Under Secretary Silvers on a panel February 3, 2023 with Israel National Cyber Directorate Director General Gaby Portnoy, Head of the UAE Cyber Security Council Mohamed Al Kuwaiti, CEO of the Bahrain National Cyber Security Center Shaikh Salman bin Mohamed bin Abdulla al-Khalifa and Director General of Morocco’s General Directorate of Information Systems Security El Mostafa Rabii. Photo by DHS, public domain.
The US Under Secretary of Homeland Security, Robert Silvers, touted the expanded agreement as “a piece of diplomatic history, a piece of cybersecurity history and a wonderful opportunity to deepen security partnerships.”[1] His statement was reminiscent of the original 2020 accords, which were packaged and promoted as a historic breakthrough that would bring forward peace, prosperity and stability to the region.
But three years after their inception, the Abraham Accords have brought neither peace nor security. Instead, the deal has worked to normalize Israel’s military occupation of Palestine and expand authoritarian control regionally, in part, by formalizing the pre-existing, covert military and intelligence cooperation channels between the signatory countries.
The joint foray into cybersecurity will likely usher in a new wave of tech-enabled transnational repression in the name of national security. The original Abraham Accords brought together one of the world’s top spyware exporters with states that are serial abusers of cyberweapons and surveillance technologies. This latest expansion—lacking transparency, accountability and oversight—will facilitate smoother transfers of surveillance technologies and know-how across the region and, as a result, more human rights abuses.
(Cyber)security Cooperation between Israel and Arab states
Following the signing of the Abraham Accords on September 15, 2020, Israel and the respective Arab states (initially the UAE and Bahrain) moved to cement their security and military cooperation through a number of bi-lateral diplomatic agreements.
In February of 2022, Israel and Bahrain signed a security cooperation agreement, the first between Israel and a Gulf country. The agreement was intended to support an expansive range of collaborations from the military, industrial to intelligence arenas.
One year later, the Israeli Police Commissioner, Kobi Shabtai, made an official visit to the UAE to promote security cooperation between the two countries. This trip was coordinated by the Israeli Police Foreign Affairs unit. During it, Shabtai met with senior officials in the Emirati Ministry of Interior and the chiefs of Abu Dhabi and Dubai police forces—notably, both forces have carried out torture and mistreatment of detainees. According to reporting at the time, an Israeli police official was also to be appointed in a permanent position at the Israeli embassy in the UAE to coordinate “all police activity in the UAE, Africa, and the Middle East.”[2]
Morocco signed a similar security agreement with Israel in 2021, and the same year, it became the first of the Abraham Accords cohort to sign its own bi-lateral cyber defense agreement. Security cooperation between the two states expanded to include air defense and electronic warfare in January of 2023. In exchange, Israel officially recognized Morocco’s sovereignty over Western Sahara in July, and the first Israeli military attaché was appointed to Morocco.
Following the normalization deals in 2020, investment in Israeli cybersecurity technologies has skyrocketed. According to the Israel National Cyber Directorate, the Israeli cyber industry raised $8.8 billion in over 100 different deals in 2021—triple the amount from the previous year. While that increase might not be a direct outcome of the Abraham Accords, they have undoubtedly opened the gates for Israeli cyber companies eager to enter the high-demand markets of the Gulf. Indeed, trade between the UAE and Israel alone reached $2 billion in 2020, a significant jump from an annual $250 million before normalization.
For instance, Rafael Advanced Defense Systems is an Israeli company that was originally established to develop weapons and military technologies for the Israeli army and now exports them abroad. Since 2021, it has been heading a consortium of Israeli cybersecurity companies in Dubai to help secure contracts with the UAE.
In the same year, Israel’s defense electronics company Elbit Systems—notorious for its role in border militarization from Europe to the United States—established a subsidiary in the UAE. The following year, it was awarded a $53 million public contract to supply defense systems to the UAE air force. In return, Abu Dhabi’s sovereign wealth fund, Mubdala Investment Company, has invested up to $20 million in six venture capital companies from the tech sector in Israel.
In addition to bi-lateral deals, the signatories of the Abraham Accords have engaged in joint cybersecurity exercises and strategy meetings. In 2021, for instance, Morocco took part in a cybersecurity attack simulation organized by the Israel National Cyber Directorate at its pavilion in Expo 2020 Dubai. Israel has helped the UAE fend off a major distributed denial of service (DDoS) attack. And in 2022, the cyber leaders of Morocco, Israel, the UAE and Bahrain held the first interregional cyber conference in Bahrain to discuss their defense strategies and collaboration against “common enemies” in the Middle East.[3]
Less Barriers, More Surveillance
In 2016, Abu Dhabi proudly announced the launch of a new emirate-wide surveillance system, Falcon Eye. The emirate was less public about the ties between this mass surveillance system and Israel. The contract for the surveillance system was held by the Swiss-based consulting firm AGT International—a company led by former Israeli intelligence agent Moti Kochavi. In 2008, after receiving its first lucrative surveillance contract from the UAE, the company’s Israeli affiliate reportedly flew dozens of engineers from Israel to Abu Dhabi each week on an unmarked charter plane.
Cellebrite is a leading Israeli firm that specializes in mobile phone cracking technology. Its popular Universal Forensic Extraction Device technology (UFED) is a forensic hardware that can penetrate a mobile phone and extract all of its data, including call logs, SMS messages and browsing history. This technology was used in Bahrain to crack the phone of political activist Mohammed al-Singace. In 2013, al-Singace was detained, tortured and sentenced to 10 years in prison. According to documents shared by The Intercept, evidence used against him in his trial acquired from Cellebrite’s software included 20 pages of his private conversations on WhatsApp.
As security agreements and intelligence sharing between Israel and the Arab states become official, fewer barriers stand between the export and sale of Israeli surveillance technologies to these regimes. While there were reports that the UAE may have been a client of Cellebrite as early as 2011 through its Ministry of the Interior, in 2020, Cellebrite signed a $3 million deal with a government agency in Abu Dhabi.
Simply put, the Abraham Accords are making it easier for spyware peddlers to do their work. Another example can be found in the joint Israeli-Emirati company, Black Wall Global, which specializes in the secret dealing of cyberweapons between Israel and countries that cannot officially do business with the Israeli government or companies. Its board includes Abdulla Baqer—the co-president of the UAE-Israel Business Council in Dubai—along with a group of Israeli intelligence veterans and computer scientists, including former Shin Bet agent, Asher Ben Artzi, acting as chair.
After the normalization deal, the company began publicly boasting of its role in bolstering the cyberdefense industry across the region. In the words of Baqer, “There are a lot of countries that don’t allow Israeli companies to set up shop. They can always come to the UAE, partner with a UAE company and basically go out and be sold as an Emirati company.”[4]
Transferring Knowledge
Beyond the sale of invasive surveillance technologies to authoritarian Arab regimes, these cybersecurity agreements also facilitate the transfer of dangerous knowledge and capacity building. The UAE, in particular, has strong ambitions to build its own homegrown surveillance technologies and has, in the past, attempted to recruit former Israeli and US military and intelligence officers for this purpose.
Directly after the normalization deal was signed, the Abu Dhabi-based tech company Group 42 (G42) established a subsidiary in Israel, making it the first Emirati company to open an office in the country. The chair of G42 is the UAE’s National Security Advisor, Tahnoun bin Zayed Al Nahyan. According to reporting by the Associated Press, the company was the sole registered shareholder of the messaging, video and voice-calling mobile application, ToTok, which emerged in 2019. Promoted as a “fast and secure” messaging app, it was downloaded millions of times. But only months after its release, Google and Apple deleted it from their app stores after a New York Times investigation revealed that it was developed as a surveillance tool, “used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it.”[5]
Furthermore, the CEO of G42, Peng Xiao, was formerly the CEO of Pegasus—a division of the Emirati surveillance firm DarkMatter (not to be confused with the Israeli NSO spyware of the same name). Among other acts of transnational repression, DarkMatter is implicated in the hacking of prominent Saudi woman human rights defender, Lujain Al-Hathloul, and has hired former CIA and NSA officials to spy on foreigners, dissidents and political opposition.
The UAE’s Department of Projects has also created a joint venture company and a defensive Cyber Security and Cyber Academy in partnership with a group of Israeli businessmen from the former intelligence community and the Israeli elite army unit, Unit 8200.
Some of these collaborations are already bearing fruit. In February of 2023, the UAE and Israel revealed their first jointly created unmanned vessel, which has advanced sensors and imaging systems and can be used for surveillance, reconnaissance and detecting mines. Emirati and Israeli defense firms are also working to develop an autonomous counter-drone system, raising the question of what new surveillance companies or tools will be innovated in the future.
The US Role in Transnational Repression
When asked about the UAE’s surveillance history after the announcement of the new cybersecurity deal, Under Secretary Silvers responded: “When we have concerns, we have frank conversations.”[6] Regulating and holding accountable an unruly and secretive surveillance industry, however, will require more urgent and firmer action than “frank conversations.”
Following the United States’ blacklisting of NSO Group, the Israeli Ministry of Defense claimed to have revoked the company’s export license to several countries with records of human rights abuses. And according to recent reporting, NSO Group did not obtain a license to renew its contract with Morocco. Similarly, QuaDream, a now defunct Israeli spyware company, was negotiating a large deal with Morocco that was halted.
But given the deep entanglements between Israeli cyber mercenaries and authoritarian regimes—even preceding the Abraham Accords—there is ample reason to doubt the Israeli government’s concerns over the Moroccan government’s human rights violations. Indeed, the timing of the reversal suggests Israel is more worried about a potential diplomatic crisis: In 2021, it was revealed that Morocco had phone numbers of senior French officials, including French President Emanuel Macron and a few members of his cabinet, on its target list.
Now, with the US brokered cybersecurity upgrade to the Abraham Accords, it is difficult to imagine what will deter the proliferation of surveillance tools and their abuse by authoritarian states. Given the signatories’ history of cyber surveillance to attack journalists and political opponents—not to mention the mushrooming of the cyber tech trade and investment between Israel, Morocco, Bahrain and the UAE—the cybersecurity agreement will likely entrench transnational repression under the pretext of preserving national security and fighting terrorism.
[Marwa Fatafta is the Middle East and North Africa policy manager at Access Now.]
Endnotes
[1] Tim Starks and Ellen Nakashima, “The Abraham Accords expand with cybersecurity collaboration,” The Washington Post, January 31, 2023.
[2] “Israeli police chief holds first visit to UAE to advance security cooperation,” Times of Israel, February 6, 2022.
[3] “The First Regional Cyber Summit: Israel, Morocco, Bahrain and the United Arab Emirates gather in a first of its kind meeting,” Israel National Cyber Directorate, December 14, 2022.
[4] Jonathan H. Ferziger, “UAE-Israel cyber intelligence firm grows with its perch in the Gulf,” The Circuit, September 4, 2022.
[5] Mark Mazzetti, Nicole Perlroth and Ronen Bergman, “It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool,” The New York Times, December 22, 2019.
[6] Tim Starks and Ellen Nakashima, “The Abraham Accords expand with cybersecurity collaboration,” The Washington Post, January 31, 2023.
