Last month, WikiLeaks published documents demonstrating the tremendous capabilities of governments to spy on their citizens via PC cameras, mobile phones and other technology. Ramy Raoof, a researcher and consultant in digital security, has analyzed these documents and published many of them on his Facebook page, especially those related to the Egyptian government’s communications and attempts to possess advanced ways of spying and hacking.

Last month, WikiLeaks published documents demonstrating the tremendous capabilities of governments to spy on their citizens via PC cameras, mobile phones and other technology. Ramy Raoof, a researcher and consultant in digital security, has analyzed these documents and published many of them on his Facebook page, especially those related to the Egyptian government’s communications and attempts to possess advanced ways of spying and hacking.  Ra’ouf’s findings have stirred up controversy about citizens’ privacy and the need and legality of such a move by the government as it fights a war on terrorism.

Mr. Raoof, which documents attracted your attention?

All the leaked documents and data are equally important. The data provides a better understanding of software types and surveillance technology, the documents present information about the budgets the governments have allocated for such software, and the correspondence reveals the political and financial relationships between governments and intermediary companies. Linking the data with the political context and timeline clarifies the big picture and provides a better understanding.

To the best of your knowledge, what are governments’ capabilities in general and the Egyptian one in particular, in terms of spying on individuals?

The capabilities of different governments are increasingly expanding and developing at the technological and political levels. As for Egypt, its capabilities started to develop clearly in 2008 and the government has been for years investing financially, politically and technologically in surveillance and spying. It meets its needs through its relationships with relevant companies and buying software or surveillance programs. Its capabilities in terms of spying on individuals are advanced, whether in terms of monitoring text correspondence, phone calls, geographic locations, web activities, remote control of computers or hacking.

A leaked document you published reveals correspondence between an intelligence apparatus’s official and the Hacking Team Company, in which the former is asking for a way to hack any mobile phone, even if it is offline. Some say the RCS software, which is used in Egypt according to media reports, can use PC cameras even if they are switched off. Does this mean that our privacy is virtually nonexistent as long as we are surrounded by modern technology?

Part of the RCS capabilities is remotely controlling the targeted PC and this includes starting and activating the camera and the microphone. Our privacy is in danger as long as the government and its budget are not transparent and there is no legal and democratic structure to regulate communications through independent surveillance mechanisms.

Can you explain in simple terms how hacking is done?

There are many ways of hacking based on the hacker’s wish and different technical factors. Hacking may happen by sending a text message to a mobile phone with a URL or through sending attachments in emails, etc. The idea is simply to put a surveillance file in the targeted device, be it a PC or a mobile phone to remotely control it and reach all the wanted content.

Is there a difference between hackers’ hacking and security apparatuses hacking?

I do not think that equaling the actions of individuals and those of the state is healthy. Law-enforcement employees are allocated budgets and wages from tax payers and are subject to certain standards. The state’s financial and political resources facilitate doing extensive and advanced hackings completely different from what amateur hackers do.

Is hacking, in general, based on exploiting technical gaps? Or are advanced devices designed with this possibility?

Hacking is done based on different factors including technical gaps, expired software, users’ ignorance in security and protection matters and identity theft. In general, devices are designed to deal with security elements traditionally and designers assume that users would make extra efforts to protect themselves. However, devices contain aspects that can be exploited to facilitate hacking.

Is hacking by governments legal, especially in Egypt?

Egypt does not have a developed, legal structure to deal properly with IT and it lacks digital surveillance regulation mechanisms. Therefore, everything is permissible and justified from a perpetrator’s prospective, and all the rules of legitimacy, appropriateness and necessity are disregarded.

Do you think the state is justified in violating the privacy of its citizens in light of its ferocious war against terrorism?

Nothing justifies violating citizens’ privacy indiscriminately, unnecessarily and without proportions. Going too far in the surveillance and hacking direction will not help reduce or control terrorism and crimes because they cannot be tackled by carrying out too much illegal activities or violations. Other countries’ experiences show that hacking and privacy violations have an adverse effect and do not contribute to safety and security. Society’s problems should not be solved using security and military methods.

How effective are advanced spying means in detecting terrorists’ plans?

Had the state’s claims of the necessity of hacking and surveillance been true, it would have avoided many bombings and unfortunate events. That did not happen since surveillance can not help the state. On the contrary, it will waste public money and human and internet resources, damage the digital economy and lead to gripping to the security solution even further.

Have terrorists hacked the computers of security apparatuses in Egypt?

Not yet.

How can we protect our privacy in light of this widespread hacking?

Protecting privacy is possible through a little bit of effort and improving dealing with IT.

Does protecting privacy go against security? In other words, are people liable if they protect their privacy?

The opposite is true and logical. People should be prosecuted if they violate others’ privacy. We should not assume for a moment that privacy violation is natural and logical. Privacy is necessary and essential for the development of societies and individuals’ ability to take decisions, and contribute to and control their lives and personal data. Privacy violation should be based on strict criteria, compelling reasons and clear-cut mechanisms.