Egypt's President Abdel-Fattah El-Sisi has recently ratified the country's first law devoted to cybercrime.
Published on Saturday in the state gazette, the 45-article law is formally titled "the anti-cyber and information technology crime law", and has drawn criticism from foreign and local media outlets, which have described it as tightening government control over the internet.
Ahram Online sat down with Dr. Mohamed Hegazy, the head of the legislation committee at the Ministry of Communications and Information Technology (MCIT) as well the head of the Intellectual Property Office of Information Technology Industry Development Agency (ITIDA), to find out more about the law.
According to Hegazy, citizens as well companies in Egypt, especially foreign investment companies, need the cybercrime law to protect their rights under the law.
He stated that until this law Egypt did not have any legislation that criminalises online identify theft, social media account theft, online credit card theft or even hacking.
Egypt did have some relevant laws, such as the communications law, the electronic signature law, and the intellectual property law, but they do not provide the kind of protection provided by the cybercrime law, he said.
In the beginning of the interview he spoke about the most controversial articles in the law, including Article 2 which deals with ISPs, who are now required to keep user logs and records for 180 days.
Mohamed Hegazy: The obligations on ISPs exist in laws in several countries; these obligations are twofold in our cybercrime law. The first obligation is to raise the standard of security in the service, and the second obligation is to keep the log files of the users for 180 days. The log files enable suspects to be followed and reached if there is a crime.
The ISPs are required to keep the log files for 180 days because a court order is required and that will take time.
We also regulate the work of the digital forensic experts too in this law and in its bylaws, identifying who those experts are, to make sure that they are technically professional according to international standards.
These are the basic features of the law.
The law also deals for the first time with the cross-border hacking, in article four. In the past we could not do anything if the hackers were acting outside the country, but this law organises and authorises international cooperation between the government agencies like the National Telecommunication Regulatory Authority (NRTA) and the Egyptian Computer Emergency Readiness Team(EG-CERT) to exchange informationabout the hacking crime either through cooperation agreements or the principle of equal treatment.
Ahram Online: On Saturday headlines around the world reported that the cybercrime law is intended to tighten up censorship online; what is your response to that?
MH: There is no single text in the law that speaks about tightening censorship; on the contrary, the law, in the second section of article two, speaks about the secrecy of the users' logs and data that have been kept by ISPs for 180 days, and not disclosing these in the absence of a judicial permit. So how would the law tighten up censorship when it obliges the ISPs if they disclose users’ data and log files?
In the third section of Article 2, also, there is an emphasis on data protection in a way that does not disclose it or corrupt it. Does this mean I am censoring the internet? No, I am protecting the users.
Even in the penalties, we only criminalise illegal access or hacking or any attack against operation systems, information systems and data, as well as email hacking, etc.
Where are these articles speaking about censorship or tightening up internet censorship?
The Egyptian cybercrime law is among the best laws worldwide today, in truth, and this is not just the government’s words.
This law is close to the laws in the UK, US and France, whether it comes to keeping data and logs for 180 days, or digital forensics or penalties.
There is no text in the law speaking about internet censorship or any text that limits the freedom of expression or opinion. There is no text in the law speaking about banning access to certain social media networks.
We issued this law in order to encourage people to go for digital transformation, and not to put barriers on the internet.
AO: Critics have been referring to two specific articles in the law, the first of which is Article 7, which speaks about blocking websites in Egypt, especially now when we have over 100 websites blocked in the country in a form of internet censorship. What do you say about that? Some of those websites are related to the banned Muslim Brotherhood group while others are news websites like Cairo-based Mada Masr and US-based Buzzfeed.
Mohamed Hegazy: The Ministry of Communications and Information Technology does not know anything about them; there is nothing about them in the law. We regulate the blocking process of websites in Egypt, starting with blocking requests and blocking on the order of the judiciary. We already present blocked websites with a legal mechanism to appeal against the blocking order.
This article exists in the laws of the greatest democracies in the world like the UK, France, India and the US. I won't mention China or Russia or those countries, but rather full democracies.
As we live in a real state, we made it clear in the law that website blocking is done under the law, and we even specify four elements under which websites are blocked, starting with firstly the prosecution presenting to court, secondly evidence, about a crime, third, that is listed in this law that, fourthly, is considered a national security threat to the country and its economy.
The blocked websites can appeal in front of the court and if their appeal is rejected then they can appeal again after three months.
AO: Some think that Article 13 in the law, which deals with live broadcast over the internet, refers to services like YouTube Live and Periscope. Is this true?
MH: No, this article deals with online cinema piracy and cable TV piracy. It protects the investments of those companies offering cable TV service, as we have recently seen the spread of cable TV piracy via decoded receivers.
AO: The second article creating buzz is Article 14 which puts in place penalties for accessing banned websites in Egypt. How do you see it?
MH: The text of the article does not say "banned websites" in Arabic but a website or information system or personal account that is restricted. It is about hacking. We criminalise hacking in this article. The article's title is "the crime of illegal access" and we are speaking about intranet and information systems.
AO: Does this apply to access to the deep web and dark net, which has been creating buzz abroad?
MH: No, it does not apply, because both the deep web and dark net need encrypted browsers, and the law does not criminalise the use of browsers. It criminalises hacking information systems and personal accounts.
AO: Some say that Article 24 is against freedom of expression too as it criminalises having social media accounts like Abla Fahita [a puppet television character] or a parody Facebook account of former president Hosni Mubarak. What do you say ?
MH: You are mixing the two examples in that article. It does not criminalise accounts like Abla Fahita because that is set up by a production company, but it criminalises setting up a fake account in the name of Hosni Mubarak or company X, even if it is a parody account, if it against their consent.
AO: In Article 25, the use of terms such as "family values" that are broad and vague while criminalising intrusion into private lives has drawn criticism. What does the law mean here?
MH: The article stipulates that anyone who attacks Egyptian family values or invades private lives or sends spam emails or SMS to someone without consent, or shares personal data with companies without consent, will be sentenced to six months in jail or a EGP 50,000 to EGP 100,000 fine, or both.
This article organises several issues, starting with receiving spam SMS on our mobile phones, to the companies that share our personal details with companies without our consent. It criminalises the disclosure of personal data online without permission, whether a private photo or private data.
Concerning Egyptian family values, pardon my frankness but we have at the moment on Facebook groups for "swinging", which is an act against the values of society, and it was not criminalised in the Egyptian penal code. We have now people promoting incest in online groups. Those were the examples of legislators when they drafted the law.
AO: But isn’t the term "family values" used here wider than swinging and incest?
MH: Yes, but we used it because there is certain behaviour that takes place in the society and you cannot mention it in the law explicitly for the sake of society's safety. Already there are a certain kind of values in Egyptian society that cannot be violated, for instance like filming my neighbour with his wife and publishing that photo.
We have seen recently how estranged couples with cases in front of the courts use the internet to publish scandals and lies about each other. This is an attack on family values.
AO: Does Article 25, which deals with sharing personal data by companies without consent, deal for example with social networks like Facebook, when it sold users' info to Cambridge Analytica ahead of the US presidential elections?
MH: No, but this example actually lies in a grey zone. This law is called "the cybercrime law", so it does not apply to this law. There is a draft law on the way which has been prepared by the government and comprises 53 articles, and it deals with the protection of users’ personal data.