News:  Lebanon News  |  Syria News  |  Palestine News  |  Jordan News Français | العربية

SKeyes Statements | Lebanon

Lebanese NGOs Inform UN Special Rapporteur on Privacy of Cyber-Espionage Allegations in Lebanon
January 29, 2018

Six Lebanese freedom of expression and human rights NGOs sent a letter on Friday, January 26, 2018, to the UN Special Rapporteur on the Right to Privacy  Joe Cannataci informing him of allegations of large-scale cyber-espionage linked to Lebanon's Directorate General of General Security. The NGOs solicited his urgent intervention with the Lebanese authorities to request that Lebanon’s General Prosecutor investigate the reports reports.

Below is the full letter:

Mr Special Rapporteur,

We write to bring to your attention allegations of large-scale surveillance tied to the Lebanese General Security (GS) Directorate. If those allegations are found to be true, it would constitute a serious violation of the right to privacy. 

On 18 January 2018, the US-based NGO Electronic Frontier Foundation (EFF) and mobile security company Lookout, released a report establishing a link between a highly advanced spying platform, sucking extensive amounts of data from mobiles and desktops called “Dark Caracal” and the Lebanese General Security Directorate in Beirut.  

According to the report, the espionage campaign has been running since 2012 and was still ongoing at the time of publication. According to the researchers, hundreds of gigabytes of data have been exfiltrated from thousands of victims, spanning dozens of countries in North America, Europe, the Middle East, and Asia. More precisely, the research has found that Dark Caracal “successfully compromised the devices of military personnel, enterprises, medical professionals, activists, journalists, lawyers, and educational institutions.” Types of data captured include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data.  

The report contains technical evidence linking servers used to control the attacks to a General Security Directorate building in Beirut by locating Wi-Fi networks and internet protocol address in or near the building. 

Instead of publicly distancing themselves from the allegation brought forward by EFF and Lookout without ambiguity, the GS Director General told Reuters: “General Security does not have these type of capabilities. We wish we had these capabilities.”  On 19 January 2018, Interior Minister Nohad Machnouk told local media that “the report does not necessarily mean it is incorrect, but it is exaggerated.”  Such allegations are not unprecedented: Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, identified the General Directorate of General Security in a 2015 report as one of two Lebanese government organisations using FinFisher, a sophisticated spyware suite. 

Arbitrary interference 
According to the standards set out by the Human Rights Committee, “Interference authorized by States can only take place on the basis of law, which itself must comply with the provisions, aims and objectives of the Covenant”.  The limitation must be necessary for reaching a legitimate aim, such as the protection of national security, as well as in proportion to the aim and the least intrusive option available. 

Lebanese law No. 140/1999 protects the confidentiality of communications from eavesdropping, monitoring, or disclosure, except in cases provided by law. However, it also authorises the Minister of Interior, who oversees the General Security Directorate, to order the interception of specific communications based on a written decision approved by the Prime Minister, for the purpose of combatting terrorism, crimes against state security, and organised crime.
In the present case, we argue that the scope of the surveillance program and the broad range of people targeted, demonstrate that the legitimate aims of the protection of national security and/or the prevention of crime could not have been pursued. Furthermore, the level of intrusiveness, which characterises the cyber-espionage campaign, indicates that it constituted a disproportionate interference with the right to privacy. 

We therefore conclude that the surveillance practices, as disclosed in the report, endanger fundamental human rights, including the rights to privacy enshrined in article 17 of the International Covenant on Civil and Political Rights, which Lebanon ratified in 1972. 

In light of the above information, we solicit your urgent intervention with the Lebanese authorities to request that Lebanon’s General Prosecutor investigate reports of secret large-scale surveillance tied to the General Security Directorate. Unlawful data collection and processing should be prosecuted. The alleged victims must have effective remedies at their disposal, including the right to obtain compensation.

If the allegations of collusion were confirmed, the General Security Directorate must take the necessary measures to put an end to such interferences and prevent their repetition. To this end, the Government of Lebanon should bring its surveillance practices in line with international standards by ensuring that domestic laws only allow for the collection and analysis of personal data with the consent of the person concerned or following a court order granted on the basis of reasonable suspicion of the target being involved in criminal activity. 

Thank you for your consideration of this matter. 

Signatory organisations: 

- Act For Human Rights (ALEF)
- Alkarama Foundation
- Lebanese Center for Human Rights (CLDH)
- Media Association for Peace (MAP)
- Samir Kassir Foundation - SKeyes Center for Media and Cultural Freedom
- Social Media Exchange (SMEX)