abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphLinkedInlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb
Briefing

26 Jun 2024

Keeping watch: Surveillance companies in Middle East & North Africa

BHRRC

Companies around the world, particularly European, North American, Chinese and Israeli firms, are selling and transferring invasive surveillance technologies to countries in the Middle East and North Africa (MENA) – a region where conflict-driven social and political instability and fragility persist. For responsible companies this calls for ‘heightened human rights due diligence’, in line with international standards. But for opportunistic companies, this instability is not a risk to be mitigated, but a benefit to capitalise on – with the absence of independent mechanisms to promote and protect human rights leading to serious harms for local populations. As these surveillance measures to monitor and control the populations of MENA states have expanded and intensified, the role of private tech companies in these efforts – and their consequential human rights violations – have likewise grown, with marginalised populations, including women, migrants and human rights activists, particularly at risk. At a time of rising conflict and tension in the region, the potential harm of these unregulated technologies on fundamental rights of privacy, dignity and autonomy have never been clearer.

This briefing analyses responses to a survey conducted by the Business & Human Rights Resource Centre (the Resource Centre) on corporate transparency and the human rights due diligence processes of 23 companies that allegedly produce or provide surveillance technologies to governments in the MENA region. Since we surveyed the same companies two years ago, the human rights risks of operating in the region have only grown. Government crackdowns on protestors and women in Iran; the outbreak of Israel’s war on Gaza; devastating natural disasters in Morocco, Türkiye and Syria; acute economic pressures across North Africa; and shrinking civic space for political and human rights activists throughout the region are but a few hallmarks of the increasing complexity of operating in or providing products and services to MENA, where transparency and heightened attention to identifying and mitigating human rights risks is essential to any responsible business practice.

Despite this reality, the intervening period between the surveys yielded no significant improvements in the number of companies demonstrating transparency. As in 2022, only five of the companies approached – Airbus, G4S, Indra, Leonardo and Sonyresponded to our 2024 survey. Eighteen companies did not. This demonstrates a damaging opacity towards the public, governments and investors regarding a fundamental tenet of human rights compliance for any company, and should send alarm bells ringing. In contrast, the responses from four of these companies – Airbus, G4S, Indra and Leonardo – included specific, detailed answers in examples of better practice, although there is still progress to be made.

Key findings

23

companies

asked to respond to questions on corporate transparency and human rights due diligence

5

companies

responded: Airbus, G4S, Indra, Leonardo and Sony

3 in 5

responding companies

include stakeholder engagement in their human rights due diligence processes

2

companies

- Airbus and G4S - publicly commit to non-retaliation principles where grievance mechanisms are used by stakeholders

Other key findings include:

  • All responding companies report having human rights policies in place, but allegations of abuse against some of these firms and others in the sector highlight an implementation gap that needs to be closed as a matter of urgency.
  • Commitment to human rights due diligence appears to be increasing, with Airbus, Sony, Indra, Leonardo and G4S indicating some heightened due diligence processes in place, which are essential in high-risk zones, such as MENA.
  • Over half of responding companies include stakeholder engagement in their human rights due diligence processes, with greater commitment to systematic and meaningful engagement needed.
  • Grievance mechanisms are essential to ensuring effective human rights due diligence. Four out of the five respondent companies confirmed the ability of stakeholders to raise grievances, but only Airbus and G4S publicly commit to non-retaliation principles where the mechanisms are actually used by stakeholders.

The general lack of transparency by the surveillance sector obstructs detailed assessment of the industry’s actual engagement with its human rights responsibilities at any scale, including the critical need for heightened human rights due diligence. This is a growing material risk to business. Governments around the world increasingly recognise corporate human rights due diligence and transparency as requirements of doing business, rather than optional considerations. It appears at least 30% of the companies surveyed here, for example, will fall within the ambit of the EU’s Corporate Sustainability Reporting Directive, and the newly-passed EU Corporate Sustainably Due Diligence Directive, including its civil liability provisions, which should fundamentally change the calculus of risk in the boardrooms of those firms, as space for these transparency and due diligence gaps across supply chains is closing rapidly.

At the same time, human rights risks of surveillance technology are increasingly in the spotlight. Countries around the world are deliberating legislation to limit the reach of artificial intelligence (AI) and biometric surveillance, data protection authorities are settling into their enforcement powers, and governments are re-assessing the risks associated with the proliferation of targeted surveillance tools, such as spyware. The efforts to ban live facial recognition in public spaces also continues – with real progress evident in the crucial jurisdictions of the US and the EU.

Companies, investors and governments should understand this evolving landscape will have serious implications for their respective roles in providing, funding and procuring surveillance tech in the MENA region. The former UN Special Rapporteur on the Promotion and Protection of the Rights to Freedom of Opinion and Expression, David Kaye, has previously called for a moratorium on the global sale and transfer of private surveillance tools until robust safeguards are put in place to ensure states use these tools appropriately. These safeguards simply do not exist in the MENA region.

At a minimum, and in light of the rising risks in the region, this means:

  • Companies choosing to operate in the region have a responsibility to regularly undertake robust heightened human rights due diligence in respect of their operations and value chains there, and make public their approaches for those countries, findings and risk-mitigation efforts, in line with international standards.
  • Investors should engage with companies to insist on risk mitigation through human rights transparency, heightened human rights due diligence and access to remedy. Time-bound demands for rapid changes in business models should be set, followed by disinvestment if international standards are not met. Investors should be more seriously scrutinising the surveillance tech companies in their portfolios and encouraging companies domiciled in democratic countries to ensure they are not powering authoritarianism abroad.
  • Governments in exporting countries should urgently put in place regulations which insist on corporate compliance with international human rights standards; with a moratorium on licensing and export of invasive surveillance technologies and services until these are in place and enforced.

BHRRC

Introduction

The use of surveillance technologies by governments in the MENA region, often justified in the pursuit of national security and counter-terrorism measures, is not a new story. The staggering scale of their use to silence human rights defenders, journalists, activists and opposition leaders is well documented, calling into question any legitimate or legal reasons for states to use these technologies given their poor human rights records.

However, information on the role and responsibility of private tech companies – integral in facilitating the sale, transfer and use of invasive surveillance technologies by MENA governments – remains scarce due to the opacity of the surveillance industry itself. Findings from the Resource Centre’s 2022 briefing on tech companies’ provision of surveillance technology to aid in migration and border control across MENA, as well as its 2024 briefing on the role of tech companies in facilitating Israel’s war on Gaza, are testament to this lack of transparency. This is despite governments around the world increasingly recognising transparency and corporate human rights due diligence commitment are requirements for doing business, rather than optional considerations.

The Resource Centre has been anaylsing publicly available information related to allegations of human rights abuse and civil society reports related to the involvement of private tech companies in the expansion and intensification of surveillance measures in the MENA region to monitor and control their populations. These include the alleged extensive use of facial recognition and movement tracking of Palestinians in the West Bank and Gaza; the potential violations of the rights to privacy, freedom of expression and association, as a result of a cloud data centre in Saudi Arabia; the use of Deep Packet Inspection (DPI) technology in mass web-monitoring and censorship to block news as well as target political actors and human rights activists in Egypt; the use of CCTV cameras in Iran to crack down on women who remove their headscarves in public; and the use of drones and CCTV cameras armed with a facial recognition technology in the Qatar World Cup. These examples – merely the tip of the iceberg – demonstrate how big-name tech companies around the world reap profits from contributing to oppressive efforts by MENA states, at great cost to the human rights of many who live there.

In May 2024, the Resource Centre sought to highlight progress in corporate transparency commitments and accountability of these companies since our last assessment in 2022, which painted a bleak picture of the sector’s operations in the region despite these risks: a concerning lack of transparency, gaps in human rights policies and human rights due diligence efforts, limited evidence of stakeholder engagement, and under-performance on ensuring accessible grievance and remedy mechanisms. We re-invited the 23 companies profiled in our 2022 briefing (one company, Evron Systems Ltd, could not be contacted and is therefore excluded from the list) to respond to questions about their provision or deployment of surveillance technology in the MENA region, as well as their human rights due diligence processes to identify and mitigate related risks.

The 2024 survey also included specific focus on heightened human rights due diligence (hHRDD), in recognition of the growing risks of operating in the MENA region, as well as invitations to the companies to respond to specific allegations of human rights abuse taking place over the same period and associated with their services or operations.

Analysis of company responses

The 23 companies profiled in this analysis had three weeks to respond to the survey and allegations.

As in 2022, responses were received from just five companies: Airbus, G4S, Indra, Leonardo and Sony, two of which also responded to our 2022 survey (Airbus and G4S). Three companies provided specific responses to questions: Airbus, Indra and Leonardo. The responses submitted by Airbus and G4S contain similar information to their 2022 responses, but are helpfully supplemented with new detail on how their subcontractors and other entities in their supply chains comply with their human rights and other rights-related policies and procedures. Sony only provided information on its policies.

Two companies declined to engage with the survey. Cellebrite, which responded to our 2022 survey, stated “it is not a surveillance or offensive cyber-technology company; nor does it produce technology solutions that support surveillance or monitoring efforts. Completion of this survey would incorrectly categorise our business”. Our data points and Cellebrite’s website suggest otherwise, as the company develops the Universal Forensics Extraction Device (UFED) and Inseyets and facilitates extraction from digital devices. Nexa also responded, stating it “discontinued and stopped its activities in 2022”. On its website, it states “after more than 10 years serving the fight against crime in France and around the world, Nexa Technologies and its shareholders have decided to refocus the company's activity by devoting itself exclusively to cyber defense”.

Despite nearly two years between them, the 2024 survey process revealed similar findings to that of 2022 – highlighting a concerning lack of material progress in respect of human rights due diligence efforts by surveillance companies in the MENA region over time, despite rising risks of operating there.


TRANSPARENCY

The sector continues to demonstrate limited commitment to transparency, despite rising human rights risks in the region

Transparency remains the cornerstone of human rights due diligence – and therefore corporate accountability – as set out in the UNGPs: companies “need to know and show that they respect human rights” and “showing involves communication, providing a measure of transparency and accountability to individuals or groups who may be impacted and to other relevant stakeholders”.

Five of the 23 companies responded to the 2024 survey, demonstrating far greater commitment to transparency than the remaining 80% of their peers in this group. While gaps remain, particularly with regard to client identification and types of products and services provided, evidence of commitment to this first step of corporate accountability is encouraging for these companies.

The low response rate is also in line with transparency commitments by tech companies operating in the region more generally. With MENA currently home to many conflicts, including Israel’s war on Gaza, surveillance technologies, including spyware, social media monitoring, and facial recognition, are often justified as necessary to maintain stability and security. The Resource Centre’s December 2023 invitation to 104 technology companies (including surveillance companies) operating in or providing services to Occupied Palestinian Territory (OPT) and/or Israel to respond to a survey focusing on transparency and heightened human rights due diligence in the context of the conflict was simply ignored by 96% of the companies surveyed. Nine of these companies are listed above: Oosto (formerly AnyVision), BAE Systems, Cellebrite, Cisco, Gem Security, Sony, Thales, TSG IT Advanced Systems, and Videotec). While Sony responded to our 2024 MENA surveillance survey, it failed to respond to the Resource Centre’s survey on OPT/Israel suggesting inconsistent commitment to transparency by the tech and surveillance industries.

This is particularly problematic because in the face of sustained reporting on the human rights impacts of surveillance technologies and rising levels of conflict in the region, the industry remains a highly profitable one with authoritarian governments, including those in MENA that routinely clamp down on human rights. The relationship between surveillance companies and governments continues to be shrouded in secrecy and protected by the existence of contractual confidentiality clauses, creating barriers to the disclosure of any information. G4S asserts it is restricted from doing so due to laws and regulations, while Leonardo and Indra state that disclosure of its clients’ data, which is “commercially sensitive information”, may be considered a breach of confidentiality agreements.

Only Airbus, without disclosing detailed information about its government clients, confirmed it has provided surveillance solutions for the purpose of border control and the prevention of illegal activities such as smuggling and trafficking to customers, including in the MENA region. While stating it is unable to disclose information about its customers, Leonardo noted the MENA region “is subject to constant review of the applicable conditions in order to assess which country has to be subject to enhanced due diligence with particular reference to the respect of human rights…”.

In its detailed answer, Indra further reported that its surveillance systems are designed to identify criminal behaviour or potential threats to the integrity of the infrastructure, not individuals. It further stated that its defence and surveillance products and services are only sold to customers who “meet the requirements of the Spanish Government”. Export licences, which “would be refused if they were considered as defence materials that could be used to commit serious human rights violations”, will be accompanied by “strict end-use and end-user control documents”.


HUMAN RIGHTS POLICY COMMITMENTS

Human rights policies exist for all responding companies, but persistent allegations of abuse highlight an implementation gap

The UNGPs set out a principled approach to human rights due diligence for all companies, requiring in the first instance the adoption and publication of a human rights policy. A paper published by the UN B-Tech Project, as well as reports prepared by the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism and the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression explain and clarify the implications of the UNGPs and its policy recommendations for tech companies, in particular.

Reflecting important progress in respect of this cornerstone of responsible business operations, all responding companies (Airbus, G4S, Indra, Leonardo and Sony) reported having a publicly available human rights policy in place that includes reference to ongoing human rights due diligence. Importantly, Leonardo in particular listed violations of international humanitarian law as an indicator in its Human Rights Impact Assessment (HRIA) at the “country-risk” level.

All responding companies also extend human rights due diligence to the rest of their value chains, affecting suppliers, contractors, and other business partners – another strong indicator of policy commitment to respect for human rights. In 2023, Indra performed human rights risk evaluations for 80% of its critical suppliers, requesting additional action in cases where inconsistencies were detected.

Despite this important progress, however, the existence of human rights policies alone does not necessarily mean these companies are not implicated in human rights violations perpetrated by state authorities. Allegations of human rights abuse linked to some of the profiled companies have been documented:

Airbus: The company allegedly “publishe[d] studies that promote a hard line on immigration — portraying migrants as threats…” and that “[it does] not just benefit from border control... [it also fuels] the very immigration crises that they promise to solve”. Airbus said that it “constantly monitors changes to international law to ensure that all sales are in compliance with any applicable legal requirements”.

Like Airbus, Thales has been implicated in profiting from immigration crises. It allegedly also portrayed “foreigners as threats” and thus “taught the public to see immigration as a national security issue”. Thales said it provides solutions for borders security to prevent trafficking and terrorism, with the ultimate aim of protecting populations and anticipating risks. Leonardo did not respond to the same allegation. It also refused to comment on the allegation that it provides “armaments to conflict zones which produce displacement”.

G4S: After years of campaigns to demand G4S respect international law and the human rights of Palestinians, in June 2023, the Boycott, Divestment, Sanctions movement announced G4S had “decided to divest completely from Israel”. In its response to the Resource Centre in May 2024, however, G4S said it continues to operate and make significant investments in Israel.

Nexa: The company, along with other French arms and spyware companies, allegedly sold a mass surveillance system to the Egyptian authorities. While stating it has been discontinued and stopped its activities in 2022, Nexa rejected the allegation, stating it only sold a passive telecom solution to extract the metadata of the IP traffic, did not provide neither content nor precise geolocation, and has never provided any massive wiretapping and geolocation solutions.

Dassault Aviation did not respond allegation concerning the sale of surveillance system to the Egyptian Government “to monitor the population outside the normal limits”.

The existence of these allegations highlights that implementation of policy commitments is critical, particularly in more complex operational jurisdictions. More is required of surveillance companies operating or supplying to MENA - a high-risk sector for human rights violations, in a high-risk region where situations of armed conflict, violent extremism, shrinking civic space and repression of civil society are common challenges.


PROPORTIONAL HUMAN RIGHTS DUE DILIGENCE 

Commitment to basic human rights diligence exists, but there is critical need to ensure heightened due diligence efforts in the MENA region

Human rights due diligence is integral to responsible business operations the world over, involving identifying, preventing, mitigating and accounting for adverse human rights impacts caused by business activities. Such efforts are built on a concept of proportionality: the higher the risk and complexity of the operational jurisdiction, the more detailed the due diligence processes that are required to mitigate the scale and severity of the human rights risks to people. In other words, the corporate responsibility is augmented to conduct a heightened form of due diligence in these contexts, defined in the OECD Due Diligence Guidance, the European Commission recommendations on the identification of conflict-affected and high-risk areas, and the UN Working Group on Business and Human Rights report on business in conflict. These include situations of armed conflict or fragile post-conflict as well as areas of political instability or repression, institutional weakness, insecurity, collapse of civil infrastructure and widespread violence, weak or non-existing governance and security, such as failed states, and widespread and systematic violations of international law, including human rights abuses.

Regarding general human rights due diligence commitments, Airbus, Sony and Indra state in their human rights policies that human rights due diligence is an ongoing process. In conducting its human rights due diligence, Indra specifically reports considering vulnerable groups by assessing the particular risks to them; in line with best practice, it relies on reports from advocates for vulnerable groups, such as women's or Indigenous Peoples' organisations, and/or engaging with affected stakeholders.

Given the prevalence of armed conflict, violent extremism, shrinking civic space and repression of civil society in the region, operating or supplying to countries within MENA presents particularly high risks, suggesting need for consideration of heightened human rights due diligence. When asked whether they considered MENA countries to be high-risk, two companies (Indra and Leonardo) provided information on countries in the region that were considered 'sensitive' or 'high-risk' based on specific criteria. The MENA countries account for 30 per cent of the countries on Leonardo’s “List of Sensitive Countries”. These countries are subject to Leonardo’s periodic review due to their direct or indirect links to ‘politically sensitive transactions’. Leonardo further stated that “the MENA region is subject to constant review of the applicable conditions in order to assess which country has to be subject to enhanced due diligence”, making it the only company to commit to hHRDD.

G4S indicated that it, too, is committed to hHRDD through regular human rights controls, due-diligence frameworks, and control self-assessment for “higher risk operations”. G4S carries out regular “heat-map reviews” to identify the countries in which human rights risks are deemed to be high.

Indra stressed it does not engage in any commercial activities with countries involved in a conflict. In assessing high-risk countries, Indra considers countries included in the Corruption Perception Index with a score of 36 points or less; territories that are considered tax havens under Spanish and EU regulations; countries with a score of six or higher on the OECD’s creditworthiness index; and countries subject to general EU, UN or US embargoes or embargoes on defence or dual-use material. Algeria, Iran, Iraq, Lebanon, Libya, Sudan, Syria, Türkiye and Yemen are listed as high risk. Bahrain and Egypt, countries where Indra has a permanent presence, do not generate country risk alerts. Indra further noted that Israel is being considered as a 'country at risk' due to the current war on Gaza, although the country does not strictly meet any of Indra’s ‘high risk criteria’.


STAKEHOLDER ENGAGEMENT

Over half of responding companies include stakeholder engagement in their HRDD process, with more commitment to meaningful engagement needed

Meaningful stakeholder engagement is critical to achieving accurate assessments of human rights risks and effective safeguards, particularly in high-risk sectors such as surveillance. This is crucial because human rights risks must be understood from the perspective of those who are or may be affected.

Indra, Leonardo and Sony confirmed they engage stakeholders in their human rights due diligence process. Referring to its human rights policy, Sony commits to being “actively informed by relevant internal and/or external expertise and will engage in dialogue with relevant stakeholders”. Indra and Leonardo engage with government bodies and the UN, but do not include vulnerable or at-risk communities and groups that are recognised as legitimate representatives of affected stakeholders in their stakeholder engagement.


GRIEVANCE MECHANISMS

Grievance mechanisms are essential to ensuring effective human rights due diligence; the surveillance sector must commit to non-retaliation principles where these are used

The availability of robust grievance mechanisms, trusted by the stakeholder groups for whose use they are intended, goes hand-in-hand with meaningful stakeholder engagement processes. These mechanisms, pursuant to UNGP best practice, must be easily accessible, predictable, equitable and transparent in order to fulfil their core purpose of providing a safe and secure avenue to call attention to human rights harms.

When asked about grievance mechanisms, Airbus, Indra, G4S and Leonardo all confirmed that employees, suppliers, business partners or other third parties can raise any concerns or complaints related to human rights through confidential and anonymous channels – an improvement over the last survey, when only Airbus and G4S reported this availability. Also, only Airbus and G4S have a commitment to non-retaliation principles for whistle-blowers. Sony did not respond to questions about grievance mechanisms.


*27/06/24 Minor updates made to the grievance mechanism section following contact from G4S

Recommendations

The Resource Centre reprises and renews its key recommendations from 2022:

company icon

Recommendations for companies

company icon

Recommendations for companies

  • Strengthen human rights risk management in line with international standards set out by the UNGPs and OECD Guidelines, including in respect of transparency, robust stakeholder engagement and access to remedy.
  • Conduct heightened human rights due diligence across operations and value chains and adopt a conflict-sensitive approach when operating in conflict-affected and high-risk areas. Where heightened human rights due diligence is not possible to undertake, companies must consider responsible exit.
  • Halt the sale, transfer and use of surveillance technologies until the company has implemented robust human rights due diligence which includes effective consultation with affected rightsholders, including human rights defenders, and groups representing victims and vulnerable groups. They should be able to identify and mitigate human rights risks, and provide effective remedy when things go wrong for rightsholders.
  • Develop and publish transparency reports disclosing the potential uses and capabilities of their products, as well as the types of support provided, incidents of misuse, and information on the number and type of sales to government agencies.
investors icon

Recommendations for investors

investors icon

Recommendations for investors

  • Strengthen and publish human rights policies in line with the UNGPs, including requiring investee companies to carry out robust human rights due diligence, with heightened due diligence for operations in conflict-affected contexts.
  • Review investment in companies which provide MENA governments with surveillance tools and products and use leverage, including collective leverage with other investors in the tech sector, to demand key international standards are upheld.
  • Consult with independent experts, including from civil society, on the risk of harm and mitigation necessary from investors to promote heightened human rights due diligence, democracy, and peace.
states icon 2

Recommendations for governments

states icon 2

Recommendations for governments

  • End the use of invasive surveillance technologies and adopt safeguards to protect these vulnerable communities in line with international human rights law.
  • Establish legislative and regulatory measures consistent with international heightened human rights due diligence, with special reference to the tech surveillance sector.
  • Provide guidance to business enterprises on the application of heightened human rights due diligence, and insist on implementation.

Further reading

Switched off: Tech company opacity & Israel’s war on Gaza

We invited 104 technology companies operating in or providing services to the Occupied Palestinian Territory and Israel to respond to a survey on transparency and heightened human rights due diligence in the context of Israel's war on Gaza.

Scrutinising migration surveillance (2022)

Human rights responsibilities of tech companies operating in MENA

Technology & human rights

Explore all our resources on the tech sector and human rights dashboards for 120+ technology companies around the world