Cybersecurity and human rights
Many rights groups hold the view that cybersecurity is the new battlefield for human rights. One such group, the Association for Progressive Communications, notes that in his first address at the opening of the UN General Assembly in 2017, Secretary-General António Guterres highlighted escalating cybersecurity threats as a leading threat to international security. He said cyberattacks have resulted in the closure of hospitals, taken electrical grids offline, brought major cities to a standstill, and even affected the integrity of democratic processes.
There is no universal definition of cybersecurity; however, the definition developed by a working group of the Freedom Online Coalition describes it as “the preservation – through policy, technology and education – of the availability, confidentiality and integrity of information and its underlying infrastructure so as to enhance the security of persons both online and offline”.
From this definition it can easily be seen how threats to cybersecurity – or cyber insecurity – are human rights violations. The denial of access to information, and the failure to legislate to regulate cybersecurity, violate a wide range of rights, including by unduly restricting access to information, blocking particular networks, and restricting people’s rights to freely express themselves, peacefully assemble and associate as well as enjoy a range of economic, social and cultural rights.
There are countless examples of confidentiality being compromised in cyberspace, whether through data breaches for financial gain, government surveillance of specific groups, or targeted attacks on human rights defenders or journalists. This not only violates the right to privacy and confidentiality of communications, but can also lead to severe human rights violations such as detention, torture and killings, as well as violations of the rights to freedom of information and free speech.
In 2017, a BBC documentary called “Weapons of Mass Surveillance”, looking at states and institutions in the Arab world, including Oman, showed how Middle East governments threaten cybersecurity by spying on their citizens, primarily targeting civil and political rights activists. The German broadcaster Deutsche Welle also noted, in “The Fifth Estate”, a programme on its Arabic service, that Arab states such as Oman pay millions of dollars to companies with technical expertise in cybersecurity threats and data hacking on the internet.
The Omani Centre for Human Rights (OCHR) can confirm the seriousness of human rights violations in Oman linked to compromised cybersecurity, both in terms of the relevant legislation and based on testimony from Omani activists and writers that their social media accounts and phone conversations are monitored. Several activists called in for questioning have been confronted with evidence of their online activism in the form of text messages sent on their mobile phones, as SMS or through apps like WhatsApp, or voice recordings.
The Omani Public Prosecutor has also brought charges against activists based on evidence in the form of WhatsApp messages, which the Omani courts have accepted and relied on to convict those activists and sentence them to prison terms or fines.
According to the testimony of several activists, the government has succeeded in increasing restrictions on free speech by means of online surveillance and the lack of cybersecurity even in areas unrelated to human rights or politics.
In June 2020 the Sultan of Oman, Haitham bin Tariq, issued a decree creating the “Cyber Defence Centre” under the management of the Internal Security Service (ISS), which has been involved in spying on journalists and activists and monitoring their data since 2011.
Earlier, in March 2020, Haitham bin Tariq had issued Royal Decree No. 4/2020 promulgating the Internal Security Service Law and stating that the ISS would not be subject to any scrutiny or audit of its work or of the actions of its members. The decree also gave the head of the ISS unlimited powers to issue the bye-laws and regulations needed to implement the new Law.
In addition to the ISS’s involvement in violations threatening cybersecurity, such as spying on citizens’ private lives, blocking websites and violating people’s right to freedom of information, for decades it has committed serious human rights violations such as arbitrary arrests, enforced disappearances, and unlawful detention.
The new Internal Security Law contains provisions that blatantly violate human rights in respect of the right to enjoy cybersecurity:
Article 5 treats all information about the ISS and its employees and documents as national security secrets. This means that anyone who criticises the ISS, its powers or its arbitrary arrests may find themselves held to account. Article 5 also shields the ISS from any external oversight or accountability.
Article 8 allows the ISS to spy on individuals’ devices and access their private data. Such surveillance, without any mechanism for oversight and accountability, places a constraint on individual and public liberties.
Article 9: The security authorities’ powers to grant or withhold security clearance for various purposes can be used as a means to enforce compliance and stop people from engaging in any activity, or expressing any opinion, that might be interpreted as anti-government.
Linked to Article 8, and as well as legitimising surveillance over people’s private lives, Article 10 also makes it lawful for security officers to blackmail people with the threat of legal action against them.
In March 2021 the Omani government blocked the website of Muwatin News Network and banned social media app Clubhouse, using its control over the internet to further restrict freedom of expression and freedom of information.
The Omani Centre for Human Rights calls on the Omani government to respect people’s privacy and right to free expression, and not to spy on members of the public. Blocking online sources of information on grounds of safeguarding state security is both disingenuous and a blatant violation of human rights.
 Association for Progressive Communications, 28 November 2029. Why cybersecurity is a human rights issue, and it is time to start treating it like one. https://www.apc.org/en/news/why-cybersecurity-human-rights-issue-and-it-time-start-treating-it-one
 BBC, 7 July 2017. Weapons of mass surveillance. https://www.bbc.co.uk/news/av/world-middle-east-40531967
 Omani Centre for Human Rights, 6 September 2021. Oman’s Internal Security Service Law. https://ochroman.org/eng/2021/09/internal-security-service-law/