Prevention and Fight against Com- personnel, ICT, defence, and police ad- puter Crime and Cybercrime (CPLCIC), ministrators, economics teams, NGOs dependent on the National Gendarme- and the private sector. rie Command, or by the cybersecurity cells of the General Directorate of Na- At the same time, a whole-of-society tional Security (DGSN). According to approach to cybersecurity also helps to official statistics, these two structures strengthen a human-centric approach handled more than 3,000 cybersecu- to it by minimising the risks of potential rity-related cases in 2018 (Kahlane, human rights abuses and 2019, p. 13). strengthening the rule of law. This is particularly important given that moni- However, experts agree on three short- toring and controlling of social media comings of the existing system. First, content has become a key aspect of the normative and organisational sys- MENA cybersecurity policy, sometimes tem is not complete and the establish- to the detriment of freedom of ex- ment of bodies for the monitoring of pression online, as is further elab- cybercrime provided for in the texts is orated in Abdel-Sadek's Annex of this slow to take place. Second, there is a study. Under the cover of controlling lack of logistical and human resources the spread of online radical propa- to optimise this new institutional ganda, several MENA governments framework. Third, the tendency to have been restricting online civil liberties over-centralise the cybercrime re- and free speech. This chapter argues sponse hinders the integration of the that cyber policies must contribute as private sector and civil society, which much to human rights, rule of law, would nonetheless provide resources democratic governance and human and support to the administration on development, as to guaranteeing se- these issues (S. Bechiri, Realistic Secur- curity, confidence and trust in ICT. ity, personal communication, De- cember 8, 2020). Algeria Algeria has gradually acquired the Algeria has seen a substantial level of means to fight cybercrime since 1997 institutionalisation when it comes to and, according to the Council of Eu- fighting cybercrime. There is a pro- rope (CoE), the legal arsenal in place gressive concentration of the compet- makes it possible to combat most of ence within the Ministry of National the computer crimes mentioned in the Defence (MND). Previously, the De- Budapest Convention on Cybercrime. partment of Intelligence and Security Weaknesses remain in the areas of was tasked with electronic surveillance procedural law and international coop- through the Network Control Group. In eration. There is currently no national addition, the National Body for the body responsible for protecting in- Prevention and Fight against ICT formation systems and raising aware- Crimes (ONPLCILTIC) was under the ness on this matter, even though the Ministry of Justice until July 2019, lack of information technology security 22 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

is a major problem for the country. A and combat cybercrime. It focuses on presidential decree dated 20 January addressing identity theft, money laun- 2020 aims to address some of the pre- dering, child pornography, as well as viously identified shortcomings by set- online defamation, libel and slander ting up a national information systems complaints. It has the dual role of in- security framework, which provides for vestigating complaints, cybersecurity the creation of three organisations to breaches, and technology-related develop the national information sys- crimes under the supervision of judicial tems security strategy and coordinate authorities, while providing basic its implementation. This institutional awareness to public and educational structure will consist of new entities, institutions on the latest cyber threats. under the supervision of the MND: the The Cybercrime Bureau has been used National Council for the Security of In- as a coercion tool to regulate and re- formation Systems; the Agency for the move unfavourable discourse from so- Security of Computer Systems; the first cial media (Quino, 2015). Other state national Computer Emergency Re- institutions and agencies, namely the sponse Team (CERT), i.e., the National Army, the General Security and State Operational Centre for Computer Se- Security, have also strengthened their curity. It also foresees that all public investigative capabilities to prevent and private entities must appoint a threats to national security, including Chief Information Security Officer (Be- cyberattacks and cyberespionage. chiri, 2020). In July 2019 the National Cyber Securi- The first Working Groups responsible ty Committee concluded that the one for implementing this institutional re- crucial step to set in motion the Leba- form have started their work but their nese Cyber Security Strategy is to cre- progress is hampered by COVID-19-re- ate a National Cyber Security lated restrictions. Once in place, this Information System Agency (NCISA) to structure will contribute to providing assess vulnerabilities, recommend pre- more clarity on cyber governance in Al- ventive measures, identify threats, re- geria, bringing together numerous ac- spond promptly and efficiently to tors under a single umbrella, while attacks, and maintain security (Araz, being the key government stake- 2019). It is expected that NCISA will fa- holders to engage with in the field of cilitate coordination among different cybercrime. actors and proactive approach to managing cybersecurity issues, while Lebanon tracking the growth and diversity of cy- berthreats, and addressing their sophis- Lebanon scores rather low in inter- tication. The NCISA will report directly national indexes concerning the levels to the Prime Minister and will be at- of connectivity and cybersecurity (see tached to the Higher Council of De- figure 1 above). The key policy stake- fence’s General Secretariat. The Cyber holder in the fight against cybercrime Security Strategy also posits the cre- is the controversial Cyber Crime and ation of the Cyber Security Incidents Intellectual Property Rights Bureau of Response Team (CSIRT) as the central the Judicial Police, within the Internal repository of cyber incidents to sup- Security Forces, which was established port in remediation, defence and pre- in 2006 to strengthen online security vention against the notified attacks.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 23

There is currently no national CERT (N. the National Defence Administration, Alkhatib, Bank Audi, personal com- and the Directorate General of In- munication, February 12, 2021; S. Araz, formation Systems Security. The ma- Middle East Institute, personal com- CERT Helpdesk enables any citizen to munication, February 12, 2021). report an incident online by complet- ing an incident report form and send- Morocco ing it by email or fax. maCERT also has a hotline. Morocco is, however, lagging Morocco has achieved legal and tech- behind with regards to its organisa- nical excellence in the fight against cy- tional structures, the inexistence of an bercrime. However, the regulatory updated cybersecurity strategy and arsenal is still limited to vital organisa- the failure to monitor statistical indica- tions and leaves out most of the pri- tors, which are major flaws in the sys- vate sector (DATAPROTECT & AUSIM, tem for efficiently combating 2018). Bill 05-20 relating to cybersecur- cybercrime. Moreover, the study’s ity was adopted by the Moroccan Par- Annex by Abel-Sadek also reviews Mo- liament on 14 July 2020. The law is a rocco’s bleak developments from the significant step towards strengthening perspective of Internet openness and national capacities in the field of cy- freedom of speech and access. bersecurity, broadening the scope of information systems security by inte- Regional process for grating other active categories, such as public telecommunications network fighting cybercrime operators, cybersecurity service providers, and digital service providers. It Concurrently to the national efforts, also aims to set up a framework for co- countries across the region have also operation data exchange between the taken steps to strengthen their coop- national cybersecurity authority and eration against cybercrime at regional the competent services for combating level. The African Union Convention on cybercrime and the misuse of personal Cyber Security and Personal Data Pro- data. Finally, it provides legal ground tection – also known as the Malabo for international cooperation in the Convention (MC) – of 27 June 2014 is field of cybersecurity (Moroccan Parlia- the most comprehensive effort in this ment, 2020). respect. However, the Convention has not gained broad support and faces These efforts have notably been recog- problems with ratification among the nised by the CoE, which relies on Mo- African Union (AU) Commission member rocco to support the deployment of an states (O. Daas, AFRIPOL, personal updated legal arsenal capable of tack- communication, November 18, 2020). ling cybercrime in the MENA region in In the MENA region, only two coun- the framework of its two projects: tries have signed it: Mauritania in Feb- GLACY+ and CyberSouth. Currently, in ruary 2015, and Tunisia in April 2019. Morocco, the filing of a complaint The Malabo Convention focuses on the against an act of cybercrime can be technical aspects of cybersecurity, made to the Moroccan Computer while the issue of electronic evidence Emergency Response Team (maCERT), in legal cases remains unsolved. An the centre for detection and reaction amendment is necessary to create an to computer attacks, which is part of evidence-management gateway and lay 24 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

the groundwork for operationalisation in Other regional instruments in the the area of cybercrime, based on inter- MENA region include the Arab Con- African cooperation as a principle. vention on Combating Information Technology Offences by the League of The African Police Cooperation Organ- Arab States (2010), the Arab Strategy isation (AFRIPOL), launched in 2015, for Scientific Research and Innovation has also been active in the field of cy- by the Arab League Educational, Cul- bercrime cooperation. In 2018, a Work- tural and Scientific Organisation ing Group on Cybercrime began to (ALECSO, 2014), the Arab Regional ini- meet biannually with the objective of tiative on confidence and security in developing a regional strategy to fight use of telecommunications and ICT cybercrime. The aim of this document and the International Telecommunica- is to establish a regional framework tion Union Centre of Excellence Net- for the tools in use (equipment and work in the Arab Region, from 2015 to procedures), the training of police ex- 2018 (UNESCWA, 2019a). perts, and the legal and legislative framework to develop a convention. MENA and international The need for a regional strategy to combat cybercrime stems from the cooperation against observation that the African continent cybercrime is disparate in terms of progress, as well as standards and tools. In prepa- The MENA countries are also engaged ration for the strategy, a census was in international efforts to fight cyber- conducted in the 55 countries and crime: both through the existing global North Africa is among the most de- instruments, such as the Budapest veloped ones. In fact, Algeria will be Convention on Cybercrime, and the called upon to train cybercrime ex- ongoing efforts undertaken at the perts from the AU member states. United Nations (UN) through the The next steps are the ongoing vali- United Nations Office on Drugs and dation of the strategy, the provision Crime (UNODC) in Vienna and in the of tools by one or more sponsors for Third Committee at the UN Head- under-equipped police forces, train- quarters in New York. ing in the regional centres of excellence (Rwanda, South Africa and The 2001 Budapest Convention was Senegal), and capitalisation on IN- the most relevant international treaty TERPOL Support Programme for the seeking to address cybercrime by har- AU in Relation to AFRIPOL (ISPA), monising national laws, improving in- which was launched on 28 April 2020, vestigative techniques, and increasing especially with regards to operational transnational cooperation. The Buda- The Budapest capacity-building in the field of cyber- pest Convention is the only legally Convention is crime. Other partnership projects are binding instrument that provides a the only legally currently under development, in par- framework for international cooper- binding ticular with the EU Agency for Law ation in the fight against cybercrime, instrument that Enforcement Cooperation (EURO- and has served as a benchmark for set- provides a framework for POL) and the EU Agency for Law En- ting international standards in this field international forcement Training (CEPOL), and (Pawlak, 2017). The Budapest Conven- cooperation in cybercrime is one of the topics ad- tion has set out the prioritisation of cy- the fight against dressed. bercrime in international cooperation. cybercrime

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 25

It entered into force in July 2004, and vestigative powers to access data, and has 65 parties and nine states in the discussion of EU electronic evidence (T- process of accession at the moment of CY, 2020). writing. The process of adhesion requires the CoE and the Cybercrime Even though accession to the Buda- Convention Committee (T-CY) to con- pest Convention is open to all coun- duct an assessment, which leads to the tries, the Convention has not gained harmonisation and upgrade of the global recognition as a universally necessary legislation, after which the binding instrument. It has faced a par- country is invited to become a ticularly strong opposition from some member. The main advantage of ratify- countries, in particular Russia, which is ing the Budapest Convention is that it the main proponent of a new inter- allows local institutions to interface national treaty on cybercrime under with other countries more smoothly. the auspices of the UN (Hakmeh & Thanks to its early involvement in cy- Peters, 2020). In 2019, a Russia-spon- bercrime cooperation, Morocco be- sored resolution proposed the estab- came a full party to the treaty on 26 lishment of an Ad Hoc Expert June 2018. Committee to work towards a new UN treaty. Several countries in the MENA Tunisia was also invited to adhere to region such as Algeria, Iran, Libya, the Budapest Convention on 13 Feb- Sudan and Syria co-sponsored the res- ruary 2018 but has yet to become a full olution, with another 15 voting in fa- party, as the draft law to align the na- vour, only one against (Israel) and six tional legislation with the provision of abstaining (Bahrain, Djibouti, Morocco, the Budapest Convention is still pend- Saudi Arabia, Tunisia and Turkey) (UN, ing approval. The Tunisian authorities 2019). The organisational session of have capacities in place to fight cyber- the Ad Hoc Committee to Elaborate a crime and deal with electronic evi- Comprehensive International Conven- dence and the CyberSouth project is tion on Countering the Use of ICT for assisting them further in the area of Criminal Purposes convened from 10 judicial training and guidelines for to 12 May 2021. During the postpone- handling electronic evidence (V. Spiri- ment debate, MENA countries were don, C-PROC, personal communica- actively involved, with Saudi Arabia tion, November 20, 2020). and Syria demonstrating a close watch over the process, and Egypt submit- Regarding the additional international ting views. At the meeting, Ambassa- legislation on cybercrime, T-CY has dor Faouzia Boumaiza Mebarki from published 11 Guidance Notes, which Algeria was elected the Chair of the serve as a follow-up mechanism to Group and Ambassador Mohamed better explain the Budapest Conven- Hamdy El-Molla from Egypt became tion to parties and provide comple- one of 13 Vice-Chairs. Experts point mentary definitions (T-CY, 2012). The out a strategic political discrepancy Second Additional Protocol to the Bu- between politicians who take their dapest Convention is currently under decisions based on ideological align- preparation by T-CY. The additional el- ment, and practitioners (such as ements include enhanced international LEAs), which continue to be direct cooperation between public auth- beneficiaries of EU-funded support in orities and the private sector, new in- tackling cybercrime (V. Spidiron, C- 26 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

PROC, personal communication, No- respect. The underlying reason for its vember 20, 2020; M. Quillé, Euromed involvement is to support Southern Police IV Project, personal communica- Neighbourhood (SN) partners in their tion, November 13, 2020). efforts to join the multi-stakeholder dialogue on cybercrime through capi- Finally, on 12 November 2018, the talising on EU know-how. Even though Paris Call for Trust and Safety in Cyber- cybercrime is not officially stated in the space was supported by states, local Multiannual Action Programmes and governments, companies and civil so- the Annual Action Programmes with ciety organizations (CSOs). Its ninth the European Neighbourhood Policy principle is to promote the wide ac- (ENP)-South countries, some activities ceptance and implementation of inter- in cybersecurity capacity-building are national standards of responsible taking place under national Technical behaviour and confidence-building Assistance projects and Association measures in cyberspace through the fa- Agreements or are supported by other cilitation of information exchange on EU global initiatives funded by the EU. cybercrime. Several MENA countries have supported the Paris Call and they Euromed Police IV Project are Kuwait, Lebanon, Morocco, Qatar, Tunisia, and the UAE (Paris Call, 2018). According to the expert consulted, regional cooperation on cybercrime be- Regional The EU’s role in tween the EU and the MENA region cooperation on started in the Euromed Police IV Pro- cybercrime supporting the MENA ject, which is part of the Euro-Mediter- between the EU countries ranean Partnership (M. Quillé, and the MENA Euromed Police IV Project, personal region started in the Euromed The EU 2020-2025 Security Union communication, November 13, 2020). Police IV Project, Strategy identified cybersecurity as an Euromed Police IV was funded by the which is part of issue of strategic importance. Online European Commission’s Directorate- the Euro- dependency, the rise of cybercrime, General for Neighbourhood and En- Mediterranean and cyber theft of trade secrets are de- largement Negotiations, and was Partnership scribed as rationale for acting. The EU implemented from February 2016 to 2013 Cybersecurity Strategy lists January 2020 by a public-private con- “drastically reducing cybercrime” as sortium involving seven EU member one of its five priorities. In that respect, states, namely: France, Germany, Italy, the EU’s external priorities include pro- the Netherlands, Romania and Slove- moting a truly multi-stakeholder dia- nia. Its aim was to support the LEAs logue between the EU and the partner (police, gendarmerie) of the EU’s SN countries, reinforcing ties with like- countries: Algeria, Egypt, Israel, Jordan, minded partners on cybercrime, and Lebanon, Morocco, Palestine and Tuni- leveraging European expertise on sia. Libya and Syria were excluded for se- cyber-related matters. curity reasons. Five crime areas were identified following a consultation be- Although MENA as a region is not tween the EU and beneficiaries and a de- mentioned explicitly, the EU has been tailed matrix of the crime phenomena in a key partner in supporting the region the region was developed. These were: in its fight against cybercrime and has terrorism; cybercrime; trafficking in therefore funded several actions in this human beings, sexual exploitation, im-

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 27

migration; drugs; and weapons and ex- dence Handbook in 2017, which was plosives. subsequently taken up and disseminated worldwide (M. Quillé, Euromed Cybercrime was high on the agenda, Police IV Project, personal communica- with three sub-priorities and their de- tion, November 13, 2020). rived activities. The first was to reinforce the capacity of security and Overall, the project had a positive im- investigation forces in their use of on- pact on the region’s capability to fight line networks, and Internet access pro- cybercrime. It provided a platform for viders. As an illustration of a successful face-to-face contacts between the pri- activity, an initial meeting between ac- vate sector and LEAs to support coop- cess providers and investigation services eration in the region, improved was held at AFRIPOL, in Algiers, in the understanding of key challenges of cy- presence of Internet Service Providers bercrime through workshops on the (Facebook, Google, among others) and dark web and other topics, and publica- counter-terrorism and investigation of- tion of The Digital Evidence Handbook. ficers from the region. The objective was The project also resulted in the success- to initiate an instantaneous reaction ful creation of two networks for LEAs, mechanism upon the occurrence of a which are still active to date, even cyber threat on the networks, to facili- though there is currently little feedback tate automatic contact sharing and en- on cybercrime activities: the Analysis hance the authorities’ feedback to the Network, whereby each SN country perpetrator. This mechanism is already feeds strategic and non-operational in- used in Europe, and not yet in place in formation to EUROPOL through a Euro- the MENA (M. Quillé, Euromed Police IV Mediterranean database; and the Project, personal communication, No- Capacity-Building Specialist Network vember 13, 2020). that deals with existing crime.

The second priority area was to In comparison to other priorities of the strengthen the capacity in the fight project, cybercrime cooperation was the against financial cybercrime, and the area that most marked cooperation be- fight against online child pornography. tween the EU and MENA countries. An The SN security services were ill- encouraging axis of cooperation has equipped to tackle these new threats. been to strengthen the links between Several training workshops were con- the public and private actors on cyber- ducted in Tunisia and Morocco on inves- crime by contributing to the devel- tigative tools on the dark web for police opment of standardised investigation officers, police investigation services, in- methods in the fight against child por- telligence, and counter-terrorism oper- nography. Future action is needed, as atives. some activities carried out may not be fully institutionalised, and the Ministries The third priority area was to strengthen of the Interior’s relevant units now have police and judicial cooperation on cy- relatively strong regional networks. bercrime issues in collaboration with the Euro-Mediterranean Justice Project by The Euro-Mediterranean Police V Pro- developing all the prerequisites for ject was launched in October 2020, criminal investigations. This resulted in a with CEPOL as the lead implementer. joint publication entitled The Digital Evi- CEPOL has been involved in setting up 28 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

the Euro-Mediterranean Knowledge training, and interagency and inter- Base with the aim of centralising the national cooperation (CoE, 2021). The cooperation actions carried out in the important regional advantage is to fight against crime, in particular cyber- capitalise on Morocco’s experience in crime. fighting cybercrime, as the country is more advanced regionally. Working GLACY, GLACY+ and with an experienced partner that has CyberSouth already gone through the process will enable other partners to make use of In addition, the EU has provided sup- the same methodology to develop ca- port to other cybercrime focused pro- pacities and best practices, while the jects that are global in scope but more advanced partner can continue include the MENA countries among to receive support. Models and best their beneficiaries. In cooperation with practices in cybersecurity legislation the CoE, since 2014 the EU has sup- and electronic evidence exist; however, ported the Global Action on Cyber- regional ambitions ought to be navi- crime (GLACY) and currently its gated wisely, as the question of who successor the GLACY Extended has the leading role is sensitive (V. (GLACY+) Project (V. Spidiron, C- Spidiron, C-PROC, personal com- PROC, personal communication, No- munication, November 20, 2020). vember 20, 2020). The objective of GLACY+ is to strengthen the capa- The main activities are the law en- cities of 15 priority countries, including forcement and judicial trainings car- Morocco, to apply legislation on cyber- ried out in these countries in crime and electronic evidence. computer forensics and open-source GLACY+ supports these countries in intelligence in a train-the-trainer per- becoming regional hubs carrying out spective, where trained magistrates the implementation of activities and conduct trainings for newcomers. sharing their lessons learnt. Morocco Guidelines to secure, collect and ana- was the earliest of ENP-South coun- lyse electronic evidence is currently tries to take up cybercrime actions in- not in line or harmonised with inter- dividually. As a testimony for its long national best practices and support involvement in international cooper- was provided in this respect. Since ation on cybercrime, Moroccan magis- the first workshops that have taken trates are leading training workshops place to benefit structures in each in other countries (V. Spidiron, C- country, major progress was regis- PROC, personal communication, No- tered and some of the countries de- vember 20, 2020). veloped their domestic guidelines on handling electronic evidence. A joint The CyberSouth Project – another joint effort to develop the national training action of the EU and the CoE that material on cybercrime in all five tar- started in 2017 – has similar objectives get countries (including the curricula but targets the MENA region specifi- for judicial training institutes) is cur- cally: Algeria, Jordan, Morocco, Leba- rently being put together by Do- non and Tunisia. The objective is to mestic Working Groups. The reinforce criminal justice authorities’ CyberSouth Judicial Network Secre- capacities on cybercrime and support tariat also facilitates dialogues be- the legislation through institutional tween magistrates in the region on

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 29

the topics of cybercrime and elec- Cybercrime has rapidly emerged as tronic evidence, and is an informal one of the most serious societal threats channel to enhance international coop- and a key challenge for the LEAs in the eration. region. The national piloting of a cybersecurity strategy is a crucial step in Conclusions and creating a common framework for re- sponding to this exponential problem. recommendations Efforts have been made in this direc- In sum, the MENA region is gradually in- tion in the MENA region and this tegrating into the global digital econ- chapter has focused on presenting the omy, although a mindset shift is needed administrative and legal remedies to foster the development of a truly available to citizens who are victims of competitive private sector, the rational- cyberattacks in three countries, Alge- isation of public sector employment and ria, Lebanon and Morocco, being par- the diversification of the economy to ticularly active in cooperating with the other growth-generating economic sec- EU in this field. tors apart from oil and gas. As cybercrime is a cross-border issue In the MENA A promising sign of economic diversifi- by nature, it requires international co- region a shift is cation in the MENA region is the appe- operation to strengthen and increase underway from tite for technology and innovation that convergence of national legislations in passive is beginning to emerge. Indeed, a shift order to trace and prosecute cyber- technology is underway from passive technology criminal networks across borders. On- consumption to consumption to localisation and tech- going negotiations at the UN localisation and nological appropriation (UNESCWA, regarding the possible adoption of a technological appropriation 2019b). Endemic ride-hailing applica- new cybercrime treaty divide the tions and a regional music streaming world, and the MENA region is no ex- platform are examples of technological ception, with a majority of MENA appropriation. Nevertheless, more ef- countries supporting this process with forts are needed to move towards the the expectation that it would provide endogenous production and tech- more clarity on the rules applicable to nological innovation levels that are cyberspace. required in the digital economy. In line with its objective of promoting One of the hidden facets of this opti- a multi-stakeholder dialogue on cy- mistic horizon is the extreme vulnerabil- bersecurity, the EU has been working ity and poor cyber hygiene of the region since 2014 to support the countries of in the face of the new risks, and in par- the SN in their efforts to upgrade their ticular the new criminal trends. Many ac- administrations and legislative frame- tors, from competing states, to works in the fight against cybercrime. non-state actors, terrorist groups and Several EU-funded initiatives, de- political oppositions, are converging on scribed in this chapter, coexist to, the web, exploiting its easy, fast and among other things, support countries anonymous access to conduct illicit ac- wishing to adopt the Budapest Con- tivities. This is all the more true in a po- vention and improve their capacity to larised and war-prone region, such as respond to cyberattacks. This chapter the MENA. also argues that the EU is a legitimate 30 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

partner to support the MENA region in tacts were initiated, they are yet to its anti-cybercrime efforts due to its be institutionalised. The new phase early involvement in the process and of the Euro-Med Police V Project, continued eagerness to support, dem- which was recently launched, pro- onstrated by several ongoing EU- vides a suitable framework to intro- funded projects. duce private sector participation and wider consultation. Four concrete measures are suggested as the way forward for MENA national 3. Reinforcing MENA capacities policy-makers to advance the much- through existing networks. This needed anti-cybercrime reform with the chapter presented regional projects support of committed partners, such as that have built networks and Centres the EU. of Excellence, within which state personnel (LEAs, prosecutors and 1. Data collection is a necessary step magistrates) from across the MENA to evaluate the risk of cybercrime. region interact and share best prac- Policy-makers should prioritise sizing tices. This effort is bearing fruits, es- up cybercrime’s costs, numbers and pecially as it offers a channel of types of cyberattacks, and the most communication to mutualise and en- hit industries and administrations. hance intra-regional know-how and The information gathered will high- replicate efforts. This is especially rel- light the extent of cybercrime and evant in this region’s context of will help determine proper threat relative linguistic homogeneity. levels. The EU and MENA countries’ policy-makers must take advantage 4. Enhancing cyber hygiene in the of the new phase of the MEDSTAT MENA region. One crucial element regional programme presently at a in preventing cybercrime is to edu- tender stage, whose objective is the cate Internet users about the risks harmonisation of statistics in the that they are taking online. This ENP-South countries, by adding cy- awareness-raising effort is already bersecurity statistics to the current taking place in the form of multiple targeted ﬁelds. campaigns, from organising cyber drills and cybersecurity competi- 2. Fostering inclusive participation of tions, participating in Safer Internet the private sector and civil society Day, and public awareness events, in cyber policy formulation and such as regional cybersecurity week monitoring. Experts consulted agree and other thematic workshops. that a way to enhance cooperation in These domestic efforts must be sus- tackling cybercrime is to engage with tained, and systematised, with re- the private sector and develop new gional organisations (UNESCWA, cooperation schemes, i.e., the hy- AFRIPOL, League of Arab States) bridisation of cybersecurity provision playing a unifying role. In addition and widening dependency between to policy-makers’ capacity-building public and private actors. Public-pri- efforts, CyberSouth and Euromed vate partnerships in the ﬁght against Police Projects, as well as others, cybercrime are an indispensable el- could also implement activities re- ement. This area of cooperation is to inforcing school curricula in cyber be developed and, although con- hygiene.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 31

References

AGENCE NATIONALE DE LA SECURITE INFORMATIQUE (ANSI). (2020). Statis- tiques sur le cyberespace tunisien. Retrieved from https://www.ansi.tn/statistics

ARAZ, S. (2019). Lebanon’s cybersecurity strategy emerges. Retrieved from https://mei.edu/publications/lebanons-cybersecurity-strategy-emerges

BECHIRI, S. (2020). Nouvelle organisation de la SSI en Algérie. Retrieved from https://www.realistic-security.com/nouvelle-organisation-de-la-ssi-en-algerie/

BELHAJ, F. (2021). MENA unbound: ten years after the Arab Spring, avoiding another lost decade. Retrieved from https://www.worldbank.org/en/news/ opinion/2021/01/14/mena-unbound-ten-years-after-the-arab-spring-avoiding- another-lost-decade

BELL, J. (2020). Coronavirus: Cybercrime rockets in Middle East as fraudsters exploit COVID-19. Retrieved from https://english.alarabiya.net/News/middle- east/2020/12/07/Coronavirus-Coronavirus-Cybercrime-rockets-in-Middle-East-as- fraudsters-exploit-COVID-19

BERTON, B., & PAWLAK, P. (2015). Cyber Jihadists and their Web. Retrieved from https://www.iss.europa.eu/content/cyber-jihadists-and-their-web

CIVIPOL & EUROMED POLICE IV. (2017). Euromed police threat assessment.

COUNCIL OF EUROPE (CoE). (2021). CyberSouth. Retrieved from https://www.coe.int/en/web/cybercrime/cybersouth

CYBERCRIME CONVENTION COMMITTEE (T-CY). (2012). Guidance notes. Re- trieved from https://www.coe.int/en/web/cybercrime/guidance-notes

CYBERCRIME CONVENTION COMMITTEE (T-CY). (2020). Protocol negotiations. Retrieved from https://www.coe.int/en/web/cybercrime/t-cy-drafting-group

DATAPROTECT & AUSIM. (2018). Les enjeux de la cybersecurité ́ au Maroc - Livre Blanc. Rabat: Bibliothequè Nationale du Royaume du Maroc.

EU CYBER DIRECT. (2020). Cybercrime at the United Nations Background Note. Retrieved from https://eucyberdirect.eu/wp-content/uploads/2020/06/back- groundnote.pdf

FINANCIAL ACTION TASK FORCE (FATF). (2015). FATF Report. Emerging terrorist financing risks. Retrieved from https://www.fatf-gafi.org/media/fatf/documents/reports/Emerging-Terrorist-Financing-Risks.pdf 32 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

GAUB, F. (2019). Chaillot Paper 154 - Arab futures 2.0 the road to 2030. Re- trieved from https://www.iss.europa.eu/sites/default/ﬁles/EUISSFiles/ Chail- lot_154%20Arab%20Futures.pdf

GONÇALVES, P. (2019). Middle East is the biggest target for cybercrime. Re- trieved from https://www.internationalinvestment.net/news/4001693/middle- east-biggest-target-cybercrime

HAKMEH, J., & PETERS, A. (2020). A new UN cybercrime Treaty? the way forward for supporters of an open, free, and secure Internet. Retrieved from https://www.cfr.org/blog/new-un-cybercrime-treaty-way-forward-supporters- open-free-and-secure-internet

INTERNATIONAL TELECOMMUNICATION UNION (ITU). (2018). Global Cy- bersecurity Index. Retrieved from https://www.itu.int/pub/D-STR-GCI.01-2018

KAHLANE, A. (2019). La problématique de la concurrence dans le contexte de l’économie numérique. Retrieved from http://www.conseil-concurrence.dz/wp- content/uploads/2019/10/Mr-Kahlane.pdf

KIM, W., & SANDLER, T. (2020). Middle East and North Africa: terrorism and conﬂicts. Global Policy, 11(4), 424-38.

LATICI, T. (2019). Cyber: how big is the threat? Retrieved from https://www.europarl. europa.eu/ RegData/etudes/ATAG/2019/637980/EPRS_ATA(2019)637980_EN.pdf

MOROCCAN PARLIAMENT. (2020). La Chambre des Représentants adopte 6 projets de loi relatifs à la défense nationale, à la sécurité informatique et au secteur ﬁnancier et bancaire. Retrieved from https://www.chambredesrepresentants.ma/fr/actualites/la- chambre-des-representants-adopte-6-projets-de-loi-relatifs-la-defense-nationale-la

PARIS CALL. (2018). Paris Call for trust in cyberspace. Retrieved from https://pa- riscall.international/en/call

PAWLAK, P. (2017). A wild wild web? laws, norms, crime and politics in cyberspace. Retrieved from https://www.iss.europa.eu/content/wild-wild-web-law- norms-crime-and-politics-cyberspace

QUINO, Z. (2015). #HackingTeam leaks: Lebanon’s cybercrime bureau exploited angry birds to surveil citizens’ mobile devices. Retrieved from https://smex.org/ hackingteam-leaks-lebanons-cybercrime-bureau-exploited-angry-birds-to-surveil- citizens-mobile-devices/

SHIRES, J., & HAKMEH, J. (2020). Brieﬁng - is the GCC cyber resilient? Retrieved from https://www.chathamhouse.org/2020/03/gcc-cyber-resilient

SMEX. (2018). Beirut-based global cyber-espionage campaign a threat to local freedoms. Retrieved from https://smex.org/beirut-based-global-cyber-espionage- campaign-a-threat-to-local-freedoms/

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 33

STATISTA RESEARCH DEPARTMENT. (2019). Internet penetration rate in the Middle East and globally 2009-2019. Retrieved from https://www.statista.com/statistics/265171/comparison-of-global-and-middle-eastern-internet-penetration-rate/

STEENKAMP, C. (2017). The crime-conﬂict nexus and the civil war in Syria. Sta- bility: International Journal of Security & Development, 1, 1-18.

TERRORISM RESEARCH AND ANALYSIS CONSORTIUM (TRAC). (n.d.). Moroc- can Islamic Union-Mail. Retrieved from https://www.trackingterrorism.org/ group/moroc%C2%ADcan-islamic-union-mail

UNITED NATIONS ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA (UNESCWA). (2019a). Arab horizon 2030 - digital technologies for development. Retrieved from https://www.unescwa.org/publications/arab-horizon- 2030-digital-technologies-development

UNITED NATIONS ECONOMIC AND SOCIAL COMMISSION FOR WESTERN ASIA (UNESCWA). (2019b). Fourth industrial revolution - impact of the fourth industrial revolution on development in the arab region. Retrieved from https://www.unescwa.org/sites/www.unescwa.org/ﬁles/publications/ﬁles/impact-fourth-industrial-revolution-development-arab-region-english.pdf

UNITED NATIONS (UN). (2019). Countering the use of information and communications technologies for criminal purposes: resolution adopted by the Gen- eral Assembly. Retrieved from https://digitallibrary.un.org/record/3841023?ln=en

UNITED NATIONS OFFICE ON DRUGS AND CRIME (UNODC). (2013). Compre- hensive study on cybercrime. Retrieved from https://www.unodc.org/documents/or- ganized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf

UNITED NATIONS OFFICE ON DRUGS AND CRIME (UNODC). (2020). COVID- 19 cyber threat analysis UNODC MENA assessment & actions. Retrieved from https://www.unodc.org/documents/middleeastandnorthafrica/2020/COVID19/C OVID19_MENA_Cyber_Report_EN.pdf

VACCA, J. (Ed.). (2020). Online terrorist propaganda, recruitment, and radializa- tion. Boca Raton, FL, United States: Taylor & Francis Group.

WORLD BANK. (2019). World Bank data. Retrieved from https://datahelpdesk.worldbank.org /knowledgebase/articles/906519-world-bank-country-and-lending-groups

YOUSSEF, T. M., ABOUELDAHAB, N., ABDEL GHAFAR, A., ZOUBIR, Y., FATHOLLAH-NEJAD, A., & KABBANI, N. (2020). Op-Ed The Middle East and North Africa over the next decade: Key challenges and policy options. Retrieved from https://www.brookings.edu/opinions/the-middle- east-and-north-africa-over-the-next-decade-key-challenges-and-policy-options/

ZONE-H. (n.d.). Unrestricted information. Retrieved from http://www.zone- h.org/archive/notiﬁer=Fallaga%20Team/page=50 Stability, Internet Governance and Disinformation

Samuele Dominioni Research Fellow, Italian Institute for International Political Studies (ISPI) Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 35

Introduction have high levels of literacy.2 In addition, they are or were in the past The spread of information and com- members of international fora address- munication technologies (ICT) has rev- ing norms of responsible state behav- olutionary effects on contemporary iour in cyberspace such as the United societies. Luciano Floridi described this Nations Group of Governmental Ex- new age of reliance on digital tech- perts on Advancing Responsible State nologies as “hyperhistory” (Floridi, Behaviour in Cyberspace in the Con- 2012). These great transformations also text of International Security (UN GGE) affect politics, where both positive and and the United Nations Open-Ended negative implications of digital tech- Working Group on Developments in nologies are already widespread. For the Field of ICT in the Context of Inter- example, social media can help people national Security (UN OEWG). All are to have their voices heard and share epi- also part of the European Neighbor- sodes of political frauds or malpractices. hood Policy (ENP), which since 2017 At the same time, ICT amplify the effects speciﬁcally included cybersecurity of fake news and disinformation cam- among its actions (Lannon, 2019). Fi- paigns. There has been a growing nally, none of them can be described number of studies investigating the ef- as a democratic regime. According to fects of digital technologies on politics the Democracy Index 2019, Egypt and both in liberal democracies (Deibert, Jordan are both “authoritarian re- 2019; Bartlett, 2018; Kavanagh & Rich, gimes”, whereas Morocco is a “hybrid 2018; Nemitz, 2018) and non-demo- regime”. These categorisations are im- cratic regimes (Dominioni, 2020a; portant insofar as they permit the Keremoğlu & Weidmann, 2020; Xu, study of Internet governance models in 2020; Rød & Weidmann, 2015; Deibert non-Western liberal democracies. This, et al., 2008; Kalathil & Boas, 2003). in turn, raises relevant questions con- Nevertheless, as Jaclyn Kerr (2018) cerning the impact of the Internet on points out, what has not received much the stability of these regimes. attention to date is how Internet control may impact broader developments of The argument herein is that different political regimes. policies and practices around Internet governance, and in particular those re- This chapter aims to address this gap garding content regulation and dis- by looking into three countries in par- information, may actually play an ticular: Egypt, Jordan and Morocco. In important role in regime devel- the last decade, all these countries ex- opments. Since the digital domain be- perienced constitutional change or re- came a tool for contesting the existing forms driven by a revolution in Egypt power structures and rulers (Bunce & or by elite concessions in Jordan and Wolchik, 2010; Eltantawy & Wiest, Morocco (Bank & Edel, 2015). All these 2011) or even a “liberation technol- countries also enjoy a relatively high ogy” (Plattner & Diamond, 2012), it share of young population (around one seems justiﬁed to include national third of the entire population1) and regulation of cyberspace as a variable in-

1 Egypt 33.6%; Jordan 33.1%; Morocco 27% (CIA World Factbook, 2020). 2 Egypt 93.29%; Jordan 99.23%; Morocco 95.07% (World Data Atlas, 2015). 36 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

fluencing the state’s organisational ca- information, including in the European pacity defined as “the scope and cohe- Union (EU) and across the Middle East sion of state and governing-party and North Africa (MENA) region, the structures” (Levitsky & Way, 2010) or “a study of a triangular relationship be- powerful coercive apparatus and/or tween a legitimate security concern, party organization” (Levitsky & Way, protection of human rights online and 2010, p. 25). A strong organisational ca- regime stability needs to become a pri- pacity is thus key to counter both insti- ority. What is the effect of these policies tutional and informational uncertainties, on freedom and societal resilience and which – as Andreas Schedler (2013) regime stability? How can these some- claims – are the two main variables that times conflicting objectives be recon- play a substantial role in authoritarian ciled and provide fruitful ground for EU stability. Therefore, mass protest and cooperation with countries in the MENA election contestations often fail in re- region? gimes with fewer information gaps, as happened for example with countries This chapter discusses the Internet gov- that joined late during the Arab Spring ernance models in Morocco, Jordan and (Bank & Edel, 2015). With the advent of Egypt in order to draw conclusions digital technologies, non-democratic re- about how various models can abuse gimes had to develop capabilities in policies of information control. In order order to contrast threats and challenges to assess opportunities for cooperation from cyberspace (Deibert et al., 2010). between the EU and countries in the region, the chapter compares the EU’s re- Beyond authoritarian control to curb civil sponse to fake news, disinformation and and political dissent, many countries other informational threats in its around the world undertook efforts to member states with those in the region. create legislation on digital media in The analysis presented in this chapter order to counter challenging phenom- builds on semi-structured interviews ena related to disinformation, such as with subject experts, the analysis of the radicalisation (for example, in the con- UN voting patterns and the analysis of text of the Islamic State of Iraq and Syria secondary sources such as reports and [ISIS]) and information operations to in- studies regarding freedoms online. fluence elections (such as the 2016 Given the particular attention that the United States presidential election). EU attaches to cyber capacity-building These cases triggered, especially in lib- programmes, the chapter concludes eral democracies, the debate regarding with recommendations on how to make the conditions under which freedom of better use of good practices in these speech could and should be limited. The programmes across the region. outbreak of the COVID-19 pandemic has resulted in a sharp increase in the Open, free and secure? level of political attention to disinformation as a global phenomenon, which ag- Internet governance in gravated the necessity to counter the the MENA region informational disorder, and prompted the UN to declare an “infodemic”. Non-democratic regimes often take different approaches to cyberspace With many governments around the than liberal democracies, including in world adopting policies to curb dis- the international fora defining norms

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 37

and state behaviours in cyberspace. UN General Assembly regarding cyber- This pattern can be traced back to the related issues. Both Morocco and Jor- late 1990s when Russia raised the issue dan’s domestic and international of countering threats from cyberspace behaviours are less consistent. On the Countries at the UN. The request to open up an one side, the countries undertake con- undertake international debate about informa- tent control at the domestic level, content control tional threats provoked a drift between through a mix of formal and informal at the domestic two fronts, which predictably mirrored measures. On the other, at the inter- level, through a geopolitical stances (Dominioni & national level, they sustain the pro- mix of formal Rugge, 2020). All those states that cesses of both the United States of and informal wanted to preserve the founding prin- America (USA) and Russia to set state measures ciples of cyberspace belonged to the behaviour norms in cyberspace. It first front, called “globalised”. The could be hypothesised that the incon- founding principles are based on the sistency at the domestic and inter- underpinning paradigm of an “unfrag- national level is led by their preference mented space”, without boundaries to non-align themselves with any sides and with free flow of information on Internet governance solutions. (Mueller, 2017). The second front brought together countries that con- Egypt ceptualised cyberspace, and thus Inter- net, as just another medium like TV or Egypt invested in the ICT sector to radio and consequently it had to be foster economic development (Saleh, ruled, in particular with regards to con- 2012). The government opted for a tent. This second approach is referred centralised approach (Wheeler, 2003) to as “alignment” (Mueller, 2017).3 and released a national strategy on In- These two conflicting reasons are also ternet during the MENA Economic the main factor in the two processes Summit in 1994. The plan aimed for a that drove the discussions at the UN, socioeconomic transition, which re- namely the UN GGE and the UN volved around the idea of passing from OEWG. Presumably, the success and an industrial-based to a knowledge- failure of one depends on devel- based economy. In the following years, opments in the other (Broeders, 2019). the government led by President Hosni The next sections shed light on models Mubarak undertook a series of initia- of Internet governance adopted in tives to spread ICT among the popu- Egypt, Jordan and Morocco. Overall, it lation. These efforts produced relevant is possible to claim that in terms of In- results as in less than two decades In- ternet governance models, the three ternet users went from 438,208 (2000) countries under analysis are imple- to 48 million (2019) according to the In- menting policy choices and practices ternet Live Stats (www.internetlive- that are more in keeping with the stats.com) data compiled by the aligned model approach. This is par- International Telecommunication Union ticularly evident in Egypt, where there (ITU), World Bank, and UN Population is consistency between domestic poli- Division, with a penetration rate of cies/practices and the behaviour at the 55.7% (Arab Republic of Egypt, 2020).

3 This dichotomy does not find a consistent preference among Western countries. For example, “hard-core European data protection advocates who want to border information flows, many cyber- warriors in the U.S. military […] are all partisan of alignment” (Mueller, 2017, p. 35). 38 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

Moroever, there are more than 200 ac- OEWG to establish a Programme of credited Internet service providers Action that is now sponsored by (ISPs). The centralised model is also re- another 47 UN member states. The flected in the government’s power proposals call for concrete steps in over ICT matters and authorities. For order to achieve practical outcomes on example, the National Telecommunica- international cybersecurity. Neverthe- tion Regulatory Authority (NTRA), less, Egypt’s stances at the UN have which regulates all ICT and ISP activ- often reflected those of the “aligned” ities, does not enjoy formal indepen- countries, such as Russia (Dominioni, dence from the government (Article 19, 2020b). This is particularly evident in 2015). Overall, the government main- Egypt’s UN voting patterns on some of tains “considerable control over Inter- the key resolutions, including on the net infrastructure and has restricted establishment of all UN GGE or the UN connectivity” (Freedom House, 2019a). OEWG. In these fora, Egypt expressed its desire for the “operationalization of Government regulation and control the existing rules and norms previously over the online content have increased endorsed by the UN General Assembly over the years. In the first phase, prior through upgrading their status and to the 2011 Revolution, a report from making them more binding for all the OpenNet Initiative stated there States” (UN OEWG, 2020). was “no evidence of Internet filtering in Egypt, although a small group of Jordan politically sensitive websites have been blocked in the past” (OpenNet Initiat- Jordan also pursues the development ive, 2009). Amidst the Revolution, in of ICT as a means to foster economic January 2011, national authorities diversity and trigger growth (Ein-Dor et managed to shut down the Internet on al., 2005). In particular, since the early several occasions. Beyond the brief 2000s, King Abdullah II expressed full political parenthesis of Mohamed faith and support for the diffusion of Morsi, with the advent of Abdel Fattah ICT in the country (Al-Jaghouob & Al-Sisi authorities began to engage sig- Westrup, 2003). Multiple initiatives, nificantly more in online surveillance, which attracted the participation of in- arbitrary censorship, and website shut- ternational public and private donors downs. Facebook in particular is under (such as the World Bank and Micro- scrutiny and targeted with requests to soft), spread new technologies among close down certain pages (Freedom the population along with education House, 2020a). In 2018 the govern- efforts (Al-Jaghouob & Westrup, 2003). ment even decided to launch, without The percentage of Internet users success, its own version of Facebook, among the Jordanian population a social platform called Egypt Face. passed from being 2.6% in 2000 to 66.8% in 2017 (World Bank, 2020). The In terms of international stances, Egypt government of Jordan opted for a is a very active player and takes part in public-private approach for ICT devel- key global initiatives, including those opment. The main strategy was out- sponsored by EU countries and “like- lined in the REACH initiative, which minded” states. For example, Egypt presents a national approach and out- and France were the initiators of a pro- lines a clear action plan for Jordan to posal submitted to the Chair of the UN develop a competitive model for ICT,

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 39

such as that adopted in Ireland and level it is more cautious about taking a Singapore (Al-Jaghouob & Westrup, side and clearly stating its stances. This 2003). However, the state maintains approach is in line with both that of the some control on Internet infrastruc- so-called non-aligned countries and with tures (Freedom House, 2020b). Cur- Amman’s intentional strategy that rently there are five main ISPs in “allows Jordan to pose [with a special Jordan, namely Zain, Orange, Umniah, eye on Western donor countries] as a TE Data and Damamax. The Telecom- modern and relatively progressive poli- munications Regulatory Commission ty” (Yom, 2009, p. 152). (TRC) regulates the ISP market. TRC is an independent body yet accountable Morocco to the Ministry of Digital Economy and Entrepreneurship (MoDEE). Morocco started to liberalise the telecommunications sector in the late Jordan’s policies on Internet content 1990s. This process was managed by control and censorship have evolved the National Telecommunications Regu- over the years. During the 2000s, auth- latory Agency (ANRT). Nevertheless, the orities were keen to avoid Internet entire ICT infrastructure is still owned by blockages, including of social platforms the state. Nowadays there are three such as Facebook, Twitter and YouTube. leading ISPs in Morocco: Maroc Tele- In addition, in terms of censorship or com, Orange Morocco, and INWI. Over content limitation, Jordanian authorities the years, the government has never im- in those years appeared uncertain about posed any connectivity restrictions and Internet freedom and how best to regu- does not exercise technical or legal con- late it (Freedom House, 2011). In Janu- trol over the Internet infrastructure for ary 2010, a substantial shift was imposed this purpose (Freedom House, 2019b). by the ruling of the Court of Cassation, which affirmed that websites and elec- Internet access in Morocco is, for the tronic media must comply with the Press most part, open and unrestricted. ANRT and Publications Law (PPL) (Freedom also manages the top-level country do- House, 2011). Moreover, in the years main (.ma) in a most indiscriminate after the Arab Spring, Jordan passed manner. Nevertheless, the odds for po- several laws that posed burdensome re- tential systemic control over content are strictions on Internet freedom, including high as the Internet backbone is very amendments to the PPL law, which de- centralised (Freedom House, 2019b). In clared that any website or platform that this regard, Morocco’s censorship and publishes news had to register with the filtering policies are very surgical and fo- government. cused (Z. Bouziane, University of Shar- jah, personal communication, October At the international level, especially re- 28, 2020). These policies are enforced garding the UN General Assembly votes by limiting access to specific websites, about the UN GGE and UN OEWG, Jor- social media monitoring, and limiting dan took a milder approach than Egypt, the use of torrents (Internet Censorship welcoming both the Russian and USA ini- Map, 2017). Moreover, when they have tiatives. However, Jordan has been to intervene, the authorities directly tar- rather silent in making its positions clear: get individuals by contacting the user domestically it seems to sustain informa- and asking her/him to take down the tion control, whereas at the international content (Z. Bouziane, University of Shar- 40 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

jah, personal communication, October paigns at the core of technological and 28, 2020). In terms of content, author- geopolitical risks (Zollo, 2019). This ities are particularly active in curbing all phenomenon became even more online content that is deemed “prejudi- problematic during the COVID-19 pan- cial to Islam, the monarchy, territorial in- demic. Public actors, such as govern- tegrity, or public order” (Reporters ments and international organisations, Without Borders, 2016). The law is par- private actors, newspapers and social ticularly prejudicial to investigative jour- media platforms, took measures to nalism, but the effects spread to the fight the spread of disinformation on- Internet community as a whole. Never- line. Yet, it is hypothesised that in some theless, Freedom House has signalled a particular contexts public policies positive trend in that it has not reported aimed at tackling disinformation could any Internet blocking by the govern- be used to curb opposition movement since 2013, and no general or local ments, civil society groups, and Inter- Internet shutdowns so far. net freedom as a whole. In all the countries under analysis there are At the international level, Morocco precedents of countering disinforma- seems to be following the Non-Aligned tion policies and practices, which were Movement (NAM) approach, which developed prior to the outbreak of the implies an open policy toward any kind COVID-19 pandemic. Indeed, Egypt, of initiatives regardless of their initiator, Morocco and Jordan equipped them- including binding documents, such as selves with laws aimed at countering the Budapest Convention on Cyber- radicalisation propaganda and terrorist crime (ratified in 2018). In particular, as content online. Abuses of these laws stated in the NAM Working Paper for have already been observed on the Second Substantive Session of the multiple occasions.5 In terms of Open-ended Working Group on Devel- countering COVID-19-related dis- opments in the Field of Information and information, in some cases the auth- Telecommunications in the Context of orities used the legal tools already in International Security, a “multilaterally- place; in others they developed brand agreed, and consensus-based process new policies to target the infodemic. within the UN System represents the Nevertheless, the research conducted best way to ensure that arrangements in so far did not report on any specific this field address the concerns of all definition of disinformation/mis- States, and are thus equitable, compre- information/fake news used by the hensive and effectively implemented” authorities in the selected countries. (NAM, 2020). The following sections investigate the Tackling disinformation approaches adopted in Egypt, Mo- rocco and Jordan to counter dis- Since 2013, the World Economic information practices. The cases under Forum has reported on the global risk analysis portray three different behav- of massive digital disinformation4 cam- iours regarding the adoption and

4 In this chapter, disinformation is used as a catchall concept, which includes misinformation, fake news and other related information disorder typologies. 5 See, for example, the EuroMed Rights Report available at: https://euromedrights.org/wp- content/uploads/2018/03/EuroMed-Rights-Report-on-Counter-terrorism-and-Human-Rights.pdf

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 41

mis/use of counter-disinformation poli- ticular since the instauration of the Al- cies regarding COVID-19. In Egypt, Sisi administration, has implemented where Internet freedom is already very important policies to limit Internet free- limited (26/100 according to Freedom dom, which are now making another House, 2020a), the authorities did not Internet-based revolution practically im- need to adopt further specific re- possible (Researcher, AFTEEGYPT, per- straints to Internet freedom to tackle sonal communication, November 10, disinformation. In this case, the author- 2020; J. Shea, TIMEP, personal com- ities were using existing laws to curb munication, November 11, 2020). In any possible alternative narratives on light of this background, the regime was pandemic management, in particular well equipped to curb disinformation re- those from authoritative sources (such garding COVID-19. Jordan is also an as doctors and medical staff). In Mo- authoritarian regime but it portrays less rocco, where Internet freedom is more stable organisational power. As a matter tolerated (52/100 according to Free- of fact, people have lost trust in public dom House, 2020c) the regime tried to institutions (IRI, 2018). This was a long pass a new and more restrictive law process of disillusionment that started in against content control online but it the mid-90s (M. Torki, Yarmouk Univer- was harshly criticised by a lively civil so- sity, personal communication, October Internet is ciety and therefore suspended. Jordan 30, 2020). In this context, Internet is con- considered by has a similar level of Internet freedom sidered by the Jordanian authorities to the Jordanian (49/100 according to Freedom House, be a source of instability in the regime authorities to be 2020b), yet the authorities, even (M. Torki, Yarmouk University, personal a source of though there was already a legal communication, October 30, 2020; R. instability in the framework against disinformation, de- Sharbain, Jordan Open Source, personal regime cided to implement tougher policies to communication, November 9, 2020). fight this phenomenon and resorted to Therefore, as shown by the analysis misusing it to curb political dissent, as above, there are observed cases of mis- happened for the “teachers’ protests”. use of policies to tackle disinformation about COVID-19. The overall impact on These three different behaviours are Internet freedom could be relevant for also emblematic in terms of the state the country. of the regime, or organisational power, in each country under analysis. Mo- Egypt rocco is a stable hybrid regime that has found a sustainable equilibrium be- The infodemic hit Egypt at the very between rulers and ruled since the impor- ginning of the pandemic. In March tant constitutional reforms in 2011. 2020 there were three main state- Law 22.20 could have generated an im- ments, from the Prime Minister, the balance and was thus suspended. Public Prosecutor, and the Head of Su- Anecdotal evidence suggests that the preme Media Council aimed at pre- regime does not conceive Internet venting the population from sharing freedom as a threat to its stability (Z. disinformation about COVID-19. Bouziane, University of Sharjah, per- Among the major sources of concern sonal communication, October 28, were social media platforms (Re- 2020). Egypt is a stable authoritarian searcher, AFTEEGYPT, personal com- regime which since the aftermath of munication, November 9, 2020), which the Arab Spring revolution, and in par- are widely used by Egyptians, as other 42 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

types of media are already under full Quarterly Report on the State of Free- state control. The authorities did not dom of Expression in Egypt, between pass particular laws or regulations to April and June 2020 the violation rate curb disinformation but relied on the of the right to freedom of expression pre-existing laws such as Law No. 175 online increased by 500% (AFTEE- of 2018 on Anti-Cybercrime, Law No. GYPT, 2020). 180 of 2018 on Regulating the Press and Media, and Law No. 58 of 1937 Jordan and its amendments on the Penal Code. These laws give authorities suf- With the unfolding of the pandemic in ﬁcient powers to intervene against any the country, in mid-March 2020 King publications, newspapers, media out- Abdullah II issued a royal decree that lets, or advertising materials containing allowed the government to take information deemed to threaten na- extraordinary measures. One of them tional security; disturb the public was the Defence Order 8, published peace; or promote discrimination, viol- on 15 April 2020, which prohibited ence, racism, hatred or intolerance “publishing, re-publishing, or circu- (Law 180, art. 4, 2018). In such cases, lating any news about the epidemic in Law 180 grants the Supreme Media order to terrify people or cause panic Council authority to ban or suspend among them via media, telecommuni- the distribution, broadcast or oper- cations, or social media.” Contra- ation of any media outlets or to sus- veners could risk up to three years in pend or block any personal website, prison. The country is not new to this blog or social media account that has type of restriction regarding freedom more than 5,000 followers. of speech, as there are other laws that criminalised criticisms against the The authorities, after a ﬁrst period of King, the royal family and other public positive initiatives, such as debunking institutions (M. Torki, Yarmouk Univer- COVID-19-related fake news efforts sity, personal communication, Oc- undertaken by the Egyptian Cabinet’s tober 30, 2020). Moreover, in Media Center (a public institute), February 2019 the parliament ap- turned into a more widespread cam- proved an amended law on cyber- paign to curb any type of dissent and crime that included an ambiguous to silence criticisms on how the Egyp- definition of “hate speech” as “every tian government was managing the writing and every speech or action in- pandemic (AFTEEGYPT, 2020). As a tended to provoke sectarian or racial matter of fact, the government did not sedition, advocate violence or foster want alternative narratives to circulate conflict between followers of different (J. Shea, TIMEP, personal communica- religions and various components of tion, November 11, 2020). Medical the nation” (Accessnow, 2019). Simi- doctors, nurses and other medical em- larly, the text of the Defence Order 8 ployees were particularly scrutinised by is vague about what is considered to authorities, which resorted to control- be disinformation (R. Sharbain, Jor- ling their behaviour online. Between dan Open Source, personal communi- April and June 2020, six doctors were cation, November 9, 2020). As a arrested with the charge of expressing matter of fact, although Prime Min- their views on social media (AFTEE- ister Omar Razzaz affirmed that the GYPT, 2020). According to the law would be applied to the “narro-

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 43

west extent” (Freedom House, tion, November 9, 2020). 2020b), there have been multiple contested cases regarding its applica- Morocco tion even prior to its entering into force (HRW, 2020a). The combination of a widespread use of ICT and still high level of illiteracy is Since the beginning of the pandemic a pulling factor for disinformation, there have been numerous cases of which is an endemic and long-lasting prosecutions against individuals that problem affecting the country. Yet, the shared or posted something on social Moroccan authority did not have a so- media, which were initiated on the cial media policy till the very beginning basis of the cybercrime law or the De- of the pandemic. The antiterrorism law fence Order 8. Among the episodes adopted in 2003 has not been used to observed by human rights organisa- curb media since 2013, when Moroc- tions is the cracking down on online can authorities blocked the websites of posts regarding the so-called the investigative news outlet Lakome “teachers’ protest”, which took place for allegedly condoning terrorism in summer 2020 (HRW, 2020b). Yet, (Freedom House, 2020c). In mid-March there have not been observed cases the government passed Law 22.20, of conviction for the same charges (Q. which was soon after dubbed “la loi Suwan, Jordan Open Source, per- bavette”.6 According to this new legal sonal communication, November 9, provision, “anyone who deliberately 2020). It could be argued that it is an uses social networks, open broadcast additional “card” that the regime can networks, or similar networks to pub- play to deter further discontent (R. lish or promote electronic content con- Sharbain, Jordan Open Source, per- taining false information shall be sonal communication, November 9, punished by imprisonment for three 2020). The identification of users months to two years and a ﬁne of works through an effective system of 1,000 to 5,000 dirham [$105 to $525], surveillance and relies on simple or either of these two penalties alone” mechanisms, such as monitoring pub- (Law 22.20, Article 16, 2020). This new lic social media posts (R. Sharbain, law shocked the Moroccan population Jordan Open Source, personal com- as until that moment Morocco enjoyed munication, November 9, 2020). a relatively positive Internet freedom of Once a user is identified, the auth- expression policy (Z. Bouziane, Univer- orities have several ways to intervene: sity of Sharjah, personal communica- they reach out directly to the author tion, October 28, 2020). In response, of the post and ask them to shut it multiple civil society organizations down; proceed to start a prosecution (CSOs) harshly contested the law with against them; or they go directly to some success as, in May 2020, it was the residence of the authors and pick put on hold until the health crisis is them up from there, sometimes in over. Notwithstanding the suspension plain clothes (M. Torki, Yarmouk Uni- of the law, Moroccan authorities have versity, personal communication, Oc- other tools for tackling disinformation tober 30, 2020; R. Sharbain, Jordan such as the penal code, the antiterror- Open Source, personal communica- ism law, and the press code.

6 “the gag law” (author’s translation). 44 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

In light of this legal framework, in the strengthen the EU’s own resilience months following the outbreak of the against disinformation are also an im- pandemic several people have been portant aspect of the EU’s engage- arrested for sharing fake news on social ment to fight disinformation as they media platforms. The first one was a can serve as a source of inspiration for relatively famous local influencer, “Mi both institutional and regulatory sol- Naima”, who, on a video published on utions, including the Code of Practice YouTube, claimed that COVID-19 did on Disinformation (EC, 2018a), the Ac- not exist. Other cases followed, and at tion Plan against Disinformation (De- least another 12 people were arrested cember 2018), the Rapid Alert System for the same charges (Mebtoul, 2020). (March 2019), the European Democ- The General Directorate of National racy Action Plan (2020), the Digital Security is closely monitoring social Market Acts (DMA) and the Digital Ser- media platforms to fight COVID-19 dis- vice Act (DSA, 2020). information episodes, and it has very sophisticated surveillance programmes In light of the EU’s commitment to an (Freedom House, 2020c). The author- open, global and resilient Internet ities prefer not to close down pages or worldwide (EC, 2020), cyber capacity- request the blocking of a post but to building constitutes a building block of address the users directly, and there the EU’s cyber diplomacy, including have been no reports of misuse of anti- development cooperation pro- disinformation policies to target grammes, to promote and protect people for other reasons than spread- human rights, gender digital equality, ing false news about COVID-19 (Z. the rule of law, and security. The main Bouziane, University of Sharjah, per- guiding principles are reflected in the sonal communication, October 28, conclusion of the Council of the EU 2020). meeting in June 2018. This document integrates internal lessons and best EU support to counter practices from member states and the disinformation in the MENA different initiatives undertaken at the EU region level. The Council of the EU conclusion also welcomes the development of “operational guidelines” by the Commission The EU’s approach to disinformation on the EU Cyber Capacity Building in The EU’s has evolved in the past five years from third countries (Council of the EU, 2018). approach to one focused especially on targeted dis- The EU is actively looking for greater co- disinformation information campaigns such as the ordination at the international level to has evolved in Kremlin-inspired disinformation cam- foster a harmonised approach to cy- the past five paigns (addressed by the European Ex- bersecurity and cyber resilience. In this years from one ternal Action Service’s East StratCom sense, cyber capacity-building plays a focused especially on Task Force [ESCTF]) or on confronting key role in strengthening cooperation targeted the phenomenon of radicalisation in with other countries. disinformation the Arab world, especially to counter campaigns to ISIS narratives (addressed by the So far, the EU has funded 37 projects more inward- ESCTF), to more inward-looking poli- worldwide related to cyber capacity- looking policies cies following the interference in the building (Cybil Portal, n.d.). For United States Presidential elections in example, in terms of the countries under 2016. The domestic efforts to analysis, the EU co-funded the Cyber-

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 45

South project with the Council of Eu- Conclusions and rope (CoE, n.d.). This project aims to strengthen legislation and institutional recommendations capacities on cybercrime and other electronic offences in line with human rights This chapter investigated how Internet and rule of law requirements in Algeria, governance and in particular policies Jordan, Lebanon, Morocco and Tunisia. tackling disinformation during the Yet, disinformation can be addressed COVID-19 pandemic could play a role in through other initiatives. From an ENP non-democratic regime strengthening. standpoint, the EU is actively engaged The results of the study are twofold. in many different projects that involve First, countries analysed in this chapter actors that are key to counter dis- seem to prefer the Internet governance information and fake news. Some of approach that resembles the “align- them aim to support media in the re- ment” model that posits great attention gion, such as “Developing knowledge- on content control and censorship. Sec- based European journalism relating to ond, the analysis revealed that the re- Europe’s Neighbors” (2018-2019), gimes’ reactions to disinformation on “SouthMed WiA” (2017-2019), and COVID-19 were calibrated to their or- “Open Media Hub” (2016-2019); other ganisational capacity (the cohesion of projects aim to enhance youth digital the state or governing apparatus) and to skills and awareness, such as “D-Jil” the perceived threat that freedom of ex- (2018-2022), “Generation What? – pression online can pose to the regime. Arabic” (2017-2018), and “NET-MED This second argument accounts for the Youth” (2014-2018). Nevertheless, this nuances between the countries under analysis did not find empirical evidence analysis, which are all adopting the about former or current EU funded “alignment” approach. In Morocco, projects or programmes directly aimed the contested Law 22.20 is suspended, at sharing best practices, guidelines or but could be re-activated once the assistance to tackle disinformation in health emergency is over. In Egypt the the MENA region. It could be argued pre-existing laws have been applied that the lack of direct projects to with particular focus on medical per- counter disinformation (beyond rad- sonnel, including doctors and nurses. icalisation) in the region was deter- In Jordan, the new Defence Order 8 mined by two main factors. First, the has also been applied indiscriminately EU itself has only recently developed a for purposes other than fighting specific and structured set of policies COVID-19 disinformation. and guidelines to tackle phenomena such as disinformation and fake news In this context, the EU is missing in ac- in a systematic and structured way. tion. Yet, during the last few years Second, the disinformation issue has Brussels has equipped itself with very only scaled up in the Brussels political important policies, which proved to be agenda in the last few years. In this re- effective to counter disinformation gard, the topic of disinformation was campaigns in the run up to the Euro- absent in the Commission’s European pean Parliament elections in 2019, and Agenda on Security 2015-2020, proved to be sufficient to tackle the whereas it features as a security threat COVID-19 infodemic. At the same time in the new EU 2020-2025 Security the EU has included it in its ENP cy- Union Strategy. bersecurity and cyber capacity-build- 46 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

ing programmes. Nevertheless, so far, these countries, as there is a poss- the official cooperation with the MENA ible trade-off between regime re- region concerning the topic of dis- silience and societal resilience. information, fake news and other in- Given the “aligned” model that formational disorders has been very these countries are pursuing (in dif- limited and indirect. As previously ferent degrees) to cyberspace gov- mentioned, this lack of action could be ernance, the capacity for a state to related to two reasons. First, because tackle disinformation is dependent the EU was equipping itself with the on policies and practices that are right strategy and tools to counter against the principle of Internet these new challenges. Second, the per- freedom. For example, it is recom- ceived threats of these phenomena mended to support the creation of have been recognised officially only re- a network of experts (fact checkers) cently by the new EU 2020-2025 Secur- that can work against disinforma- ity Union Strategy. tion in the selected countries. The model for this could be the “Social Nevertheless, because of the growing Observatory for Disinformation and relevance and, at the same time, in- Social Media Analysis (SOMA)” pro- creasing threats from cyberspace, find- ject. Moreover, the EU is launching ing an agreement at the international the “European Digital Media Ob- level is key. On this, the EU as well as servatory (EDMO)” with a focus on the other international actors should four main areas of intervention: fact also strengthen their efforts to build up checking, research, media literacy, principles, benchmarks and guidelines policy research and analysis. The for managing the Internet at the do- overarching idea is to create mestic level. Otherwise, as is currently multiple national observatories in the case, each state can author its own EU member states to act harmo- digital policies, including those vio- niously against disinformation. The lating human rights. Indeed, content creation of a similar structure in the control policies could be disguised as MENA region could help to counter policies against fake news, disinforma- informational disorders. tion or other online threats including radicalisation, when, in practice, they 2. The EU needs to exercise caution could be used to curb opposition to avoid its cyber capacity-build- movements or civil society groups. ing projects being used for increased surveillance, censorship The EU could play an important role in and other information control ca- this context as it has defined detailed pabilities. The odds of this possi- programmes to tackle disinformation, bility are higher in countries where which have been successful and con- the Internet is considered to be a sistent with the principles of Internet source of instability. Therefore, freedom and human rights. In light of when proposing and implementing this, it is important for future EU ac- actions and projects, the EU must tions to contemplate the following consider the cross-cutting issue of a recommendations: human rights-based approach to cyber capacity-building (EC, 1. The EU should define what type 2020b). In addition, it is important of resilience it would promote in that the EU monitors other initia-

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 47

tives (legal, technical and informal) tion [NATO]) that are working on undertaken by the beneﬁciary gov- cyber-related issues. ernment that might be contrary to the EU’s values or interests. 4. From a broader perspective, it could be useful to strengthen 3. Government-to-government co- collaborations in the field of operation is important but the cyber and information security EU should also consider the in- with those countries that are still volvement of other non-state ac- hesitant about their policy pref- tors, in line with the erences regarding international multi-stakeholders approach to cyberspace norms or those that cyberspace. These should include: consider themselves as part of the CSOs that are working as watch- NAM. By building up closer coop- dogs; social media platforms, such eration, for example by including as Facebook or Twitter, to also ex- more references to cyber- and in- pand their engagement in curbing formation-related issues in the ENP disinformation in third countries; partnership priorities, the EU could other donors and international or- achieve the so-called “entangle- ganisations (such as the ITU, the Or- ment” (Nye, 2017), which could re- ganisation of Security and sult in exerting stronger dissuasion Cooperation in Europe [OSCE], and for alternative visions on digital the North Atlantic Treaty Organiza- topics, including disinformation. 48 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

References

ACCESSNOW. (2019). Cybercrime law in Jordan: pushing back on new amendments that could harm free expression and violate privacy. Retrieved from https://www.accessnow.org/cybercrime-law-in-jordan-pushing-back-on-new- amendments-that-could-harm-free-expression-and-violate-privacy/

AL-JAGHOUOB, S., & WESTRUP, C. (2003). Jordan and ICT-led development: towards a competition state? Information, Technology & People, 16(1), 93-110.

ARAB REPUBLIC OF EGYPT. (2020). ICT indicators in brief . Ministry of Com- munication and Information Technology. Retrieved from http://www.mcit.gov.eg /Upcont/ Documents/Publications_19102020000_ICT _Indicators_in_Brief_ July_2020_EN.pdf

ARTICLE 19. (2015, April). Egypt: Telecommunication Regulation Law. Re- trieved from https://www.article19.org/data/ﬁles/medialibrary/37966/Egypt- telecoms-report—-English.pdf )

ASSOCIATION FOR FREEDOM OF THOUGHT AND EXPRESSION IN EGYPT (AFTEEGYPT). (2020). Information blockade in the time of social distancing. Quarterly Report on the state of freedom of expression in Egypt second quarter. Retrieved from https://afteegypt.org/en/breaking_news- 2/2020/10/07/20093-afteegypt.html

BANK, A., & EDEL, M. (2015). Authoritarian regime learning: comparative insights from the Arab uprisings (GIGA Working Paper 274). GIGA.

BARTLETT, J. (2018). The people vs. tech: how the Internet is killing democracy (and how we save it). New York: Penguin Random House.

BROEDERS, D. (2019). Mutually assured diplomacy: governance, ‘unpeace’ and diplomacy in cyberspace. Observer Research Foundation. Retrieved from https://www.orfonline.org/expert-speak/mutually-assured-diplomacy-governance-unpeace-diplomacy-cyberspace-56800/

BROEDERS, D., & CRISTIANO, F. (2020). Cyber norms and the United Nations: between strategic ambiguity and rules of the road. In S. Dominioni & F. Rugge (Eds.), Fragmenting the Internet: states’ policies in the digital arena. ISPI Dos- sier. Retrieved from https://www.ispionline.it/it/pubblicazione/fragmenting-internet-states-policies-digital-arena-25416

BUNCE, V., & WOLCHIK, S. (2011). Defeating authoritarian leaders in post- communist countries. Cambridge: Cambridge University Press.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 49

COUNCIL OF EUROPE (COE). (n.d.). CyberSouth activities. Retrieved from https://www.coe.int/en/web/cybercrime/cybersouth-activities

COUNCIL OF THE EUROPEAN UNION (COUNCIL OF THE EU). (2018). EU external cyber capacity building guidelines - Council conclusions. Retrieved from https://data.consilium.europa.eu/doc/document/ST-10496-2018-INIT/en/pdf

CYBIL PORTAL. (n.d.). The knowledge portal for cyber capacity building. Re- trieved February 15, 2021, from www.Cybilportal.org

DE LA CHAPELLE, B., & FEHLINGER, P. (2016). Jurisdiction on the Internet: from legal arms race to transnational cooperation (Paper Series 28). Centre for International Governance Innovation and Chatham House.

DEIBERT, J. (2019). The road to digital unfreedom: three painful truths about social media. Journal of Democracy, 30(1), 25-39.

DEIBERT, J., PALFREY, J., ROHOZINSKI, R., & ZITTRAIN, J. (Eds.). (2010). Ac- cess controlled. The shaping of power, rights, and rule in cyberspace. Cam- bridge: The MIT Press.

DEIBERT, J., PALFREY, J., ROHOZINSKI, R., & ZITTRAIN, J. (Eds.). (2008). Access de- nied: the practice and policy of global Internet ﬁltering. Cambridge: The MIT Press.

DOMINIONI, S. (2020a). Panopticon 2.0? Why and how authoritarian regimes use AI surveillance. In F. Rugge (Ed.), AI in the age of cyber disorder (pp. 65- 85). Milan: ISPI-Brookings.

DOMINIONI, S. (2020b). Does a North African Internet governance model exist? Evidence from Egypt and Morocco. In V. Talbot (Ed.), MED Report 2020 (pp. 102-105). Milan: ISPI.

DOMINIONI, S., & RUGGE F. (Eds.) (2020). Fragmenting the Internet: states’ policies in the digital arena. ISPI Dossier. Retrieved from https://www.ispionline.it/it /pubblicazione/fragmenting-internet-states-policies-digital-arena-25416

EIN-DOR, P., GOODMAN, S., & WOLCOTT, P. (2005). The global diffusion of the Internet project: The Hashemite Kingdom of Jordan. The MOSAIC Group. Retrieved from http://mosaic.unomaha.edu/Jordan_1999.pdf

ELTANTAWY, N., & WIEST, J. B. (2011). Social media in the Egyptian revolution: reconsidering resource mobilization theory. International Journal of Communica- tion, 5, 1207-24.

EUROPEAN COMMISSION (EC). (2018a). Code of practice on disinformation. Re- trieved from https://ec.europa.eu/digital-single-market/en/news/code-practice- disinformation

50 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

EUROPEAN COMMISSION (EC). (2018b). Operational guidance for the EU’s international cooperation on cyber capacity building. Retrieved from https://www.iss.europa.eu/content/operational-guidance-eu’s-international-cooperation-cyber-capacity-building

EUROPEAN COMMISSION (EC). (2020). The EU’s cybersecurity strategy in the digital decade. Retrieved from https://ec.europa.eu/commission/presscorner/de- tail/en/IP_20_2391

FLORIDI, L. (2012). Hyperhistory and the philosophy of information policies. Phil- osophy & Technology, 25, 129-31.

FREEDOM HOUSE. (2011). Freedom on the Net – Jordan. Retrieved from https://www.refworld.org/docid/4dad51b627.html

FREEDOM HOUSE. (2019a). Freedom on the Net – Egypt. Retrieved from https://freedomhouse.org/country/egypt/freedom-net/2019

FREEDOM HOUSE. (2019b). Freedom on the Net – Morocco. Retrieved from https://freedomhouse.org/country/morocco/freedom-net/2019

FREEDOM HOUSE. (2020a). Freedom on the Net – Egypt. Retrieved from https://freedomhouse.org/country/egypt/freedom-net/2020

FREEDOM HOUSE. (2020b). Freedom on the Net – Jordan. Retrieved from https://freedomhouse.org/country/jordan/freedom-net/2020

FREEDOM HOUSE. (2020c). Freedom on the Net – Morocco. Retrieved from https://freedomhouse.org/country/morocco/freedom-net/2020

HUMAN RIGHTS WATCH (HRW). (2020a). Jordan: free speech threats under Covid-19 response. Retrieved from https://www.hrw.org/news/2020/05/05/jordan-free-speech-threats-under-covid-19-response

HUMAN RIGHTS WATCH (HRW). (2020b). Jordan: arrests, forced dispersal at teacher protests. Retrieved from https://www.hrw.org/news/2020/08/27/ jordan-arrests-forced-dispersal-teacher-protests

INTERNATIONAL REPUBLICAN INSTITUTE (IRI). (2018). Public opinion survey: residents of Jordan. Center for Insights in Survey Research. Retrieved from https://www.iri.org/sites/default/ﬁles/2018.11.6_jordan_poll_presentation.pdf

INTERNET CENSORSHIP MAP. (2017). Retrieved from https://www.whoishost- ingthis.com/blog/2017/02/27/internet-censorship/#africa

KALATHIL, S., & BOAS, T. C. (2003). Open networks, closed regimes: the impact of the Internet on authoritarian rule. Washington D.C.: Carnegie Endow- ment for International Peace.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 51

KAVANAGH, J., & RICH, M. D. (2018). Truth decay: an initial exploration of the diminishing role of facts and analysis in American public life. Santa Monica: RAND Corporation.

KEREMOĞLU, E., & WEIDMANN, N. B. (2020). How dictators control the Inter- net: a review essay. Comparative Political Studies, 53(10-11), 1690-703.

KERR, J. (2018). Information, security, and authoritarian stability: Internet policy diffusion and coordination in the former Soviet region. International Journal of Communication, 12, 3814-34.

LANNON, E. (2019). EU cybersecurity capacity building in the Mediterranean and the Middle East. Strategic sectors security & politics. IEMed Mediterra- nean Yearbook. Retrieved from https://biblio.ugent.be/publication/8651360/ﬁle/8651361.pdf

LEVITSKY, S., & WAY, L. (2010). Competitive authoritarianism. Hybrid regimes after the Cold War. Cambridge: Cambridge University Press.

MEBTOUL, T. (2020, July 28). Moroccan court convicts woman who claimed COVID-19 is fake news. Morocco World News. Retrieved from https://www.moroccoworldnews.com/2020/07/312804/moroccan-court-convicts-woman-who-claimed-covid-19-is-fake-news/

MUELLER, M. (2017). Will the Internet fragment? Cambridge: Polity Press.

NEMITZ, P. (2018). Constitutional democracy and technology in the age of ar- tiﬁcial intelligence. Philosophical Transactions Royal Society A, 376(9).

NON-ALIGNED MOVEMENT (NAM). (2020). NAM working paper for the second substantive session of the UN OEWG. Retrieved from https://front.un- arm.org/wp-content/uploads/2020/04/nam-wp-to-the-oewg-ﬁnal.pdf

NYE, J. S. (2017). Deterrence and dissuasion in cyberspace. International Se- curity, 41(3), 44-71.

OPENNET INITIATIVE. (2009). Egypt. Retrieved from https://opennet.net/research/proﬁles/egypt

PLATTNER, F. M., & DIAMOND, L. (Eds). (2012). Liberation technology: social media and the struggle for democracy. Baltimore: John Hopkins University Press.

REPORTERS WITHOUT BORDERS. (2016). The new press code retains prison sentences for press offences. Retrieved from https://rsf.org/en/news/new- press-code-retains-prison-sentences-press-offences

RØD, E. G., & WEIDMANN, N. B. (2015). Empowering activists or autocrats? The Internet in authoritarian regimes. Journal of Peace Research, 5(3), 338-51. 52 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

SALEH, N. (2012). Egypt’s digital activism and the dictator’s dilemma: an evalu- ation. Telecommunications Policy, 36, 476-83.

SCHEDLER, A. (2013). The politics of uncertainty. sustaining and subverting electoral authoritarianism. Oxford: Oxford University Press.

STOLTON S., & GRÜLL, P. (2021). Lawmakers call for tougher EU disinformation laws in wake of US riots. Euractive. Retrieved from https://www.euractiv.com/section/digital/news/lawmakers-call-for-tougher-eu- disinformation-laws-in-wake-of-us-riots/

UNITED NATIONS OPEN-ENDED WORKING GROUP ON DEVELOPMENTS IN THE FIELD OF ICT IN THE CONTEXT OF INTERNATIONAL SECURITY (UN OEWG). (2020). Comments by Member States on the initial pre-draft of the OEWG report. Retrieved from https://reachingcriticalwill.org/disarmament- fora/ict/oewg/documents

UNITED NATIONS OPEN-ENDED WORKING GROUP ON DEVELOPMENTS IN THE FIELD OF ICT IN THE CONTEXT OF INTERNATIONAL SECURITY (UN OEWG). (2020). Informal multi-stakeholder cyber dialogue summary report (04-10 December 2020). Retrieved from https://eu-iss.s3.eu-central-1.amazonaws.com/horizon/assets/X5Hf8NIU/informal-ms-dialogue-series_summary- report_ﬁnal.pdf

WEIDMANN, N. B., & RØD, E. G. (2019). The Internet and political protest in autocracies. Oxford: Oxford University Press.

WHEELER, D. L. (2003). Egypt: building an information society for international development. Review of African Political Economy, 30(98), 627-42.

WORLD BANK. (2020). Individuals using the Internet (% of population) – Jor- dan. Retrieved from https://data.worldbank.org/indicator/IT.NET.USER.ZS?lo- cations=JO

XU, X. (2020). To repress or to co-opt? Authoritarian control in the age of digital surveillance. American Journal of Political Science, 65(2), 309-25.

YOM, S. L. (2009). Jordan: ten more years of autocracy. Journal of Democracy, 20(4), 151-66.

ZOLLO, F. (2019). Polarization in the online public debate. ISPI Commentary. Retrieved from https://www.ispionline.it/it/pubblicazione/polarization-online- public-debate-23150

Policy Study n. 22 Preventing Cyber Conﬂicts and Instability

Patryk Pawlak Brussels Executive Ofﬁcer, European Union Institute for Security Studies (EUISS)1

1 The views expressed in this chapter are those of the author and do not necessarily reflect the official position of the EUISS. Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda 55

Introduction tools in interstate and intrastate relations in the Middle East and North The European Union (EU)’s security Africa (MENA) context is a question partnership with the Southern Mediter- of “when” rather than “if”. In the ranean partners has developed along a MENA region, “geopolitics is at a criti- triple nexus: humanitarian aid, devel- cal inflection point where the cyber do- opment cooperation, and peace-build- main is becoming a principal frontline” ing. Despite a quarter-century old (Kausch, 2017). commitment to turning the Mediterra- nean basin into an area of dialogue, ex- Until now, however, the EU’s engage- change and cooperation, guaranteeing ment with the countries across the peace, stability and prosperity, the re- Mediterranean has remained relatively gion continues to be plagued by con- limited. Concerned about potential flicts that undermine political stability human rights abuses by military, law and sustainable development across the enforcement or intelligence agencies, region. The increasing reliance by gov- on the one hand, and still weak checks- ernments and non-state actors on cyber and-balances system across the region, tools adds to this already complex pic- on the other, the EU has been walking ture and further exposes political, eco- on eggshells when it comes to cyber nomic and societal causes of vulnerability capacity-building initiatives in the re- across the region. Consequently, joint ef- gion. Reputational political risks result- forts between the EU and its partners in ing from any potential power abuse as the Southern Mediterranean aimed at a result of the EU’s support are often preventing and resolving cyber-enabled judged too high. The requests for or cyber-facilitated conflicts and ad- closer cooperation on cybersecurity dressing the root causes of conflict offer from Egypt and Lebanon, for instance, a valuable avenue for inter-regional co- have fallen on deaf ears in light of the operation. Together with the commit- ambivalent role of the intelligence ment to respect for international law and agencies as security providers. rules-based order, these elements are key pillars of a framework for promoting The purpose of this chapter is to ana- responsible state behaviour in cyber- lyse the increasing importance of cy- space. berspace as an arena of geopolitical competition, the potential impact this The EU has expressed its commitment might have on the region’s stability, and to this framework on numerous occa- the role it plays in shaping this environ- sions and is uniquely placed to bring ment. The efforts across the region to together international and regional develop adequate legislative frame- partners as well as relevant stake- works or institutions to strengthen the holders to promote it across the re- overall level of cyber resilience go hand gion. This objective seems particularly in hand with the deployment of offen- important given the fragile security sive cyber operations and tools in the situation in the region and the fact ongoing political or military conflicts. that many countries therein rely on Public reports have previously impli- cyber tools to build up their security cated Israel, Iran and Turkey, for in- posture. This also implies that the stance, in the use of cyber operations in use of offensive and defensive cyber support of their political objectives. In 56 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

addition, the military involvement of strument of oppression targeting the United States of America (USA) their own population. The increased and the expanding presence of actors state activism in cyberspace has in- like China and Russia in the region fluenced the way in which many states complicate the situation further. If any- defined emerging threats in cyber- thing, cyber-related developments space (as also discussed in the previous in the region illustrate that cyber- chapters of this study). For instance, space is just one additional domain Iran defined them as a threat or use of for pursuing political and economic force in terms of the information and objectives, in particular in the con- communication technologies (ICT) en- text of pre-existing intra- or inter- vironment, interference and ICT abuse, state conflicts. This chapter is based unilateral coercive and other measures on the analysis of primary sources such in the ICT environment, threats arising as the United Nations (UN) voting pat- from “content”, hostile image-building terns of 18 countries in the region and and fabricated attribution in the ICT the speeches and positions presented environment, imbalance between the during the meetings of the Open- role and responsibility of states and Ended Working Group in the Field of those of the private sector, abuse of ICT in the Context of International Se- emerging technologies, and abuse of curity (UN OEWG) in 2020 and 2021. the ICT supply chain. Policy recommendations presented at the end are aimed at supporting the According to the Cyber Conflict Portal design and implementation of the EU’s (EU Cyber Direct, 2020), most military engagement with the region, including cyber operations across the region the regional organisations. have a dyadic relationship and build on pre-existing political tensions be- Cyber tensions tween states, including from outside of the region (e.g., between Iran and in the MENA region the USA and its allies). However, over time, the picture became more complex The history of the MENA region is one with the emergence of new players – of instability, with cyberspace being both state and non-state – with different yet another theatre for pre-existing capabilities and motivations. In 2017, conflicts – both domestic and regional. media reports suggested the involve- Since the first publicly debated offen- ment of the United Arab Emirates (UAE) sive cyber operation with the use of in the attacks against the Qatar News Stuxnet malware (which continues to Agency, branded by the government as raise questions until this day), the re- a violation of international law (De- gion has become a laboratory for dif- Young, 2017). The attack was inscribed ferent uses of cyber tools by into a broader conflict between the governments and non-state actors. Emirates, along with Saudi Arabia, Over time, the MENA region has Bahrain and Egypt, who accused Doha evolved to become one of the most of supporting terrorist groups and ally- cyber-militarised parts of the world ing with regional foe Iran. Additional re- whereby “cyber weapons” are used ports released in February 2021 suggest by states to resolve their ongoing that Saudi Arabia and the UAE have re- political, economic or military ten- portedly used spyware created by an Is- sions or by governments as an in- raeli company to hack into phones and

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 57

devices of journalists working for Al Ja- vated non-state actors. The Gaza zeera (Middle East Monitor, 2021). In Cyber Gang, for instance, is a politi- one of the latest episodes, the UAE be- cally-motivated Arab group operating came a target of cyberattacks after it de- in the MENA region targeting mainly cided to normalise relations with Israel Egypt, the UAE and Yemen. Bahamut and break with decades-long Arab soli- is another group running cyberespio- darity on that issue. nage campaigns against various political, economic and social sectors in the One of the most complex challenges is Middle East. In 2000, the Bahamut One of the most that of the existing links and mecha- group was suspected of being behind complex nisms of control between the official attacks against Saudi diplomats, Sikh challenges is government agencies and non-state ac- separatists, and others in the MENA re- that of the tors acting as proxies (Mauer, 2018). gion. In other words, when it comes to existing links State responsibility for the actions of the use of cyber tools by states against and these actors is often difficult to establish, each other, the MENA region has seen mechanisms of control between which complicates the task of making higher intensity of malicious activities the official the perpetrators accountable for ma- within the region than any other part of government licious cyber activities. Iran is among the the world. But, as some authors ob- agencies and countries suspected of conducting serve, this mostly inner-Gulf confronta- non-state actors cyber operations in the region and tion could develop into a larger block acting as proxies beyond. In October 2020, the Iranian confrontation as many regional powers Advanced Persistent Threat (APT) actor expand their relations with China, APT35 was identified as responsible for Japan, India and Russia to hedge attacks on over 100 high-profile poten- against uncertainty surrounding con- tial attendees of the Munich Security tinued engagement by the USA and Conference and the Think 20 Summit in Europe (Kausch, 2017). Saudi Arabia. In 2018, another report by the Electronic Frontier Foundation (EFF, In addition, the intrastate conflicts have 2018) and mobile security company been exacerbated by the wide use of Lookout uncovered a new APT actor cyber surveillance and armies of called Dark Caracal, which was respon- bots by repressive governments sible for a cyberespionage campaign against their own societies, human against targets in more than 20 coun- rights defenders or political oppo- tries. The authors trace back the threat nents. The past decade has seen a to a building belonging to the Lebanese general trend of states increasing con- General Security Directorate in Beirut trol over their populations in cyber- (Electronic Frontier Foundation, 2018). space2 in response to a growing role of In that respect, the role of cyber proxies social media platforms (of which the across the region poses a significant Arab Spring is the most vivid example) challenge to stability and undermines and the use of the Internet by terrorist de-escalatory and conflict prevention ef- organisations. While the two are not forts undertaken by various actors (Kav- related, governments across the region anagh & Cornish, 2020). have approached both as a national security threat that needs to be The region is also fertile ground for op- countered through a decisive response erations mounted by politically-moti- that came in many forms. The control

2 See also chapters by Dominioni and Laban. 58 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

over online activities is one of them. has served as justification for the EU’s Blurring the lines between freedom of economic and political commitment to political or religious expression and na- the region. But the understanding of tional security, some countries en- this causal link when it comes to gov- gaged in cyber espionage against ernance of cyberspace is not always journalists, human rights defenders or present in the EU policies towards the activists. In Morocco, the Hirak protest region or shared between the EU and leaders in Morocco were victims of so- its partners. In that respect, the appar- cial engineering campaigns aimed at ent development-security paradox re- gaining access to their mobile phones flects broader political issues and (Sayadi, 2019). Such measures are insecurities felt by the governments often taken on the basis of recently across the region. adopted cybercrime laws that give broad powers to national security First, the growth of the digital sector agencies without simultaneously and closing the digital gap are gen- strengthening the rule of law mecha- erally believed to stimulate innovation, nisms and independent judiciary. The promote growth and strengthen free- 2018 cybercrime law adopted in Egypt, doms. In principle, governments recog- for instance, compels Internet service nise the benefits of ICT for the social providers to store user data for its hy- and economic development of their pothetical request by security agencies countries. In an effort to stimulate that (Švedkauskas, 2019). The region is an growth, they often stress that “access important client for Russian and Chi- to new information and communica- nese technologies for communications tions science, technologies and tech- interception and surveillance or active niques should be available to all private companies such as NSO or countries” and object to any unilateral Black Cube with licences granted by measures that restrict such access.4 some of the EU member states under This concern is not only characteristic the dual-use export regime (Goslinga of countries like Iran, whose access to & Tokmetzis, 2017). The “rise of digital such technologies is already severely li- authoritarianism” across the region is mited due to the USA-imposed sanc- well-documented by Freedom House.3 tions, but also others that are on the receiving end of potential export con- Development-security trols or sanctions. paradox Second, like Iran, governments across the region also stress that “the devel- One of the main drivers of the EU’s in- opment-related dimension and the se- volvement in the Mediterranean is the curity-related concerns of ICT shall be assumption that there cannot be secu- addressed in a balanced manner” rity without development, or devel- (UNODA, 2019). Such a cautious ap- opment without security. This mantra proach is primarily linked to the per-

3 See the Freedom on the Net reports published regularly at: https://freedomhouse.org/ report/freedom-net 4 Unless indicated otherwise, this paper is primarily based on the positions expressed by the mentioned countries in the debates of the UN OEWG, available here: https://www.un.org/ disarmament/open-ended-working-group/

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 59

ceived need to exercise a certain de- would prohibit the use of ICT against gree of digital sovereignty that allows CI facilities providing services to the governments to make independent public or measures to address the decisions about policies that reflect threats of stockpiling vulnerabilities values and cultures of individual so- which could be used for attacks against cieties – even though they may not en- such infrastructure.5 This, however, is tirely correspond to those of others. not necessarily the position put for- For some countries, referencing devel- ward by Israel, which in its most recent opment has simultaneously become a comments on the draft zero of the UN way of calling for more security. In one OEWG report requested to delete ref- of its submissions to the UN OEWG, erences to medical facilities, energy, Iran recalled that it is “the sovereign water, transportation and sanitation. right of all UN member states to invoke Given that Israel has been accused of their rights and responsibilities to in- conducting the first offensive cyber op- crease incredible benefits and advan- eration, Stuxnet, against Iran’s nuclear tages of ICT and mitigate destabilising facilities (Zetter, 2014) and attacks impacts emanating from their ma- against Syria’s Air Defence Systems in licious use” (UNODA, 2019). However, 2007 (Weinberger, 2007) – both of the persisting disagreements on what which could be argued to be CI – such may constitute a malicious use or de- a request might be interpreted as an stabilising impact – especially in coun- attempt to avoid potential responsibi- tries with questionable human rights lity. At the same time, a request to standards – results in tensions over a make a less explicit causal link between governmental abuse of ICT tools. disruption, damage or destruction of CI and critical information infrastruc- The discussion Third, the discussion about the emerg- ture as a threat to economic devel- about the ing threats has provided an insight into opment and livelihoods, and ultimately emerging what states consider to constitute ac- the safety and wellbeing of individuals, threats has ceptable behaviour in cyberspace and indicates that in Israel’s view in some provided an their different approaches to the link- cases such infrastructure represents a insight into what ages between security and devel- legitimate security target. states consider to constitute opment. Egypt, for instance, considered acceptable a failure to use ICT peacefully as a seri- In that respect, the security-devel- behaviour in ous threat to security and stability as opment nexus is often instrumenta- cyberspace well as economic development and lised by the governments in the region prosperity of the nations. This view is to pursue two objectives. The calls to particularly pronounced in the debate limit the proliferation of offensive cyber about critical infrastructure (CI) protec- tools and prevent over-militarisation of tion, such as water, energy or transpor- cyberspace are in reality meant to con- tation networks, which should be strain technologically advanced coun- interpreted as a basic developmental tries rather than promote a issue given the reliance of the civilian development-oriented cyber agenda. population. Consequently, Egypt calls At the same time, the arguments for a for legally binding obligations that balanced approach in reconciling se-

5 This is a clear reference to the vulnerability of stockpiling that has led to WannaCry and NotPetya attacks, which had signiﬁcant economic consequences around the globe, leading, for instance, to the adoption of cyber sanctions by the EU. 60 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

curity and development objectives strengthening bilateral cybersecurity serve to justify governments’ control cooperation in the region, including over cyberspace (including through with the EU member states like Cyprus surveillance and content control or Greece. In April 2021, Israel ap- measures) or to object to any potential peared to admit its involvement in a external interference in pursuit of “il- cyberattack on Iran’s nuclear facility in legitimate geopolitical goals.” Natanz – one of the main components of Iran’s nuclear programme. But Israel Conflict prevention and itself is also a frequent target of malicious cyber activities. In May 2021, responsible state several Israeli companies claimed to be behaviour in cyberspace victims of cyberattacks that were linked to Iran. Turkey, on the other hand, has The framework of responsible state be- relied more on hacktivist groups or haviour in cyberspace is composed of cyber patriots who used malicious four main pillars as developed in the cyber activities to express their discon- UN Group of Governmental Experts on tent with any views critical of Ankara’s Advancing Responsible State Behav- policies. In December 2020, the Euro- iour in Cyberspace in the Context of In- pean Court of Human Rights was hit by ternational Security (UN GGE) reports: a large-scale cyberattack after it pub- application of international law in cy- lished a ruling critical of Turkey. A berspace; norms, rules and principles; hacker group, Phoenix Warriors Team confidence-building measures (CBMs), (Anka Neferler Timi) has claimed re- and capacity-building. Against a de- sponsibility for this and earlier attacks teriorating cybersecurity environment against targets in Greece. and potential for conflict and escalation in the region, as described earlier, The following sections of this chapter it is surprising that only a handful of the focus on the positions expressed by MENA countries have been actively governments in the official UN-led pro- contributing to defining these policies cesses. and shaping the international debate. Among rather muted voices from the Regional powers: region, Egypt’s and Iran’s are clearly a silent majority the loudest. What is not clear, however, is to what extent their views reflect a Despite their membership of the UN broader consensus across the region or GGE and the role they might poten- maybe are meant to contribute to tially play in shaping the cyber stability shaping such a consensus. In other debate across the MENA and the Gulf, words, are Iran and Egypt speaking for countries like Jordan, Algeria, Mo- or to the region? rocco, Oman, Lebanon, Israel and Turkey have been rather absent. This At the same time, while countries like is particularly disappointing in the case Turkey or Israel, whose capabilities of Jordan and Morocco, which as have been recognised as significant, members of the UN GGE that pre- have not participated extensively in the sented its final report in June 2021 ongoing diplomatic processes, their (UN, 2021), and other countries that actions speak louder than words. Israel, could potentially play an important role for instance, has been engaged in in bringing different parties together.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 61

Oman, for instance, played an instru- for the purposes and principles of the mental role in the evolution of the Iran UN Charter in the use of such tech- nuclear deal and in providing support nologies; namely, the principles of sov- during the Yemeni crisis (Winder, ereign equality, non-interference in 2020). Oman’s relatively low profile and internal affairs, refraining from the use foreign policy built around neutrality of force in international relations, re- has allowed it to exercise considerable spect for human rights, and peaceful influence behind the scenes and act as coexistence among states. a broker between competing regional powers such as Iran, Israel and Saudi The role of Israel, Lebanon and Turkey Arabia (Bodetti, 2020). But it does re- is more nuanced given their involve- main silent on critical issues in the ment in conducting cyber operations cyber stability debate. The following and de facto setting the rules of the sections provide a limited account of game on the ground. For instance, the views and positions expressed by while Israel may have been a rather those countries regarding their prio- muted participant in the UN OEWG, its rities. actions usually speak quite loudly. Is- rael is commonly acknowledged to set In one of the rare interventions at the standards for what does and does not UN OEWG, Jordan has called for fo- constitute acceptable behaviour in cy- cusing the discussion on two issues in berspace. “Lethal Arrow”, a large-scale particular: development of norms to military exercise conducted by the Is- counter threats and challenges for the rael Defense Forces in October 2020, international community and clearly included a cyber component involving denoting those norms that facilitate in- the targeting of infrastructure and per- ternational cooperation as well as sonnel of Hezbollah (Gross, 2020). Is- identification of mutual threats and raeli company Circles, affiliated with challenges. It further stressed the key the Israeli software broker NSO Group, role of UN agencies and regional or- was also singled out in a report by the ganisations in building digital inclusion Citizens Lab exposing suppliers of sur- and strengthening cyber resilience in veillance technologies around the all sectors: food, water, health, educa- globe (Marczak et al., 2020). Sub- tion, and economic development. missions by Turkey have focused on two dimensions in particular: CBMs Algeria stressed that benefits from and capacity-building. Regarding the ICT cannot be taken for granted and former, the Turkish position stressed also highlighted threats emanating the importance of establishing com- from the use of digital technologies: munication channels among countries manipulation of information with ma- for emergency situations with a view to licious intent; cyberattacks on CI, such countering cyber threats and sharing as hospitals and electrical grids; and information and resources through militarisation and weaponisation of those channels. Such mechanisms cyberspace through the development across the region are currently lacking. of cyber offensive capabilities and the risks of turning cyberspace into a the- Despite these limited interventions, atre of military operations. In that re- there are a number of commonalities in spect, Algeria underscored the the positions adopted across the re- importance of ensuring the full respect gion, albeit not always aligned with 62 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

the EU (see table 1 below). With re- within the UN GGE and UN OEWG. gard to responsible state behaviour in Regarding the fight against cyber- cyberspace, most countries in the re- crime, the region has departed from gion have preferred not to choose the position adopted by the EU and between the positions presented by voted in support of the Russia-spon- the USA and likeminded countries or sored resolution calling for the estab- Russia, China and their supporters. lishment of a new Ad Hoc Committee The MENA countries have supported on Cybercrime with an international both resolutions contributing to a binding instrument as a possible out- duopoly of initiatives at the UN level come.

Table 1. Voting patterns in the UN General Assembly on key cyber-related resolutions

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 63

Source: Author’s compilation based on data from the UNGA (2019 a-c & 2020 a-b). Note: Light blue stands for the same vote by the EU and a third country, dark blue stands for the opposite vote and white stands for no conﬂict in the expressed positions.

One of the items where there seems to – in the region and a rather broad scope be an overarching agreement across the of definitions adopted at the national region is the support for new inter- level make cooperation on this topic national treaties. According to Algeria, rather difficult. This also translated into a new treaty that takes into account “the views on cybersecurity capacity-building concerns and interests of all states” which, as expressed among others by would contribute to constraining actions Turkey, “should be realised without con- that may lead to destabilisation and be ditionality” (UNODA, 2021b). “fully dedicated to international cooperation on safeguarding peaceful uses of Egypt and Iran: ICT.”6 The Syrian delegation to the UN systemic challengers OEWG was more outspoken on the topic, claiming that “some states believe There is no doubt that both Iran and that absence of such an instrument Egypt have a clear interest in making allows other states to behave irrespon- their voices heard. And even though sibly and develop cyber capacities that their ultimate goal of diminishing the can be used against other states.” Simi- Western influence over the governance larly, there seems to be a convergence of cyberspace and its resources (e.g., in of views across the region when it terms of infrastructure, regulation and comes to fighting cybercrime with many “monopoly of power”) seems to over- countries flagging combating “cyber lap, they each pursue this objective with terrorism” and the “terrorist use of ICT” a different approach. While Egypt has as a serious threat. However, the lack of opted to pursue the path of moderate a universally accepted definition of ter- contestation by acknowledging the rorism – or of cybercrime for that matter progress achieved to date and stress-

6 Quotations from an intervention by Algeria at the UN OEWG during the informal inter-sessional meeting in September 2019. Available at: https://media.un.org/en/asset/k1x/k1xubugkf4 64 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

ing the need for further work, Iran 92 domains used in Iranian global dis- has contested the past congress and information and the United States Cy- adopted a more revisionist ap- bersecurity and Infrastructure Security proach. According to Iran, for in- Agency (CISA) and the Federal stance, the 2015 UN GGE report Bureau of Investigation (FBI) issued an endorsed by the UN General Assem- alert warning against Iranian state- bly cannot be read as a consensus sponsored cyber operations against document given that it was drafted several state and election-related and agreed upon by a small number websites. In September, Twitter had of countries. Nevertheless, a signifi- already announced the removal of cant degree of convergence in their 130 Iranian Twitter accounts amplify- positions (see table 2) needs to be ac- ing conversations on politically sensi- knowledged and addressed, es- tive topics, including Black Lives pecially given the impact they have in Matter, the murder of George Floyd, shaping the positions of the country- and other issues of racial and social members of the Non-Aligned Move- justice in the USA. Ultimately, the ment. United States Department of Treasury sanctioned five Iranian entities: Is- Iran’s approach is not too surprising lamic Revolutionary Guard Corps given that it is often singled out as a (IRGC), IRGC-Qods Force (IRGC-QF), “rogue state” in cyberspace due to its Bayan Rasaneh Gostar Institute extensive malicious cyber operations. (Bayan Gostar) as well as the Iranian Iran’s alleged interference in the Islamic Radio and Television Union United States presidential elections in (IRTVU) and the International Union of 2020 is just one example. The United Virtual Media (IUVM) owned or con- States Department of Justice seized trolled by the IRGC-QF. Table 2. Comparison of positions addressed in the UN OEWG submissions

Issue/Positions Iran Egypt Binding international instrument Yes Yes Instrumentalisation of international law Yes No New norms Yes Yes De-militarisation of cyberspace Yes Yes Limits on stockpiling vulnerabilities Yes Yes Common but differentiated responsibilities (CBDR) Yes Yes De-monopolisation of resources Yes No Support for UN OEWG Yes Yes Support for the Programme of Action No Yes Utility of CBMs No Yes Degree of contestation High Moderate

Source: Author’s compilation based on positions expressed during the UN OEWG (2019-2021).

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 65

In response, Iran pursues a coherent offensive cyber strategies and capabil- approach built on two pillars: (1) under- ities” (UNODA, 2020b). mining the West’s claim of higher moral ground when it comes to cyber- Regarding specific norms and prin- space by exposing its cyber operations ciples of international law, Iran’s argu- and stressing progressing militarisation ments – and to some extent those of cyberspace to which it contributes, presented by Egypt and other coun- and (2) proposing alternative interpre- tries in the region, as discussed earlier tations of the existing principles of in- – have aimed at curbing potential ternational law and norms of cyber operations by the West against responsible behaviour in cyberspace. targets in the region. This approach The ultimate objective of both is to stems directly from the way in which weaken the Western narrative about the region perceives major threats in Iran’s offensive and irresponsible ac- cyberspace. On the top of the list are tions in cyberspace and consequently the cyberattacks against the critical ci- challenge the credibility of the sanc- vilian infrastructure and associated in- tions system – “coercive unilateral formation systems. Recognising the measures” – that was put in place and fact that the lines between civilian and which over the past years has signifi- military information infrastructure are cantly limited Iran’s access to new tech- often blurred, any cyberattack might nologies. This narrative is skilfully sold ultimately have negative consequences under the guise of the need for more for the civilian population. Therefore, cyber capacity-building in order to sup- the “stockpiling vulnerabilities”, securi- port developmental progress and ty of supply chain and risks associated growth. with malicious uses of “mass computing technologies” or “autonomous One of the mechanisms to achieve this cyberattacks” provided a context for has been Iran’s active role in shaping making concrete claims about inter- the conversation about the application national law. of existing international law to cyber- Iran has been space by stressing that “the applicabil- Iran has been particularly outspoken particularly ity of existing international law in regarding all forms of interference outspoken cyber-related areas is still an unclear through cyber-related ways and means regarding all domain” and the need for a new “legal directly or indirectly and for any reason forms of multilateral and inclusive framework for in the internal or external affairs of interference the peaceful ICT environment.” Iran other states. In its submissions it through cyber- makes an interesting argument that the stressed the need to strengthen the related ways and means envisaged international law as “com- role of states as bearing the primary re- directly or mon heritage of mankind” would en- sponsibility for maintaining “a secure, indirectly and compass non-appropriation and safe and trustable ICT environment,” in for any reason in shared governance, its integrity and particular by strengthening state sov- the internal or states’ intrinsic right to access and ereignty “without affecting the rights external affairs commitment to transfer of technology. of the states in making their choice of of other states Furthermore, the new cyber specific development, governance and legis- body of law should not be open to lation models […]” (UNODA, 2020a). “manipulation and biased interpre- This is linked directly to a concern ex- tation by those who have dominance in pressed regularly by Iran about unilat- ICT environment, especially states with eral coercive measures. Accordingly, 66 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

Iran has tabled a new norm whereby with international law, in order to sus- “states should take steps in a way to tain an open, secure, stable, and balance their security and devel- peaceful ICT environment in the long opment of nations” including states’ term. Consequently, Egypt insisted right to the “supply chain including that the UN OEWG should focus on ICT-related research and development “transforming and upgrading” the as well as manufacturing, utilising and existing voluntary recommendations transferring ICT products and services” that have already been endorsed into (UNODA, 2019). Furthermore, Iran has more operational and binding commit- also emphasised the need for states to ments that specifically address the meet their obligations regarding inter- most relevant conflict scenarios in the nationally wrongful acts, although it ICT environment, pending the con- added that such acts should be attribu- clusion of appropriate multilateral table beyond a reasonable doubt and legally binding obligations. According that an indication that an ICT activity to Egypt, the most appropriate way was launched or otherwise originated forward would be a conclusion of a from the territory or objects of the ICT Political Declaration that reflects the infrastructure of state may be insuffi- commitment of the member states to cient in itself to attribute this activity to adhere to the 11 recommendations in that state. Iran described “hostile the 2015 UN GGE report and to step image-building and fabricated attribu- up their implementation, in particular tion” as one of the emerging threats in regarding refraining from: (1) know- cyberspace (UNODA, 2020a). Finally, ingly or intentionally damaging or Iran has also expressed concerns when otherwise impairing the use and oper- it comes to focusing on elements such ation of critical civilian infrastructure as the “right to self-defence” under ar- under any circumstances; (2) limiting ticle 51 of the UN Charter and the ap- the access of other states to the Inter- plicability of the rules of engagement net; (3) stockpiling ICT-related vulner- in military conflicts in the ICT context. abilities; and (4) harming the In its view, such discussions may inten- information systems of the authorised tionally or unintentionally legitimise or emergency response teams of other encourage turning the ICT environ- states. In terms of positive obligations, ment into an arena of conflict. An Egypt’s position focused in particular exaggerated focus on these specific on states’ obligations to address po- aspects and their associated legal con- tential vulnerabilities in the national in- troversies and attribution challenges frastructure and information systems might divert attention from addressing resulting from the use of harmful the right questions on how to cooper- hidden functions and compromising ate to prevent such conflicts from oc- the integrity of the ICT products’ curring in the first place. supply chain. It also called for states to take coordinated measures towards Egypt, on the other hand, has assumed the voluntary exchange of relevant in- a more active role regarding norms formation including on best practices and principles of responsible state and possible threats and vulnerabil- behaviour. The main argument pre- ities. Iran’s contribution to the dis- sented by Egypt is that there is a need cussion about norms was more to step up international efforts to de- upsetting for the commonly accepted velop rules on ICT security consistent status quo as expressed in the UN

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 67

GGE reports. According to Iran, al- the context of a multilateral inclusive though states have a prerogative to im- specialised forum” (UNODA, 2020c). plement, if they wish, the envisaged Iran, on the other hand, has presented norms, it is “premature” for the UN to the opposite view arguing that the ori- speak about norm implementation and gins of CBMs are linked to weaponry guidelines. Instead, the UN OEWG and military history and as such should should, in their view, “accelerate its not be applied in cyberspace. Instead, work to finalise a balanced and com- Iran argues that CBMs in cyberspace prehensive list of norms while working should be tailored to the unique fea- on a set of agreed terminologies” tures of cyberspace and address what (UNODA, 2020a). But, ultimately, Iran it sees as the main sources of mistrust and Egypt converge in their view that in the ICT environment: the monopoly without a legally binding instrument in Internet governance, anonymity, of- regulating behaviour of state and non- fensive cyber strategies, hostile image- state actors in cyberspace, implemen- building and xenophobia, and lack of tation of voluntary norms will not be a responsibility of private companies and silver bullet for the states’ actions in cy- platforms (UNODA, 2020a). The refer- berspace. ence to fairer Internet governance is not surprising given Iran’s dependence Another aspect particularly relevant for on Internet infrastructure that is pri- the MENA region is the development marily managed by Western private and implementation of the CBMs. As companies. described earlier, the levels of mistrust between countries are relatively high Finally, regarding cyber capacity- and therefore measures aimed at re- building, the positions of Egypt and ducing risks of escalation of conflict Iran point to two distinct aspects that should be considered a priority. This, so far have been largely neglected but however, is not the case. In an effort to do shape views in this policy area. remedy the situation, Egypt has called Egypt in its interventions has stressed in the UN OEWG for states to reach an the importance of the principle of agreed common definition of what common but differentiated respon- constitutes “CI”, with a view to agree- sibilities (CBDR) when it comes to cy- ing, as appropriate, on prohibiting any bersecurity. Although well-established act that knowingly or intentionally uti- in international environmental law and lises offensive ICT capabilities to dam- formalised in international law at the age or otherwise impair the use and 1992 UN Conference on Environment operation of CI. Such suggestions are and Development in Rio de Janeiro, indeed a very important development the CBDR principle has not been dis- given that attacks against energy or cussed in the context of cyberspace water infrastructure might be the most governance (Epstein, 2021). This pro- prone to escalation. In Egypt’s words, posal is not surprising, however, given “the voluntary sharing of information that the common thread through most on various aspects of national and of the interventions made by represen- transnational threats and vulnerabil- tatives of the developing countries ities, as well as best practices for ICT points to a clear difference in the level security, are powerful tools that should of technological advancement and the be utilised, as appropriate, in a more uses of cyberspace. In general, states systematic and harmonised manner in acknowledge that they have a shared 68 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

responsibility for the development of what it calls “unilateral digital sanc- States cyberspace and that not all states have tions” which affect investment in ICT acknowledge capabilities to deliver what is expected infrastructures as well as access to that they have a of them. The application of the CBDR digital technologies, digital resources shared principle to cybersecurity would de- (e.g., Internet Protocol addresses and responsibility for the part from the common understanding the Domain Name System and net- development of that all states should reach a similar works). As a consequence, Iran sees cyberspace and level of cyber maturity accepted glo- any such measures as having an over- that not all bally. Instead, it requires the inter- all negative impact on economic states have national community to accept that the growth and development of whole capabilities to applicability of standards that are populations. At the same time, it also deliver what is valid for the most advanced countries notes that capacity-building “shall not expected of “may be inappropriate and of unwar- disturb states’ national security and them ranted social cost for the developing interests, social ethics, and public countries.”7 As such, the CBRD prin- order.” ciple calls for accepting that each state has a different set of capabilities Conclusions and that they can contribute to this project. This also corresponds to the ar- recommendations gument presented by Egypt that “the provision of assistance and cooper- Advancing responsible state behav- ation should be demand-driven and iour in cyberspace is a cornerstone of made upon request by the recipient the EU’s cyber diplomacy and is state, taking into account its specific deeply rooted in the EU’s ambition to needs and particularities.” act as a security provider, especially in its neighbourhood. Through activities A similar position has also been pre- at the UN and in other regional or- sented by Iran. However, Iran’s focus ganisations, the EU has promoted ad- on de-monopolisation of Internet re- herence to the existing international sources through capacity-building law, norms and principles, and the also played to a different audience CBMs in cyberspace. However, en- that is very sensitive towards new gagement on these topics with the ideas such as “tech colonialism” (Ar- MENA region is to a large extent non- nold, 2005) or “digital colonialism” existent. This is surprising given that (Hicks, 2019). Iran argues that the the EU has committed significant re- benefits of ICT cannot be fully real- sources towards cyber-related capa- ised “unless technological, infrastruc- city-building, including in the tural and informational needs are Southern Neighbourhood. met, including through de-monopolisation and facilitation of access to With digital transition now at the and transfer of new ICT-related centre of the EU’s engagement with science and technologies.” As in the partner countries, it is important to case of CBMs, cyber capacity-build- strengthen convergence between ing should therefore serve to disarm the EU and countries in the MENA

7 See, for instance, the discourse presented during the UN Conference on the Environment in Stockholm in 1972: https://www.un.org/en/conferences/environment/stockholm1972

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 69

region regarding a double objective 2. The EU’s engagement with the re- of building more resilient states and gion should aim to strengthen a societies as well as reducing the multi-stakeholder approach across risks of conflicts resulting from the the region based on the fact that potential malicious use of ICT. This state resilience does not always requires an unequivocal recognition go hand-in-hand with societal re- that digital transition is not just a silience. Against the general trends technological process but also a of democratic backsliding and political one. Consequently, this human rights abuses, the EU needs chapter makes four concrete recom- to ensure that cyber capacity- mendations for the EU’s engagement building undertaken in the region with the region. is driven by a rights-based and human-centric approach. This is 1. The EU needs to aim for a more ro- particularly relevant in the context bust political dialogue with its of the fight against cybercrime partners in the region regarding whereas strengthening the capa- their positions on key cyber-re- cities of law enforcement and lated issues, in particular the ap- criminal justice bodies needs to be plication of the existing directly linked to building capa- international law in cyberspace cities and creating the right en- and norms of responsible state be- vironment for non-governmental haviour. A new Agenda for the actors to operate. Some of the Mediterranean presented in Feb- concrete ideas for operational co- ruary 2021 provides a good op- operation might include exchange portunity for embedding these programmes for cyber experts and issues in a broader context of training platforms, international strengthening resilience and digi- exercises in order to enhance na- tal transition. In an effort to pro- tional cyber incident preparedness mote its norms and principles for levels and response capacities, as free, open, stable and secure cy- well as exchanges of good prac- berspace, the EU should not shy tices to ensure the security of new away from openly expressing its technologies, including 5G Toool- expectations of partners in the re- box and the General Data Protec- gion. At the same time, the EU tion Regulation. Political dialogue should pursue a double strategy in could also serve to improve mutual the region based on deepening its understanding concerning the dialogue with Egypt and Iran in application of common but differ- order to better understand their entiated responsibility that coun- respective positions while at the tries in the region advocate as same time encouraging other also relevant in the context of cy- players – in particular Tunisia, Mo- berspace. rocco and Jordan – to play a more active role. This also requires re- 3. The EU and regional organisa- thinking the EU’s approach to cations – in particular the League of pacity-building initiatives in the Arab States and the Gulf Cooper- region, in particular through better ation Council (GCC) – should mapping of key stakeholders and strengthen their cooperation to their needs. develop and implement region- 70 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

specific CBMs. Such dialogue and capacity-building. Ultimately, could focus on exploring mecha- the objective of such cooperation nisms to implement a set of CBMs could be a demilitarised cyber-zone already proposed in the 2015 UN with states making a binding com- GGE report and developing a re- mitment to refrain from using cyber gional platform dedicated to ex- tools against each other. The Union change of information on for the Mediterranean (UfM) could vulnerabilities and best practices, also serve as a useful outlet for the fostering international cooperation development of such a project.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 71

References

ARNOLD, D. (2005). Europe, technology, and colonialism in the 20th century. History and Technology, 21(1), 85-106.

BODETTI, A. (2020, January 7). Oman strives for neutrality in the Middle East. Yale Global Online. Retrieved from https://archive-yaleglobal.yale.edu/content/ oman-strives-neutrality-middle-east

DEYOUNG, K. (2017, July 21). Qatar’s investigation of cyberattack stops just short of naming suspects. Washington Post. Retrieved from https://www.wash- ingtonpost.com/world/national-security/qatars-investigation-of-cyberattack- stops-just-short-of-naming-suspects/2017/07/20/de721b26-6d8a-11e7-96ab-5f 38140b38cc_story.html

ELECTRONIC FRONTIER FOUNDATION (EFF). (2018). EFF and Lookout uncover new malware espionage campaign infecting thousands around the world. Retrieved from https://www.eff.org/nl/press/releases/eff-and-lookout- uncover-new-malware-espionage-campaign-infecting-thousands-around

EPSTEIN, C. (2021). Common but differentiated responsibilities. Encyclopedia Britannica. Retrieved from https://www.britannica.com/topic/common-but-differentiated-responsibilities

EU CYBER DIRECT. (2020). Cyber conﬂict portal. Retrieved from https://eucyberdirect.eu/content_research/cyber-conﬂict-portal/

GOSLINGA, M., & TOKMETZIS, D. (2017, February 23). The surveillance industry still sells to repressive regimes. Here’s what Europe can do about it. The Correspondent. Retrieved from https://thecorrespondent.com/6249/the-surveillance-industry-still-sells-to-repressive-regimes-heres-what-europe-can-do- about-it/679999251459-591290a5

GROSS, J. A. (2020, October 29). With massive exercise in north, IDF prepares for war on multiple fronts. Times of Israel. Retrieved from https://www.time- soﬁsrael.com/with-massive-exercise-in-north-idf-prepares-for-war-on-multiple- fronts/

HICKS, J. (2019, September 26). “Digital colonialism”: why some countries want to take control of their people’s data from Big Tech. The Conversation. Retrieved from https://theconversation.com/digital-colonialism-why-some- countries-want-to-take-control-of-their-peoples-data-from-big-tech-123048

KAUSCH, K. (2017). Cheap havoc: how cyber-geopolitics will destabilize the Middle East (GMF Policy Brief, 35). German Marshall Fund of the United States. 72 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

KAVANAGH, C., & CORNISH, P. (2020). Cyber operations and inter-state competition and conﬂict: the persisting value of preventive diplomacy. EU Cyber Direct. Retrieved from https://eucyberdirect.eu/content_research/cyber-operations-and-inter-state-competition-and-conﬂict-the-persisting-value-of-preventive-diplomacy/

MARCZAK, B., SCOTT-RAILTON, J., RAO, S. P., ANSTIS, S., & DEIBERT, R. (2020). Running in circles uncovering the clients of cyberespionage ﬁrm circles. The Citizen Lab. Retrieved from https://citizenlab.ca/2020/12/running-in- circles-uncovering-the-clients-of-cyberespionage-ﬁrm-circles/

MAUER, T. (2018). Cyber mercenaries: the state, hackers, and power. Cam- bridge: Cambridge University Press.

MIDDLE EAST MONITOR. (2021). New York Times: UAE hired NSA hackers to spy on Qatar. Retrieved from https://www.middleeastmonitor.com/20210207- new-york-times-uae-hired-nsa-hackers-to-spy-on-qatar/

SAYADI, E. (2019, April 8). Morocco’s Hirak movement has gone quiet, but the crackdown on independent media continues. Access Now. Retrieved from https://www.accessnow.org/moroccos-hirak-movement-has-gone-quiet-but- the-crackdown-on-independent-media-continues/

UNITED NATIONS (UN). (2021). Report of the UN OEWG (Final report - advanced copy).

UNITED NATIONS GENERAL ASSEMBLY (UNGA). (2019a). Countering the use of information and communications technologies for criminal purposes. State- ment of ﬁnancial implications (A/74/610), A/RES/74/247. Retrieved from https://www.un.org/en/ga/74/resolutions.shtml

UNITED NATIONS GENERAL ASSEMBLY (UNGA). (2019b). Advancing responsible state behavior in cyberspace in the context of international security, A/RES/74/28. Retrieved from https://www.un.org/en/ga/74/resolutions.shtml

UNITED NATIONS GENERAL ASSEMBLY (UNGA). (2019c). Developments in the ﬁeld of information and telecommunications in the context of international security, A/RES/74/29. Retrieved from https://www.un.org/en/ga/74/resolutions.shtml

UNITED NATIONS GENERAL ASSEMBLY (UNGA). (2020a). Developments in the ﬁeld of information and telecommunications in the context of international security. Statement of ﬁnancial implications (A/75/674), A/RES/75/240. Re- trieved from https://www.un.org/en/ga/75/resolutions.shtml

UNITED NATIONS GENERAL ASSEMBLY (UNGA). (2020b). Advancing responsible state behaviour in cyberspace in the context of international security, A/RES/75/32. Retrieved from https://www.un.org/en/ga/75/resolutions.shtml

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 73

UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS (UNODA). (2019). Submission by the Islamic Republic of Iran to the UN OEWG. Retrieved from https://unoda-web.s3.amazonaws.com/wp-content/uploads/2019/09/iran-submission-oewg-sep-2019.pdf

UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS (UNODA). (2020a). Second submission by the Islamic Republic of Iran to the UN OEWG, February 2020.

UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS (UNODA). (2020b) Intervention by delegation of the Islamic Republic of Iran on International Law, 1 October 2020. Retrieved from https://front.un-arm.org/wp-content/uploads/2020/10/iran-intervention-1-october-2020.pdf

UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS (UNODA).(2020c). Working Paper submitted by the Delegation of Egypt to the UN OEWG. Re- trieved from https://unoda-web.s3.amazonaws.com/wp-content/uploads/ 2020/01/Egypt-Working-Paper-OEWG-ICTs1.pdf

UNITED NATIONS OFFICE FOR DISARAMAMENT AFFAIRS (UNODA). (2021a). UN OEWG Final Substantive Report. A/AC.290/2021/CRP.2.

UNITED NATIONS OFFICE FOR DISARMAMENT AFFAIRS (UNODA). (2021b). Statement by Turkey at the informal meeting of the UN OEWG. Retrieved from : https://front.un-arm.org/wp-content/uploads/2021/02/Turkey-state- ment_OEWG-informal-meeting_February-2021.pdf

WEINBERGER, S. (2007, April 10). How Israel spoofed Syria’s air defense system. Wired. Retrieved from https://www.wired.com/2007/10/how-israel-spoo/

WINDER, B. (2020). Oman’s regional role in a time of challenge and change. Middle East Institute. Retrieved fromhttps://www.mei.edu/publications/omans- regional-role-time-challenge-and-change

ŠVEDKAUSKAS, Ž. (2019). Three steps in ensuring digital security of Egyptian activists abroad. EuroMeSCo. Retrieved from https://www.euromesco.net/publication/three-steps-in-ensuring-digital-security-of-egyptian-activists-abroad/

ZETTER, K. (2014, March 11). An unprecedented look at Stuxnet, the world’s ﬁrst digital weapon. Wired. Retrieved from https://www.wired.com/2014/11/ countdown-to-zero-day-stuxnet/

Annex: Digitalisation and Cyber Resilience

Adel Abdel-Sadek Expert, Security Studies Unit, Al-Ahram Center for Political and Strategic Studies (ACPSS) Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 75

Policy Study n. 22 76 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

Cyber resilience and procedures such as data backup, dis- Adopting a cyber resilience sustainable development aster recovery, crisis management, business continuity, and institutional re- strategy requires in the MENA region silience. Adopting a cyber resilience strategy requires identiﬁcation of the identiﬁcation of the assets of “Cyber resilience” means the ability to assets of critical infrastructure and areas critical sense and prepare preventively to face, most vulnerable to threats, as well as infrastructure resist and respond to cyber threats, the actors behind them, whether they and areas most whether those dangers are anticipated are state or non-state, including a com- vulnerable to or unexpected, and to enable the abil- prehensive vision based on sharing threats, as well ity to quickly recover from their effects data between the government and the as the actors in a timely manner. The proactive analy- private sector, embracing concern for behind them sis of weaknesses at all levels of the in- the role of the individual and society, ternal digital environment contributes excellence in the proactive dimension, to reducing the amount of physical and identifying and addressing the causes moral damage to institutions in various of disruption and innovation and con- sectors (WEF, 2020), which include the tinuous development to face the accel- energy sector, banking services, com- eration in the level and manner of munications infrastructure, healthcare, threats (Carías et al., 2020). security and defence, the stock market, and government services. Applications There are several reasons why resilience of “cyber resilience” require that all has become an attractive framework technical services undergo several for governments to focus their attention

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 77

on. Firstly, the acceleration of important functions. Fourthly, countries technological change reduces the are increasingly dependent on in- ability to predict risks and requires tegrated digital services, with the more agility. Secondly, there is adoption of the Internet of Things (IoT) increasing awareness of cybersecurity and applications of artiﬁcial intelligence. among decision-makers with the And, ﬁnally, the digital economy is steady increase in threats, on the one becoming more important in achieving hand, and its high cost, on the other. the Sustainable Development Goals Thirdly, the escalation of the role of (SDGs). digitalisation in the functioning and integration of global supply chains According to the National Cyber Se- and the existence of open-source curity Index 2020 (https://ncsi.ega.ee/ software or the cross-border nature of ncsi-index/), which measures the pre- technical components or programmes paredness of countries to prevent cyber raise problems regarding ownership threats and manage cyber incidents, the of systems, legal jurisdiction, and the situation across the region is very di- presence of third parties to provide verse.

The state and reality of cyber resilience in Egypt

Egypt ranked 23rd in the Global Cyber Security Index, 103rd in the ICT Development Index, and 84th out of 134 countries in the Network Readiness Index (NRI) in 2020. Egypt was also among the top 10 Improvers in Digital Inclusion in 2020. It achieved 81st position in the National Cyber Security Index 2020 (NCSI, 2020).

The Egyptian framework of cyber resilience

Firstly, Egypt adopts a strategic vision on becoming cyber resilient through its Constitution, which in article 31 mentions that “the security of cyberspace is an integral part of the economic system and national security. The State shall take the necessary measures to preserve it as regulated by Law” (Egypt Const. art. 31.). The strategic priorities for supporting national capabilities in cyber resilience require effective leadership at national and local levels, which is translated in some of Egypt’s strategies and policies for cybersecurity, such as the objectives of the National Cyber Security Strategy 2017-2021, Egypt’s Vision 2030, the information and communication technologies (ICT) Strategy 2030, Africa’s Agenda 2063, and SDGs. Egypt was investing in developing the infrastructure, not only through the $1.6 billion made in the ICT sector but also in the power and energy sector. Egypt’s ICT sector was achieving a growth rate of 15.2% and its contribution to gross domestic product was about 4.4% in 2020 (Daily News Egypt, 2020). 78 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

Secondly, Egypt launched a Computer Emergency Readiness Team (EG- CERT) in 2009, and established a Supreme Cyber Security Council in 2014 whose mission is to raise awareness and develop a strategy that counters cyberattacks through response, support, defence and analysis. In 2019, the Egyptian Government formed the National Council for Artiﬁcial Intelligence, and the Trend Micro company addressed 12.4 million e-mail cyber threats in Egypt in the ﬁrst half of 2020 (Alaa El-Din, 2020).

Thirdly, in April 2020 Egypt organised a number of training programmes for government employees nationwide using e-learning applications, and launched many initiatives like Basic Digital Skills Development, Social Media and Internet Safety, Youth Enablement for Freelancing and the Digital Egypt Builders Initiative (DEBI).

Fourthly, Egypt commits to advancing research and innovation and modernising the educational curricula in schools and universities by launching new colleges specialising in artiﬁcial intelligence as well as adopting online exams, improving the quality of scientiﬁc research within research centres and encouraging creativity and innovation. Egypt launched initiatives for enhancing innovation like the Next Technology Leaders (NTL), InnovEgypt, TIEC Innovation Ambassador, and Entrepreneurship Support Trainings.

Fifthly, Egypt achieved remarkable success in implementing the initiatives for promoting the partnerships with all concerned parties regionally and internationally. It has also facilitated an enabling environment for building cyber resilience capabilities. Egypt organised the training and shared expertise between CERTs in the Arab world and Africa.

Finally, Egypt launched “Digital Egypt”, which includes working on developing the infrastructure, promoting digital and ﬁnancial inclusion, enhancing capacity-building and innovation, ﬁghting corruption, and digitalising government services. Egypt was selected as the Arab digital capital for the year 2021.

The state and reality of cyber resilience in Tunisia

Tunisia ranked 45th in the Global Cyber Security Index, 99th in the ICT Development Index, 91st in the NRI, and 96th in the National Cyber Security Index in 2020 (NCSI, 2020).

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 79

The Tunisian framework of cyber resilience

Firstly, in 2019 Tunisia launched its National Cyber Security Strategy, which has the following objectives: (1) leadership and management of the national cyberspace and promoting joint action among all parties; (2) preventing cyber threats by strengthening national capabilities, awareness and protecting infrastructure; (3) supporting digital conﬁdence by developing mechanisms and procedures; (4) achieving leadership in the digital domain; and (5) ensuring the supreme interests of the country (UNIDIR, 2019).

Secondly, Tunisia works to build awareness and trust and protect its citizens and the public and private sector against any cyber threat. The National Agency for Computer Security represented by the Tunisian Computer Emergency Response Team (tunCERT) participated in the ﬁrst international cybersecurity exercise during the period of 27 October and 5 November 2020. Furthermore, the “Saher” information system was adopted to lure and hunt pirates, and expose penetration attempts that target ofﬁcial websites (https://www.cert.tn/fr).

Thirdly, Tunisia launched the “Tawasol” project to support a community network, which is led by the Institute of Electrical and Electronics Engineers (IEEE) Special Interest Group on Humanitarian Technology (SIGHT) (Project Tawasol, 2020). It aims to connect primary schools across the country to the Internet, and train students to use the Internet through ICT skills workshops conducted by young members of the IEEE.

Fourthly, Tunisia promotes research and innovation and digitalisation in economic and social development by boosting the creation of new innovative small and medium-sized enterprises (SMEs) and the growth of existing SMEs. It also works on the development of the smart electrical grid, renewable energy use, and enhancement of energy efﬁciency in transportation and the quality of ICT companies and infrastructure, as well as supporting research and learning facilities. The institutions involved in this include the National Engineering School of Tunis, University of Tunis El Manar, University of Manouba, University of Sfax, National Institute of Applied Sciences and Technology, and University of Carthage (IST-Africa, 2017).

Fifthly, Tunisia participated in a Joint Project of the European Union (EU) and the Council of Europe (2017-2020) to strengthen legislation and institutional capacities on cybercrime. In July 2017, the Spain-Tunisia cooperation on cybersecurity was declared and, in April 2015, Tunisia became a member of the Global Forum on Cyber Expertise (UNIDIR, 80 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

2020). To support Tunisian authorities with the technical capacities to face cyber threats, the United Nations Ofﬁce on Drugs and Crime (UNODC) organised four training sessions on specialised digital forensics software, funded by the United States Bureau of International Narcotics and Law Enforcement Affairs (INL) (UNODC, 2020).

Finally, “Digital Tunisia 2020” was launched in 2015, aiming to create 80,000 jobs in 2020 through a combination of offshoring, nearshoring and co-locating public-private partnerships. The government allocated a total budget of around €500 million to support the programme through incentives and funding for local and international companies. In addition, the Tunisian Government is collaborating with a larger pan-African project, the “Smart Africa” start-up investment fund, which was launched in February 2019 (Oxford Business Group, 2020).

The state and reality of cyber resilience in Morocco

Morocco achieved 50th position in the Global Cyber Security Index, 100th in the ICT Development Index, and 93rd in the NRI of 2020, as well as 105th in the National Cyber Security Index (NCSI, 2020).

The Moroccan framework of cyber resilience

Firstly, on 14 July 2020, the Moroccan House of Representatives passed the Law 05-20 on Cyber Security drafted by the Department for National Defence, which aimed to protect and defend the country from cyberattacks by strengthening the foundations of security through awareness raising campaigns, trainings, research and development, promotion and development of national and international cooperation (Amrouche, 2021).

Secondly, Morocco ranked among the top 10 countries for the highest volume of malware attacks in 2020: Kaspersky detected a total of 13.4 million cyberattacks between April and June 2020. Only 8% of people questioned reported that they use any kind of antivirus software. 18% indicated that they do not update their mobile phones, and only 33% of respondents trust their mobile devices to store conﬁdential data. 76% indicated that they are afraid of their personal photos or videos being stolen and 39% of those surveyed are afraid of being spied on through the camera (Dumpis, 2021).

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 81

Thirdly, since almost half of the population in Morocco is under 25, reforming higher education in Morocco is one of the main concerns of policy-makers and educators in the country. For this reason, the Ministry of Education started a digitalisation project for 2019-2020 with the public universities of Cadi Ayyad University in Marrakech and Ibn Zohr University in Agadir (Mezgheldi, 2019)

Fourthly, Morocco has adapted research and innovation as a driving force for economic development in a particularly competitive context (Cornell University et al., 2020). Morocco aims to be a technological hub between Europe and Africa and a leader in clean energy technologies and promoting sustainable technology industries.

Fifthly, Morocco also participated in the CyberSouth initiative. On 18 May 2017, during the Morocco-NATO talks, future cooperation prospects in the ﬁeld of cybersecurity were examined, notably through the exchange of expertise and training (UNIDIR, 2021).

Finally, the “Digital Morocco” project plans to position the country among emerging and dynamic countries (National Cyber Security Strategy of Morocco, 2013).

The key to cyber Convention was discussed, and progress was also made in the field of resilience: more regional adopting laws to combat cybercrime, and Euro-Mediterranean establishing national centres for cooperation cybersecurity, and strengthening bilateral and regional cooperation Some initiatives have been promoted according to global cybersecurity Progress has over the last few years to advance indices. also been made cyber cooperation. On 20 July 2020, on bilateral and the Gulf Cooperation Council The North African region is integrated regional announced the launch of the into African efforts in the field of cooperation in cybersecurity malware analysis cyber resilience, which consider the the MENA platform as a joint Gulf project 2014 Malabo Agreement an region in the approved by the Committee of important pillar to support field of National Centres for CERTs. On 28 cybersecurity. A strategy for capacity- January 2021, the Arab parliament cybersecurity and cybercrime in Africa building called for the need to adopt was approved in 2016 by the African international rules governing the Ministers of Communications. In prevention of cyber warfare and the 2018, the African Union (AU) held an promotion of digital cooperation. In annual conference on cybersecurity in 2018, the Arab Cybersecurity cooperation with the Council of 82 Great Expectations: Defining a Trans-Mediterranean Cybersecurity Agenda

Europe, considering that cybersecurity ine cable systems and data centres is part of Africa’s 2063 strategy. and modernise the infrastructure, as well as to increase the capacity of Progress has also been made on bilateral broadband connections, manage and regional cooperation in the MENA network congestion, ensure continu- region in the ﬁeld of capacity-building. ity of vital public services and en- The International Telecommunication hance digital financial technologies. Union Arab Regional Cyber Security The COVID-19 crisis has shown that Center (ITU-ARCC) has played a role in multi-stakeholders at national and this matter, in addition to cooperation global level can only be overcome initiatives between the region and the through joint action, knowledge ex- EU such as the CyberSouth initiative or change, resource mobilisation and the EU Cyber Direct. information exchange, international cooperation and coordination in Cloud computing, data centres, and order to build resilience in the field smart city applications are also of cyberspace. The MENA region important opportunities to deal with and the EU should develop a “Pan- various risks and challenges, such as Euro-Mediterranean Cybersecurity Egypt’s New Administrative Capital Strategy (PEMCS)”, not only for the project. One of Saudi Arabia’s 2030 public sector and critical infrastruc- vision goals is to transform 10 cities all tures but also to help economic op- over the Kingdom into smart cities. erators and the private sector facing Furthermore, Saudi Arabia, in growing challenges in cyber threats cooperation with Bahrain, UAE, Jordan, (Lannon, 2019). The EU and MENA Kuwait and Pakistan, launched an region should form a digital eco- international organisation for digital nomic bloc and establish an associ- cooperation on 24 November 2020 ation between CERTs in both (Digital Cooperation Organization, regions. Finally, through a partner- DCO). ship with the new DCO, the EU could develop the digital economy However, more regional cooperation in the MENA region and achieve the is needed to establish new submar- 2030 SDGs.

Policy Study n. 22 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 83

References

ALAA EL-DIN, M. (2020). 12.4 million cyber-threats addressed in Egypt in H1 2020: trend micro. Daily News Egypt. Retrieved from https://dailynewsegypt.com/ 2020/09/30/12-4-million-cyber-threats-addressed- in-egypt-in-h1-2020-trend-micro/

AMROUCHE, A. (2021). Cybersecurity market in Morocco. Government of Canada. Retrieved from https://www.tradecommissioner.gc.ca/morocco- maroc/market-reports-etudes-de-marches/0005881.aspx?lang=eng

CARÍAS, J. F., ARRIZABALAGA, S., LABAKA, L., & HERNANTES, J. (2020). Cyber resilience progression model. Applied Sciences, 10(21), 7393. Retrieved from https://www.mdpi.com/2076-3417/10/21/7393

CORNELL UNIVERSITY, INSEAD, & WIPO. (2020). The Global Innovation Index 2020: Who Will Finance Innovation? Retrieved from https://www.wipo.int/ edocs/pubdocs/en/wipo_pub_gii_2020/ma.pdf

DAILY NEWS EGYPT. (2020). Egypt’s ICT sector demonstrates resilient performance despite COVID-19. Retrieved from https://dailynewsegypt.com/ 2020/12/03/egypts-ict-sector-demonstrates-resilient-performance-despite-covid- 19/

DUMPIS, T. (2021). Kaspersky: Moroccans not concerned about cybersecurity. Morocco World News. Retrieved from https://www.moroccoworldnews.com/ 2021/02/333890/kaspersky-moroccans-not-concerned-about-cybersecurity/

IST-AFRICA. (2017). National ICT research capacity and priorities for cooperation – Tunisia. Retrieved from http://www.ist-africa.org/home/default.asp? page=doc- by-id&docid=7004

KINGDOM OF MOROCCO MINISTRY OF INDUSTRY, TRADE AND NEW TECHNOLOGIES. (2013). Digital Morocco 2013: the national strategy for information society and digital economy. Retrieved from https://www.itu.int/en/ITU- D/Cybersecurity/Documents/National_Strategies_Repository/Morocco_2013_Ma roc_CyberSecurity_2013_ENG.pdf

LANNON, E. (2019). EU cybersecurity capacity building in the Mediterranean and the Middle East. Strategic sectors security & politics. IEMed Mediterranean Yearbook 2019. Retrieved from https://www.iemed.org/publication/eu- cybersecurity-capacity-building-in-the-mediterranean-and-the-middle-east/?lang =fr

84 Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda

MEZGHELDI, S. (2019). Morocco is looking for international partners in vocational training and higher education. Team Finland. Retrieved from https://www.marketopportunities.ﬁ/home/2019/morocco-is-looking-for- international-partners-in-vocational-training-and-higher-education?type=business -opportunity&industry=education-and-learning

OXFORD BUSINESS GROUP. (2020). The report: Tunisia 2019. Retrieved from https://oxfordbusinessgroup.com/analysis/successful-start-government-working- develop-local-start-ecosystem-through-new-policies-and

PROJECT TAWASOL. (2020). Connecting primary schools to create an internet empowered next generation in Tunisia. 1 World Connected. Retrieved from https://1worldconnected.org/project/africa_digitalskills_youth_projectawasoltunisia/

UNITED NATIONS INSTITUTE FOR DISARMAMENT RESEARCH (UNIDR). (2020). Cyber security portal – Tunisia. Retrieved from ﬁle:///C:/Users/pract_doc/ Downloads/Tunisia%20(3).pdf

UNITED NATIONS OFFICE ON DRUGS AND CRIME (UNODC). (2020). Tunisia: mobile digital forensics as a key method to prevent cybercrime. Retrieved from https://www.unodc.org/middleeastandnorthafrica/en/web-stories/tunisia_-mobile- digital-forensics-as-a-key-method-to-prevent-cybercrime.html

WORLD ECONOMIC FORUM (WEF). (2020). Rebounding from COVID-19: MENA perspectives on resilience in manufacturing and supply systems. Retrieved from https://www.weforum.org/reports/rebounding-from-covid-19-mena-perspectives- on-resilience-in-manufacturing-and-supply-systems

Policy Study n. 22 List of acronyms and abbreviations Great Expectations: Deﬁning a Trans-Mediterranean Cybersecurity Agenda 87

AFRIPOL African Police Cooperation Organisation CBDR common but differentiated responsibilities CBM Conﬁdence-building measure CEPOL European Union Agency for Law Enforcement Training CERT Computer Emergency Response Team CI critical infrastructure CoE Council of Europe CSO Civil Society Organization ENP European Neighbourhood Policy EU European Union GLACY Global Action on Cybercrime ICT information and communication technologies ISP Internet service provider LEA Law Enforcement Agency MENA Middle East and North Africa NAM Non-Aligned Movement SN Southern Neighbourhood T-CY Cybercrime Convention Committee UAE United Arab Emirates UfM Union for the Mediterranean UN United Nations UN GGE UN Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security UN OEWG UN Open-Ended Working Group on Developments in the Field of ICT in the Context of International Security USA United States of America Policy Study