United Arab Emirates: Tracking “cyber-criminals”

Telecommunications Regulatory Authority and cyber-crime units

Feeling threatened, the Emirati authorities took advantage of regional political tension in 2011 to step up control of information and communications with the aim shoring up the regime. They tried to impose a new blackout in 2013 on the trial of 94 Emiratis accused of links with Al-Islah (a party affiliated to the Muslim Brotherhood) and conspiring against the government. Only carefully chosen national media were allowed to attend the hearing and two netizens were convicted for tweeting about the trial.

The Telecommunications Regulatory Authority (TRA) and the cyber-crime units attached to the security apparatus coordinate Internet surveillance and censorship. The adoption of a cyber-crime law (Federal Legal Decree No. 5/2012) in late 2012 reinforced the legislative arsenal for gagging criticism in a country where the judiciary is under the executive’s control.

TRA and filtering

Created in 2003, the Telecommunications Regulatory Authority (TRA) is responsible for overseeing the telecommunications sector and information technology in the UAE. It reports to the cabinet, which is the UAE’s chief executive body. It is also responsible for Internet regulation and compiling the list of sites to be censored.

The TRA counts on compliance by the UAE’s two Internet Service Providers: Emirates Telecommunications Corporation (better known as Etisalat or “communications” in Arabic), which was for a long time the only ISP and mobile phone operator and still is the main one, and Emirates Integrated Telecommunications Company (EITC), better known as “Du,” which was launched in February 2006.

The TRA website lists seven categories of websites that are blocked in the UAE:

  1. Content conflicting with UAE ethics and morals, including nudity and dating

  2. Content containing material that expresses hate of religions

  3. Content conflicting with UAE Laws

  4. Content that allows or helps users to access blocked content

  5. Content that directly or indirectly poses a risk to UAE Internet users, such as phishing websites, hacking tools and spyware

  6. Content related to gambling

  7. Content providing information about purchasing, manufacturing, promoting and using illegal drugs.

Some sites post the list of blocked sites. In reality, they include all websites or web pages covering subjects related to the human rights situations (including the site of the Emirates Centre for Human Rights) or to political and even religious matters. The online versions of some newspapers, and proxy sites are also inaccessible. Skype was inaccessible until 2013. The filtering has been stepped up since the Arab uprisings.

The cyber-crimes law that was adopted at the end of 2012 (Federal Legal Decree No. 5/2012) reinforced repressive legislation dating back to 2006. The long list of online activities that are criminalized by this law constitutes a grave threat to freedom of expression and information in the UAE. Defaming the state and its institutions online is among the activities punishable by imprisonment. Many human rights organizations, including Reporters Without Borders, have expressed their concern about the use of this law to restrict freedom of expression and information and to crack down on dissent.

Cyber-police and Internet surveillance

The authorities use a cyber-police force to monitor the Internet, including its use by human rights activists. Abu Dhabi’s State Security Apparatus (usually referred to as the SSA) has created a unit specialized in cyber-crime to spy on the Internet and its users. Abu Dhabi’s SSA is widely reported to get its orders from the emirate’s crown prince.

A special unit called the Department of Anti-Electronic Crimes has also been created within the Criminal Investigation Department of the Dubai police. As the authorities have a very broad view of what constitutes cyber-crime, many journalists, bloggers and human rights defenders have run afoul of this unit.

Referring to its round-the-clock cyber patrolling, the unit’s deputy director, Maj. Salem Obaid Salmeen, said in an interview in April 2012: “These electronic patrols are detecting and tracking all topics and materials written and presented on these websites.” He also said: “Dubai’s police is equipped with the latest technologies in the field and has a qualified team specializing in anti-electronic crimes,” adding that they could identify someone from data kept for up to 18 months on servers. Any person “subjected to abuse, insult or defamation on social networking sites” could file a complaint with the unit, which would initiate proceedings against the site after verifying the complaint.

A UAE presidential decree created a “National Department of Electronic Security” in 2012. Little has emerged about this new entity, how it operates or what its function are. The lack of transparency has encouraged rumours. According to some, it is an extension of Abu Dhabi’s SSA.

Arrests of netizens

Two Emirati netizens were convicted under the cyber-crime law in 2013 for posting information about a trial during the first half of the year in which 94 Emiratis (known as the “UAE 94”) were accused of plotting against the government and being members of Al-Islah, a local group with links to Egypt’s Muslim Brotherhood.

One of these two netizens, Abdullah Al-Hadidi, who was arrested on 22 March 2013, received a 10-month jail sentence that was confirmed on appeal on 22 May. He was released on 1 November after being deemed to have completed his sentence.

The other, Waleed Al-Shehhi, arrested on 11 May 2013, was sentenced on 18 November 2013 to two years in prison and a fine of 500,000 dirhams (100,360 euros) for tweeting about the trial. He was convicted under articles 28 and 29 of the cyber-crime law, which forbid the use of information technology for activities “endangering state security” and “harming the reputation of the state.” Shehhi said he was mistreated and tortured following his arrest but these claims were never investigated, in violation of article 12 of the UN Convention against Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment.

Other information providers have been arrested under the cyber-crime law. Mohamed Al-Zumer, for example, was sentenced on 25 December 2013 to three years in prison and a fine of 500,000 dirhams on charges of “insulting the country’s leaders” and “defaming the security apparatus” on Twitter and YouTube for accusing them of torturing prisoners of opinion. In a video, he also reportedly criticized a contract that Abu Dhabi’s crown prince signed with the security company Blackwater for the creation of a private militia to suppress any civilian unrest. His YouTube account (islamway11000) has been closed ever since.

In the same trial, Abdulrahman Omar Bajubair, a netizen currently living in Qatar, was sentenced in absentia to five years in prison on a charge of defaming judges by creating and running the @intihakatand and @uaemot Twitter accounts, which document the mistreatment of prisoners of opinion. Another netizen, Khalifa Al-Nuaimi, was acquitted under the cyber-crime law but is still serving the sentence he received in the UAE 94 trial.