Reading view

Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!

For years, civil society organizations, workers, journalists, and human rights experts have warned that major technology companies risk enabling grave human rights abuses when they provide cloud computing, AI, and surveillance infrastructure to governments implicated in violations of international and humanitarian law. While many companies pay lip service to evaluating customers and contracts for human rights implications (lip service Exhibit A: Palantir!), too often those processes fail to provide any meaningful accountability when their standards are not met or are simply ignored. But recent developments at Microsoft suggest that accountability for failing to uphold the human rights standards that a company itself sets, even if incomplete, is possible. 

According to recent reporting, Microsoft’s Israel chief has departed amid an escalating ethical controversy surrounding the company’s business relationships with the Israeli Ministry of Defense. The move follows months of scrutiny, internal dissent, and sustained pressure from inside the organization along with press and civil society, especially after a report by The Guardian revealed that Microsoft technologies were used in systems connected to mass surveillance and military targeting operations in Gaza in ways that appeared to violate Microsoft’s own standards. This did not happen overnight.

In September 2025, Microsoft reportedly suspended certain services after initial investigations raised serious concerns about how its cloud and AI infrastructure may have been used. That alone distinguished Microsoft from many of its peers. Rather than simply dismissing mounting concerns or hiding behind vague claims of neutrality, Microsoft appeared to recognize that providing technology in conflict settings creates real human rights responsibilities. Now, after additional investigation and continued public scrutiny, it appears the company has taken another step, one that should send a strong signal to others that violating Microsoft’s human rights commitments could cost you your job. This is important. 

There is still much more Microsoft should do, of course. The company has yet to fully disclose the scope of its findings, explain exactly which services were suspended, or clarify what safeguards remain in place to prevent its technologies from contributing to human rights abuses in the future. We shouldn’t have to infer the connection between this employment action and the company’s investigation. 

Just prior to reports that Microsoft had fired its Israel Country General Manager, EFF joined Access Now, Amnesty International, Fight for the Future, and 7amleh in a joint May 7, 2026 letter to Microsoft leadership calling on the company to publicly release the findings of its investigation, suspend business relationships tied to serious human rights abuses, and implement meaningful safeguards to prevent its technologies from contributing to further harm. The letter detailed allegations regarding Microsoft’s reported provision of Azure cloud and AI services to Israeli military and intelligence units involved in surveillance and targeting operations, while also pressing the company to take concrete human rights due diligence measures going forward. Those demands remain urgent, even as Microsoft appears to be taking some of the steps we urged.

But even as we push for more, it is important to recognize when a company takes steps in the right direction. Because this is what it means to put human rights commitments into practice. It means acknowledging that human rights policies are not just branding exercises or transparency reports. It means accepting that companies providing cloud infrastructure and AI services have responsibilities when credible evidence emerges that their technologies may be enabling violations of international law. And it means taking concrete action when those risks become known.

The allegations facing Microsoft are serious. Human rights organizations and investigative reporting have documented claims that Microsoft Azure services were used by Israeli military and intelligence units to process large-scale surveillance data, support AI-assisted targeting systems, and sustain military cloud infrastructure during the war in Gaza. The concerns raised extend beyond ordinary business risk; they implicate potential complicity in violations of international humanitarian and human rights law.

Faced with these allegations, Microsoft could have chosen the path many tech companies take: deny everything, attack critics, suppress worker dissent, and continue business as usual. Instead, the company appears to have begun responding to the evidence.

Technology companies are not powerless bystanders. Cloud providers and AI companies make choices every day about who gets access to their infrastructure, under what conditions, and with what oversight. When companies claim to uphold human rights principles, those commitments should have operational consequences. Too many companies, in both international and domestic policing contexts, provide technology to institutions that violate people’s human rights and civil liberties, then fall back on the claim that they are merely providing a service that their customers can use how they see fit. This is an ethical failing that falls short of most companies’ publicly expressed commitments. Microsoft’s recent actions suggest that sustained public pressure, worker organizing, investigative journalism, and civil society advocacy can force even the world’s largest technology companies to respond.

Google and Amazon should especially see this as a clear example to follow. Both companies also provide services to the Israeli Ministry of Defense and have faced years of criticism over those contracts and services, including from EFF. Yet neither has demonstrated the level of responsiveness or accountability that Microsoft has shown. If Microsoft can suspend services, investigate allegations, and make leadership changes amid mounting evidence and ethical concerns, then other cloud giants can no longer pretend that meaningful action is impossible.

The technology industry has spent years insisting that ethics and human rights matter. The real test has always been whether those principles survive when profits, government contracts, and geopolitical pressure are on the line. Microsoft’s recent steps are not the end of that story, but they may mark the beginning of what real accountability can look like.

We’re looking at you, Amazon and Google. If Microsoft can do it, why can’t you?

  •  

We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.

Poor accountability, feeble control mechanisms, and insufficient legal frameworks have led to systematic human rights violations in the Americas, with no consistent remedy or reparation to victims. What's needed is to materialize essential guarantees and measures to combat repeated surveillance abuses in the region. To help build a path for solutions, EFF launches the guide Tackling Arbitrary Digital Surveillance in the Americas, adding to our extensive work leveraging human rights norms to confront state privacy violations.

The document compiles privacy, data protection, and access to information guarantees established within the Inter-American Human Rights System to provide concrete, actionable guidance to governments in the Americas to curb the vicious cycle of state digital surveillance abuses. It outlines the safeguards and institutional measures necessary to protect individuals and details rules, parameters, and standards to overcome current pernicious practices and trends. 

As concerns over national and public security intensify, countries in the region seem to increasingly normalize the pervasiveness of digital surveillance technologies and their arbitrary use by security forces as a distorted form of protection. However, no actual protection can arise from arbitrary surveillance. 

When public security, intelligence, and law enforcement agencies neglect or harm settled rights in the name of national security or public order, they too become a threat. Tolerating rights violations creates the dire situation that the Freedom of Expression Special Rapporteur of the Inter-American Commission on Human Rights thoroughly analyzed in his report about the serious impacts of digital surveillance on freedom of expression in the Americas.

The great majority of states in Latin America have ratified the American Convention on Human Rights. As such, the parameters and rules our new guide describes stem directly from their obligations before international human rights law. State agents and institutions must take the necessary measures to make them a reality.

As EFF’s guide points out, states must implement clear and precise legal frameworks that:

  • define surveillance powers and limitations;
  • ensure all surveillance measures pursue legitimate aims without discriminatory ends;
  • subject interference with privacy to rigorous necessity and proportionality analysis;
  • require prior judicial authorization for digital surveillance measures;
  • maintain detailed records of surveillance operations;
  • establish independent civilian oversight institutions with technical expertise and enforcement powers;
  • guarantee individuals' right to informational self-determination and proper notification; and
  • provide effective remedies and reparation for victims of surveillance abuses.

States must also put in place the institutional processes and structures to give effect to these legal guarantees. As we stress in the document, States that embrace the guide’s recommendations will not only comply with their international obligations, but will also build more resilient, rights-respecting security architectures capable of addressing genuine threats without sacrificing the freedoms they exist to protect. 

Civil society leaders, activists, legal experts, public defenders, oversight institutions, and state officials committed to human rights must gather and ramp up the fight against the normalization of digital surveillance abuses in the Americas. We hope that EFF’s new guide can serve as a crucial tool in strengthening this fight, one that we have joined since our early days.

  •  

EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid

Osama Khalid was just twelve years old when he began contributing to Wikipedia Arabic. In the height of the blogging era, he became a prolific blogger, publishing writings on his home country of Saudi Arabia, meetups he attended, and his opinions and observations about open source technology and freedom of expression. He advocated for internet freedom, contributed time and translations to various projects—including EFF’s HTTPS Everywhere—and was a thoughtful presence at the conferences he attended around the world…all while training to become a pediatrician.

In July of 2020, he was detained amid a wave of arbitrary arrests carried out by the Saudi authorities during the Covid-19 lockdown and initially given a five-year prison sentence. That sentence was later increased on appeal to 32 years, then reduced in 2023 to 25 years, and again to 14 years this past September. In a joint letter that we signed on to in April, the Saudi human rights organization ALQST, which has been leading the campaign for Osama’s release, wrote: “The huge discrepancy between sentences handed down at different stages in the case underscores the arbitrary manner in which sentencing is carried out in the Saudi judicial system.”

So, what was his “crime”? Sharing information online that conflicted with official narratives. Osama’s Wikipedia contributions included pages on critical human rights issues in Saudi Arabia, including the treatment of women’s rights activist Loujain al-Hathloul (herself an EFF client) and Saudi Arabia’s infamous al-Ha’ir prison. His blog, which has since been taken offline, included articles such as one criticizing government plans for the surveillance of encrypted platforms.

Over the years, we’ve campaigned for the release of a number of individuals imprisoned for their speech. Our contributions to the campaigns of Ola Bini, the Swedish software developer who has been targeted by the government of Ecuador for the past seven years, and Alaa Abd El Fattah, have had real impact. These cases are reminders that attacks on free expression are rarely confined to borders: governments around the world continue to use vague cybercrime laws, national security claims, and politically motivated prosecutions to silence critics, technologists, journalists, and activists.

Supporting these two—and others we’ve highlighted in our Offline project—has never been about defending only individuals. It has also been about defending the principle that writing code, sharing ideas, criticizing governments, and organizing online should not be treated as crimes. Public pressure, international solidarity, legal advocacy, and sustained campaigning can shift the political cost of repression—and, in some cases, help secure meaningful protections for those targeted.

That’s why we’re highlighting Osama’s case and will continue to work with partners including ALQST to advocate for his release. Osama Khalid, like so many human rights defenders, journalists, and internet users detained by the Saudi government, deserves to be free.

  •  

A Hackers Guide to Circumventing Internet Shutdowns 

Internet shutdowns are devastating for human rights. When people are disconnected from the internet and digital services, it impacts all aspects of their life—from accessing essential information, to seeking medical care, or communicating with loved ones, both in that country and externally. But on January 8th, 2026, the government of Iran shut down internet communications for the entire country as a rebellion threatened to topple the authoritarian government. The government then proceeded to execute as many as 656 dissidents over the next 3 months, though the actual number could be much higher. Which is part of the point: shutdowns often precede government acts of violence. 

Iran’s shutdown was hardly an isolated incident. Earlier this month, the U.S. military invaded Venezuela and kidnapped the Venezuelan president shortly after US cyber forces shut down all internet access and power grids for the capital city of Caracas. India routinely shuts off internet access in the Kashmir region, and Syria shut down internet communications as many as 73 times, most recently in 2025. Even the UK recently had a localized temporary internet shutdown. At the time of this writing there are 14 ongoing internet shutdowns worldwide.  

Government shutdowns aren’t the only reason an entire region or country might lose internet access. Hurricanes, earthquakes, and wildfires can take out internet connections in many regions of the world, and will only increase as climate change ramps up. They can completely disable the communications infrastructure relied upon by victims, their families, first responders, and disaster relief efforts. Having an alternate way to communicate in such times can save lives.  


One way to limit the impact of such shutdowns is to prepare in advance by setting up systems and structure for circumvention and resiliency. 

To keep people connected during internet shutdowns and blackouts, communication networks must be operational before and after the disaster or shutdown. To be effective, they must be widespread so that people can get access to them reliably, and they must be usable by a majority of the community. And any viable solution must be accessible and sustainable on a community level, not just to people with vast financial resources or technical knowledge. You shouldn’t have to be a tech wizard to be able to communicate with your neighbors!

Radios

There are many ways for a community to build their own disaster resilient communications. Radios, for example, are cheap, decentralized, and resilient. Many people with moderate technical skill have set up Meshtastic repeaters. Meshtastic is a way to use a common unlicensed radio spectrum and a technology called LoRA to have peer-to-peer decentralized communications with people in your neighborhood or city. When you buy a Meshtastic device (cheap ones cost around $20) you can link it to your phone and send text messages to people in your area without ever touching the telephone network or the internet. Messages are delivered directly from person to person over public radio waves.

There is also amateur radio, also known as ham radio, which has been used in disaster communications for decades. Ham radio requires a license, but allows you to communicate farther than Meshtastic, using repeaters or even bouncing signals off the stratosphere to talk to people on the other side of the planet or even on the International Space Station. It is even possible to access the internet over ham radio. 

Peer-to-peer messaging apps 

Another option for internet communication during a shutdown is peer-to-peer messaging apps. One such project,called Briar, uses the Bluetooth functionality on phones to route messages from device to device until they reach their destination, even in instances where there is no internet. However, Briar faces the same problems many mesh projects do: almost nobody has the app installed and it’s difficult to use. If a mesh chat app isn’t already widely installed before an internet shutdown, it’s going to be even harder to get people to install it en masse once the shutdown starts. 

A similar effort called bitchat has recently gained some attention. Bitchat is a peer-to-peer chat system that routes over Nostr, Tor, and Bluetooth. It is unfortunately tainted in many people’s eyes by being a project by former Twitter CEO Jack Dorsey, but it is open source and runs on both Android and iOS. It was used with some success in Iran during the latest internet shutdown

Another option is Delta Chat, which uses PGP for encryption and email for routing, while still being much simpler to use than either technology. Delta Chat is highly regarded in Iran for its ability to route a message through even the tiniest sliver of email access.

Satellite internet 

Satellite internet is an internet connection that uses a connection to a satellite dish to reach the internet, such as Starlink. Since there are no wires and no physical connection to infrastructure, satellite internet is harder to shut down. Satellite internet has therefore been used in many cases to circumvent internet shutdowns, with people sharing bandwidth with their neighbors. Satellites are harder for governments to shut down unilaterally.  Unfortunately when the satellites are owned by tech oligarchs, such as Starlink (owned by Elon Musk), or by allied governments, the owners of those satellites may willingly shut down the network anyway. 

Dreaming of a better future

Ultimately an app that is already widely being used would be the best option for shutdown resistant communication. Imagine if WhatsApp or Signal could fall back to mesh networking over bluetooth or wifi. Even better, imagine if our phones all had LoRA built in so we could have more effective mesh networks! What if our phones all had a connection to a satellite constellation run by an international coalition of hackers? We can dream of a better world and we can build it. 

We can’t rely on tech oligarchs to save us, especially when these same companies and governments are the ones to sever our access to the internet and telecommunications. This is why it's important to set up communication mechanisms before a disaster happens. 

As hackers, it's important for us to build these tools and infrastructure of decentralized communication, to help people learn how to use them, and to set up networks before disaster strikes. Get together with others in your city and start setting up resilient off-grid networks and building community now. 

Before you download or use any of the tools mentioned in this guide check with a lawyer in your jurisdiction or country and make sure you understand what legal risks you might be taking on. 

A previous version of this article appeared in the Spring 2026 issue of 2600 magazine

  •  

EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community

When governments shut down spaces for dialogue, dissent, and collective organizing, the damage extends far beyond a single event. The abrupt cancellation of RightsCon 2026—the world’s largest annual global digital rights conference—is not just a logistical disruption for thousands of researchers, journalists, technologists, and activists—it is part of a growing global pattern of shrinking civic space and increasing hostility toward free expression and independent civil society.

Just days before the conference was set to begin and as participants had begun to arrive in Lusaka, organizers announced that RightsCon would no longer proceed in Zambia or online after mounting political pressure and demands that would have excluded vulnerable communities and constrained discussion. The U.N.’s World Press Freedom Day, which was set to take place just prior to the conference, was scaled down in light of the events, and its press freedom prize ceremony postponed to a later date.

RightsCon has long served as one of the few truly global convenings where civil society groups, grassroots organizers, technologists, and policymakers can meet on equal footing to confront some of the most urgent human rights challenges of the digital age—from censorship and surveillance to internet shutdowns, platform accountability, and the safety of marginalized communities online. EFF has had a presence at RightsCon since its inception in 2011, and had planned to meet with and learn from international partners and present our work during several sessions in Lusaka.

The cancellation is especially devastating because of what RightsCon represents. For many advocates—particularly those from the global majority—it is not merely another conference. It is a rare opportunity to build solidarity across borders, form lasting partnerships, learn from other regions’ experiences, secure funding and support for local work, and ensure that the people most impacted by digital repression have a seat at the table. Holding the event in southern Africa carried particular significance, promising to elevate regional voices and strengthen local digital rights networks.

What happened in Zambia sends a chilling message. According to organizers and multiple reports, the pressure surrounding the event included Chinese government demands to exclude Taiwanese participants and moderate discussions around politically sensitive topics. At a moment when governments around the world are increasingly restricting protest, targeting journalists, cutting funds for human rights work, banning young people from online communities, censoring speech, and criminalizing civil society activity, the cancellation of RightsCon reflects the broader erosion of democratic space online and offline.

Organizations from the digital rights community have spoken out forcefully against the government’s cancellation of the conference, making clear that these attacks on civic participation will not pass unnoticed. Access Now described the decision as evidence of “the far reach of transnational repression targeting civil society.” Index on Censorship’s response warned that the move represents a dangerous escalation in attempts to suppress open dialogue, while IFEX rightly described the cancellation as a blow not just to one conference, but to freedom of expression and assembly everywhere.

We are also heartened to see statements from members of the international community—including Tabani Moyo, who spoke about the impact on the southern African community, and Taiwanese participant Shin Yang, who emphasized the importance of preserving spaces where marginalized communities can safely organize and speak—underscoring that attempts to silence civil society only reinforce the importance of defending open, global spaces for organizing and debate.

Even as this cancellation represents a serious setback, it is important to remember that the digital rights community has always adapted under pressure. Around the world, advocates continue to organize in increasingly difficult environments, finding new ways to connect, collaborate, and resist censorship and repression. Upcoming events like the Global Gathering and FIFAfrica—both of which EFF plans to attend—will bring together members of the community to tackle tough issues. And in the meantime, groups from all over the world are working together to incorporate global perspectives into platform regulations, oppose age verification laws, protect against surveillance, and fight internet shutdowns, among many other efforts.

RightsCon itself emerged from a recognition that defending human rights in the digital age requires international solidarity—and that need has not disappeared.

The conversations that were supposed to happen in Lusaka will continue elsewhere: in community spaces, online gatherings, encrypted chats, and future convenings yet to come. Governments may close venues, restrict participation, or attempt to narrow the boundaries of acceptable speech, but they cannot erase the global movement working to defend a free and open internet.

RightsCon will not go on in Zambia, but we remain heartened and inspired by the strength of the global digital rights community, stand with them in solidarity, and look forward to seeing our allies at the next RightsCon and other upcoming events.

  •  

EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm

EFF joins 18 organizations in writing a letter to UK policymakers urging them to address the root causes of online harm—rather than undermining the open web through blunt restrictions.

The coalition, which includes Mozilla, Tor Project, and Open Rights Group, warns that proposed measures following the passage of the Children’s Wellbeing and Schools Bill risk fundamentally reshaping the internet in harmful ways. Chief among these proposals are sweeping age-gating requirements and access restrictions that would apply not only to young people, but effectively to all users.

While framed as efforts to protect children online, these policies rely heavily on age assurance technologies that are either inaccurate, privacy-invasive, or both. As the letter notes, mandating such systems across a wide range of services—from social media and video games to VPNs and even basic websites—would force users to verify their identity simply to access the web. This creates serious risks, including expanded surveillance, data breaches, and the erosion of anonymity.

Beyond privacy concerns, the signatories argue that these measures threaten the core architecture of the open internet. Age-gating at scale could fragment the web into a patchwork of restricted jurisdictions, limit access to information, and entrench the dominance of powerful gatekeepers like app stores and platform ecosystems. In doing so, policymakers risk weakening the very qualities—interoperability, accessibility, and openness—that have made the internet a global public resource.

The letter also emphasizes what’s missing from the current policy approach: meaningful efforts to address the underlying drivers of online harm. Many digital platforms are designed to maximize engagement and profit through pervasive data collection and targeted advertising, often at the expense of user safety and autonomy. Rather than imposing access bans, the coalition calls on UK policymakers to hold companies accountable for these systemic practices and to prioritize user rights by design.

Importantly, the signatories highlight that the internet remains a vital space for young people: offering access to information, support networks, and opportunities for expression that may not exist offline. Policies that restrict access risk cutting off these lifelines without meaningfully reducing harm.

The message is clear: protecting users online requires more than heavy-handed restrictions. It demands thoughtful, rights-respecting policies that tackle the business models and design choices driving harm, while preserving the open, global nature of the web.

  •  

Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act

Digital Fairness in the EU

The next few years will be decisive for EU digital policymaking. With major laws like the Digital Services Act, the Digital Markets Act, and the AI Act now in place, the EU is entering an enforcement era that will show whether these rules are rights-respecting or drift toward overreach and corporate control. With the proposed EU’s Digital Fairness Act (DFA), the Commission is now turning to increasingly visible risks for users, such as dark patterns and exploitative personalization. Its “Digital Fairness Fitness Check” makes clear that existing consumer rules need updating to reflect how digital markets operate today.

But not all proposed solutions point in the right direction. Regulators are already flirting with measures that rely on expanded surveillance, such as age verification mandates—surface-level fixes that risk undermining fundamental rights while offering little more than a false sense of protection.

For EFF, digital fairness means addressing the root causes of harm, not requiring platforms to exert more control over their users. It means safeguarding privacy, freedom of expression, and the rights of users and developers.

If the DFA is to make a real difference, it must tackle structural imbalances. Lawmakers should focus on two interlocking principles. First, prioritize privacy. Reforms should address harms driven by surveillance-based business models, alongside deceptive design practices that impair informed choices. Second, strengthen user sovereignty, which is also a necessary precondition for European digital sovereignty more broadly. Strengthening user sovereignty means taking measures that address user lock-in, coercive contract terms, and manipulative defaults that limit users’ ability to freely choose how they use digital products and services.

Together, these principles would support the EU’s objectives of consistent consumer protection, fair markets, and a more coherent legal framework. If implemented properly, the EU could address power imbalances and build trust in Europe’s digital economy.

Ban Dark Patterns

Dark patterns are practices that impair users’ ability to make informed and autonomous decisions. Many companies deploy these tactics through interface design to steer choices and influence behavior. Their impact goes beyond poor consumer decisions. Dark patterns push users to share personal data they would not otherwise disclose and undermine autonomy by making alternatives harder to access.

The DFA should address this by clearly prohibiting misleading interfaces that distort user choice in commercial contexts. While the Digital Services Act introduced a definition, it only partially bans such practices and leaves gaps across existing consumer law rules. The DFA should close these gaps by, at the very least, introducing explicit prohibitions and clearer enforcement rules, without resorting to design mandates.

Tackle Commercial Surveillance

At the core of digital unfairness lies the pervasive collection and use of personal data. Surveillance and profiling drive many of the harms regulators are trying to address, from dark patterns to exploitative personalization. The DFA should tackle these incentives directly by reducing reliance on surveillance-based business models. These practices are fundamentally incompatible with privacy and fairness, and they distort digital markets by rewarding data exploitation rather than quality of service. At a minimum, the DFA should address unfair profiling and surveillance advertising by strengthening privacy rights and banning pay-for-privacy schemes. Users should not have to trade their data or pay extra to avoid being tracked. Accordingly, the DFA should support the recognition of automated privacy signals by web browsers and mobile operating systems, which give users a better way to reject tracking and exercise their rights. Practices that override such signals through banners or interface design should be considered unfair.

Addressing surveillance and profiling also protects children, since many online harms are tied to the collection and exploitation of their data. Systems that serve ads or curate content often rely on intrusive profiling practices, raising concerns about privacy and fairness, particularly when applied to minors. Rather than turning to invasive age verification, the focus should be on limiting data use by default.

Strengthen User Sovereignty

There is a major gap in how EU law addresses user autonomy in digital markets: many digital products and services still restrict what people can do with what they pay for through opaque or one-sided licensing terms, technical protection measures, and remote controls. These mechanisms increasingly limit lawful use, modification, or access after purchase, allowing providers to revoke access, disable functionalities, or degrade performance over time. In practice, this turns ownership into a conditional rental.

Consumers must be able to use and resell digital goods without hidden limitations and with clear licensing terms. Too often, technical and contractual lock-ins, including remote lockouts and unilateral restrictions on functionality, erode that control. Recent legal reforms show that progress is possible. Rules such as those under the Digital Markets Act have begun to curb technical and contractual barriers and promote user choice. However, many restrictions persist.

The DFA must address these practices by targeting unfair post-sale restrictions and strengthening users’ ability to control and switch services. This means setting clear limits on unfair terms and misleading practices, alongside robust transparency on how digital services function over time. It should also strengthen interoperability and support user control, allowing people to access third-party applications and to let trusted applications act on their behalf, reducing lock-in and expanding meaningful choice in how users interact with digital services.

  •  

Digital Hopes, Real Power: From Connection to Collective Action

This is the fifth and final installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. You can read the rest of the series here.

If the Arab Spring was defined by optimism about what the internet could do, the years since have been marked by a more sober understanding of what it takes to defend it. 

Back in 2011, the term “digital rights” was still fairly new. While in the decades prior, open source and hacker communities—as well as a handful of organizations including EFF—had advocated for digital freedoms, it was through the merging of disparate communities from around the world in the 2000s that digital rights came to be more clearly understood as an extension of fundamental human rights.

In 2011, we observed that there were only a few organizations focused on digital rights in the region. Groups like Nawaat, which emerged from the Tunisian diaspora under the Ben Ali regime; the Arab Digital Expression Foundation, formed to promote the creative use of technology; and SMEX, which was initially created to teach journalists and others about social media but has grown to become a powerful force in the region, led the way. Since that time, dozens of organizations have emerged throughout the region to promote freedom of expression, innovation, privacy, and digital security.

Understanding how the digital rights movement evolved in the Middle East and North Africa requires a closer look at the communities that shaped it, and the organizations that are carrying on the fight today. Perspectives from people and organizations that were key to these efforts offer critical insight into how the movement has grown and what challenges lie ahead.

Reem Almasri, a senior researcher and digital sovereignty consultant, says that:

‘Digital rights’ emerged as a term around the Arab Spring, when the internet was still a fairly unregulated space, we were still trying to figure out the tech companies’ policies, and force governments to look at the internet as a fundamental right like water and electricity.

But then the need to converge digital rights to everyday rights—economic, political, social rights—and to connect it to geopolitics has started to be thought about, and to be in discussion as well. And to not look at digital rights as a separate field from everything else that’s affecting it, from the geopolitical context.

Mohamad Najem, who co-founded SMEX in 2008 and has led it to become the largest organization in the region, told me that, at the time, “Nobody gave [social media] a lot of attention in our region.” Their work was “a positive approach to social media, how we can democratize sharing information, how we can share more from civil society, change people’s minds, et cetera.”

“After that phase,” he continues, “we can think about 2012-2013—after the Arab Spring, as an organization we started looking at the infrastructure of the internet, and how freedom of expression and privacy are affected. That’s when we started looking more at what we call digital rights.”

Towards Tech Accountability

In the aftermath of the Arab Spring, social media companies moved from a largely hands-off approach to governance toward more formalized—and often opaque—content moderation systems. Platforms expanded their trust and safety teams and began working more closely with civil society through trusted partnerships in the region and globally. But, Mohamad Najem says:

After the expansion of tech accountability itself and the adaptation of tech companies, we’ve noticed that it’s not taking us anywhere. Gradually we’ve come to a new phase where it feels like tech accountability is an economy by itself that is not leading to real results. So the next phase for us at least and maybe for others in global majority communities is how we can focus on digital public good, how we can push more governments, private and public institutions to adopt more open source software, to look at the ecosystem and understand the US threats happening now, et cetera.

Another group that has played a key role in the fight for digital rights and tech accountability in the region is 7amleh, a Palestinian organization that was founded in 2013. At the time, says Jalal Abukhater:

[I]t was unique and interesting in Palestinian society to have a human rights organization dedicated fully to the topic of digital rights, you know, human rights in a digital format. However, with the years, we saw various milestones, we saw progress of policy decisions and movements through the Israeli government to influence content moderation in Big Tech companies. We saw problems there as an organization.

7amleh took a leading stance in fighting to preserve the digital rights of Palestinians during a period where there was a very strong influence through the Israeli government. There was actually quite important reporting coming through 7amleh on the situation of online content moderation at a time when it wasn’t really a topic being discussed but it was very clearly a situation where there was major influence by government and political suppression happening as a result.

An Ever-Expanding Ecosystem

While in the early days, the digital rights movement attracted specialists, today, people from other fields have recognized how digital rights intersect with their work, and the digital rights community has embraced them.

Almasri says:

Because the digital rights movement has been decentralizing and has stopped being a speciality, it stopped being an exclusive thing for digital rights specialists, since of course the internet not only in the Arab region but all over the world has become a fundamental infrastructure for running any kind of sensitive operations, or operations in general…all types of organizations, and companies, and initiatives are thinking about their digital security, about how internet laws are affecting the use of the internet, or putting them at risk, and how surveillance technologies are affecting their operations.

Abukhater credits the collaborative work that emerged within the region over the years in building the movement’s strength:

[Today], civil society and digital civil society have many forums, many coalitions and networks, but it’s always important to remember that this is work that builds over many years of experience, and relationships, and networks—that it’s different parties coming to support each other at different phases to ensure that this kind of work succeeds and that this ecosystem is sustained globally with support from partner organizations which were very crucial in ensuring that this ecosystem is sustained, especially in Palestine.

Growing Collaborations

Conferences like Bread and Net, first held in Beirut in 2018, and the Palestine Digital Activism Forum (PDAF), first held in Ramallah in 2017, bring activists, academics, journalists, and other practitioners together to network and learn about each other’s work. The pandemic, conflict, and other barriers haven’t stopped either conference from carrying on: PDAF has become an annual virtual event that draws big-name speakers, while Bread & Net has spaced out its meetings but continues to draw bigger crowds each time. 

Almasri credits these meetings with expanding the movement beyond the traditional techies and activists who first got involved. “You see a wide spectrum of different fields. You see artists, archivists, journalists joining these conversations, which is definitely on the brighter side of things when it comes to this field, or this scene.”

She also credits the emergence of alliances such as the Middle East Alliance for Digital Rights (MADR, of which EFF is a member), founded in 2020 by individuals and organizations who had been working together for many years to formalize those collaborations.

“Other than the collaborations at the advocacy level, [MADR] creates a sort of pressure point on Big Tech, on content moderation policies, allows for certain coordination at the level of the UN, et cetera, which I see as really positive because it brings some of the redundant efforts together and helps decide on priorities.”

Looking Forward

In thinking about the future of the movement, Almasri and Najem agree that digital rights are no longer a niche. In Najem’s words, “It’s about everything else…it’s about everything.” 

Almasri adds:

[W]hen it comes to priorities, things that this scene has been working on, I feel that October 7 [2023] was a big turning point in the way that digital rights activists, researchers, and academics—this field—is looking at digital rights in general. Of course, there is the major question of the need to revise tactics to fight Israel’s tech-enabled genocide that is also empowered by the global economy, big tech, and governments of the world?  What alliances should we start building on a regional and global level?

She sees ‘digital sovereignty,’ the ability of people and communities to choose, control, and use technology that serves their needs and values, as one of the next big topics for the movement to tackle, as debates over who owns and hosts our data have sharpened amid revelations that U.S. companies have played a role in regional conflicts.

There have been pockets of debates on how to achieve digital sovereignty, especially from human rights organizations documenting war crimes … There’s an awareness of how the dependence on US-based providers, cloud storage, even hosting infrastructure is a risk, especially after how using these services has been weaponized against the digital existence of certain organizations in the region that have been deplatformed or had their content removed on platforms like Meta and YouTube because their content doesn’t align with the foreign policy of the United States…so it raises a big question about how we look at digital independence, what is the spectrum of independence that civil society in the region can achieve, and in relation to what’s available as well.

Almasri also points to the role of researchers in the region:

There has been a lot more research on the political economy of surveillance technologies, so not only looking at how governments are using them, but their supply chain, who’s investing in these technologies, and how geopolitical networks empowered their proliferation in the hands of governments.

This is where studies looking at the political economy of AI and the military become important, trying to understand how this field of weapons, the military, and AI grew together as part of this global capitalist system rather than looking at these technologies in silos, that is. Looking at the proliferation of these technologies from a geopolitical point of view, looking at the bigger ecosystem rather than zooming in to the specifics of it. I think this has been a big development in the way that we look at digital rights, and the way that digital rights have been converged and integrated into the geopolitical scene.

As the global digital rights community continues to expand, it’s clear that the questions at its core are no longer just about access or expression, but about power—who holds it, how it is exercised, and who is left out of its protections. What began as a fight to keep the internet open has become a broader effort to reimagine it—an effort that is grappling with questions of infrastructure, ownership, and the global inequalities embedded in both.

And yet, despite the scale of these challenges, the movement’s strength lies in the solidarity, the ecosystems, and the networks it has spent more than a decade building. From the early days of the blogging and techie communities to the increasingly powerful digital rights community, advocates in the region have gone up against dictators, endured war and repression, yet remain determined to push forward.

  •  

EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin

EFF calls on the Kuwaiti government to immediately release journalist Ahmed Shihab-Eldin. An award-winning journalist and television host who worked for Al Jazeera for many years, Shihab-Eldin—a dual American-Kuwaiti citizen—was arrested in Kuwait on March 3 while visiting family. The Committee to Protect Journalists (CPJ) reported yesterday that it is believed he has been charged with spreading false information, harming national security, and misusing his mobile phone.

According to the Guardian, Shihab-Eldin published footage of a U.S. Air Force F-15 E Strike Eagle crash, and posted to his Substack about the incident, noting that video circulating online showed local residents assisting the crash survivors. 

Kuwait is one of several countries that has recently cracked down on reporting amidst the ongoing war. Kuwait’s Ministry of Interior posted on X on March 3—the same day Shihab-Eldin was arrested—warning people in the country “not to photograph or publish any clips or information related to missiles or relevant locations.” Earlier this month, the UN Office of the High Commissioner for Human Rights (OHCHR) highlighted a new decree in Kuwait banning the circulation of reports that seek to “undermine the prestige of the military” or erode public trust in it. 

As reported by local media, the decree states that “those who intentionally publish statements or news or circulate false reports and rumors about military authorities resulting in weakening the trust in them and their morale, in addition to undermining their prestige, are punishable by three to 10 years in jail and a fine between KD 5,000 and 10,000.” The decree also imposes a penalty ranging from seven years to life imprisonment for “authorized people who cause financial loss or damage to the military authorities while carrying out a transaction, operation, project or case or obtaining any profit from such deals.”

In contrast to neighboring Gulf states, Kuwait has historically allowed the press to operate with relative freedom, and even introduced a law in 2020 protecting the right to access information. In practice, however, the government exercises considerable control over the media. Furthermore, there are several laws, including cybercrime legislation introduced in 2016, that restrict freedom of expression.

EFF is deeply concerned that Ahmed has not been seen nor heard from in nearly six weeks. We call on the government of Kuwait to immediately release Ahmed Shihab-Eldin. 






  •  

Digital Hopes, Real Power: The Rise of Network Shutdowns

This is the fourth installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. You can read the rest of the series here.

Iran’s internet has been intermittently disrupted for months. After years of bombardment, Gaza’s telecommunications infrastructure remains fragile. In India, recurring shutdowns and throttling have become a routine response to protests and unrest, cutting millions off from news, work, and basic services. Across dozens of other countries, governments increasingly treat connectivity itself as something that can be weaponized—cut, slowed, or selectively restored to shape what people can see, say, and share. In 2024 alone, authorities imposed 304 internet shutdowns across 54 countries—the highest number ever recorded.

In 2011, when protesters in Tunisia, Egypt, and beyond used social media to broadcast their uprisings to the world, many observers heralded a new era of networked freedom. Governments, however, responded quickly by developing and refining systems of control that have only grown more sophisticated over time. Today’s landscape of regulation, blackouts, and degraded networks reflects that trajectory, as early experiments in censorship and disruption have hardened into a durable system of control—what began as an emergency measure has become a normalized infrastructure of control.

A Brief History of Internet Shutdowns

Egypt’s 2011 internet shutdown wasn’t the first. Although the government’s heavy-handed response after just two days of protests caught the world’s attention, Guinea, Nepal, Myanmar, and a handful of other countries had previously enacted shutdowns. But Egypt marked a turning point. In the years that followed, shutdowns increased sharply worldwide, suggesting that governments had taken note—adopting network disruptions as a tactic for suppressing dissent and limiting the flow of information within and beyond their borders.

On January 28, 2011, at 12:34 a.m. local time, five of Egypt’s internet service providers (ISPs) shut down their networks. At least one provider—Noor, which also hosted the Egyptian stock exchange—remained online, leaving only about 7% of the country connected. 

In the aftermath of President Hosni Mubarak’s resignation, rights groups sought to understand how such a sweeping shutdown had been possible—and how future incidents might be prevented. There was no centralized “kill switch.” Instead, authorities leveraged the country’s highly consolidated telecommunications sector, which all operate by government license. With only a handful of ISPs, a small number of directives was enough to bring most of the network offline.

In the years following Egypt’s 2011 shutdown, telecommunications companies—many of which had been directly implicated in enabling state-ordered disruptions—began to organize around a shared set of human rights challenges. Beginning that same year, a group of operators and vendors quietly convened to examine how the UN Guiding Principles on Business and Human Rights applied to their sector, particularly in contexts where government demands could translate into sweeping restrictions on access. By 2013, this effort had formalized into the Telecommunications Industry Dialogue, bringing together major global firms to develop common principles on freedom of expression and privacy and, through a partnership with the Global Network Initiative, engage more directly with civil society. The initiative reflected a growing recognition that telecom companies—unlike platforms—operate at a critical chokepoint in the network. But it also underscored the limits of voluntary approaches: while the Dialogue helped establish shared norms, it did little to constrain the legal and political pressures that continue to drive shutdowns—or to prevent companies from complying with them.

From Emergency Measure to Legal Authority

If the early aughts were defined by improvised shutdowns, the years since have seen governments formalize their power to control networks. What was once exceptional is now often embedded in law.

In India, the 2017 Temporary Suspension of Telecom Services Rules—issued under the Telegraph Act—provided a clear legal pathway for cutting connectivity. The Telecommunications Act, 2023, further entrenched the government’s ability to enact shutdowns, granting the central and state governments, or “authorised officers” the power to suspend telecommunications services in the interest of public safety or sovereignty, or during emergencies. The government has used these measures repeatedly, particularly in Jammu and Kashmir. India’s Software Freedom Law Centre’s Shutdown Tracker shows India as instigating more than 900 shutdowns, 447 of which were in Jammu and Kashmir.

In Kazakhstan, shutdowns have also become common. Over the years, the government has passed legislation that allows state agencies to shut down the internet. The 2012 law on national security enabled the government to disrupt communications channels during anti-terrorist operations and to contain riots. In 2014 and 2016, laws were further amended to expand the number of actors able to shut down the internet without a court decision, and a government decree in 2018 enabled shutdowns in the event of a “social emergency.” 

Elsewhere, governments have built or expanded legal and technical frameworks that enable similar control over information flows. Ethiopia’s state-dominated telecom sector has facilitated sweeping shutdowns during periods of conflict, including the war in Tigray, where the internet was disconnected for more than two years. In Iran, authorities have developed regulatory and infrastructural capacity to isolate domestic networks from the global internet, allowing them to restrict external visibility while maintaining limited internal connectivity. This year alone, Iranians have spent one third of the year offline. And amidst the ongoing war, Iranian officials have made it clear that the internet is a privilege for those who toe the government’s official line.

Even where laws do not explicitly authorize shutdowns, broadly worded provisions around national security or public order are routinely used to justify them. The result is a growing legal architecture that treats network disruptions not as extraordinary measures, but as standard tools for managing populations.

When that authority is exercised over a population beyond a state’s own citizens, the consequences can be even more severe. Israel’s Ministry of Communications controls the flow of communications in and out of Palestine and has used that power to shut down internet access during periods of conflict. Over the past two and a half years, Gaza has experienced repeated outages, and experts now estimate that roughly 75% of its telecommunications infrastructure has been damaged—leaving essential services severely disrupted.

Elections and the Expansion of Control

Historically, most blackouts have occurred during moments of intense political tension. But authorities are increasingly using them as a tool to preempt dissent.

In 2024, as more than half the world’s population headed to the polls, shutdowns followed. That year alone, authorities imposed 304 internet shutdowns across 54 countries—the highest number ever recorded, surpassing the previous record set just a year earlier. The geographic spread also widened significantly, with shutdowns affecting more countries than ever before. The Comoros imposed a shutdown for the first time, while other countries, such as Mauritius, instituted broad bans on social media platforms during elections.

At least 24 countries holding elections in 2024 had a prior history of shutdowns, putting billions of people at risk of disruptions during critical democratic moments.

What stands out is not just the scale, but the normalization. Notably, the number of shutdowns in 2025 broke the record set the year prior. Whereas network disruptions were once a rare occurrence, they are now a routine measure, increasingly treated by authorities as a standard response to periods of heightened political sensitivity. 

Civil Society Fights Back

Governments use all sorts of justifications—national security, curbing the spread of disinformation, and even preventing students from cheating on exams—for internet shutdowns. But civil society is watching, and documenting, network disruptions and their impact on citizens.

In 2016, as shutdowns became an increasingly common tool of state control, Access Now launched the #KeepItOn campaign to coordinate global advocacy against network disruptions. The campaign includes a coalition composed of 345 advocacy groups (including EFF), research centers, detection networks, and others who work together to report on, and fight back against, internet shutdowns. Anyone can get involved by signing on to campaign action alerts, sharing their story, or reporting a shutdown in their jurisdiction.

Ending this harmful practice remains the goal. In 2016, the UN passed a landmark resolution supporting human rights online and condemning internet shutdowns, and UN agencies have continued to warn against the practice. But the fight to change government practices remains an uphill battle, leading civil society—and even companies—to get creative. 

During repeated shutdowns in Gaza, grassroots efforts mobilised to distribute eSIMs so Palestinians could stay connected. In 2024, EFF recognized Connecting Humanity, a Cairo-based non-profit providing eSIM access in Gaza, with its annual award for its vital work. Satellite internet such as Starlink has been supplied to people in Ukraine and Iran, though it, too, is not immune to state control. Alongside these efforts, civil society continues to share practical guidance on circumventing shutdowns and maintaining access to information.

EFF’s mission is to ensure that technology supports freedom, justice, and innovation for all people of the world—and we’ll continue to fight back against internet shutdowns wherever they occur.

This is the fourth installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. Read the rest of the series here.

  •  

War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again

War does not only reshape borders. It also reshapes what can be seen, said, and remembered. 

When governments invoke “misinformation” during wartime, they often mean something simpler: speech they do not control. Since the escalation of conflict between the United States, Israel, Iran, and related spillover attacks in the Gulf, several governments have intensified efforts to silence dissent and restrict the flow of information.

Journalism under pressure

For journalists, the space to operate—already constrained in much of the Gulf—is narrowing further. Across the region, several countries (including the UAE, Qatar, and Jordan) have restricted access to conflict areas, warned of legal consequences for publishing footage, and drawn red lines around wartime reporting. These measures weaken independent coverage, elevate official narratives, and make it harder for the public to get an accurate account of events on the ground.

Reporters Without Borders has documented an intensifying crackdown on journalists across Gulf countries and Jordan, including restrictions on reporting, legal threats, and heightened risks for those who deviate from official narratives. This aligns with the broader warning from the UN that repression of civic space and freedom of expression has significantly deepened across the region during the war.

Criminalizing speech, one post at a time

For ordinary internet users, the restrictions are just as severe. Since February, hundreds of people have reportedly been arrested across the region for social media activity linked to the war. In many Gulf states, the legal infrastructure enabling this is already well-established: expansive cybercrime and media laws criminalize vaguely defined offenses such as “spreading rumors,” “undermining public order,” or “insulting the state”. In wartime, these provisions become catch-all tools: flexible enough to apply to nearly any form of dissent.

In Bahrain, authorities have reportedly cracked down on people who protested or shared footage of the conflict online. The Gulf Centre for Human Rights has reported 168 arrests in the country tied to protests and online expression, with defendants potentially facing serious prison terms if convicted.

In the UAE, authorities have arrested nearly 400 people for recording events related to the conflict and for circulating information they described as misleading or fabricated. Police have claimed this material could stir public anxiety and spread rumors, and state-linked reporting has described the crackdown as part of a broader effort to defend the country from digital misinformation.

Saudi Arabia has also intensified restrictions, issuing a statement on March 2 banning the sharing of rumors or videos of unknown origin, and issuing a campaign discouraging residents from taking or posting photos. The campaign included a hashtag that reads “photography serves the enemy.” Journalists have been prevented from documenting the aftermath of airstrikes on the country. Kuwait, Qatar, and Jordan have adopted similar restrictions on wartime imagery and reporting.

Qatar’s Interior Ministry has arrested more than 300 people for filming, circulating, or publishing what the ministry deemed to be misleading information. Taken together, these measures show how quickly wartime speech is being folded into existing legal systems designed to punish dissent.

The regional playbook

What’s striking is how consistent these measures are across different countries. As we recently wrote, governments across the broader region have enacted sweeping cybercrime and media laws over the past fifteen years, which they are now putting to use. Across different countries, the same tools are being used: existing laws, fresh bans on sharing wartime imagery, and tighter restrictions on journalists and reporting. The vocabulary changes slightly from place to place, but the logic is the same: national security, public order, rumors, and social stability are justifications for control.

This is not just a series of isolated incidents. It is a regional playbook for silencing critics and narrowing the public record. Gulf states have long relied on censorship and surveillance; the war has simply made those methods easier to justify and harder to challenge.

From “digital hopes” to digital control

As we’ve documented in our ongoing blog series, digital platforms were once seen—at least in part—as spaces that could expand public discourse in the region. But as we’ve also argued, those early “digital hopes” have given way to systems of regulation and control. 

The current crackdown is a continuation of that trajectory, not a temporary departure from it. States are not just reacting to the war; they are leveraging it to consolidate long-standing ambitions to dominate the digital public sphere.

It may be tempting to see these measures as temporary, but emergency powers—like the one enacted in Egypt following the 1981 assassination of Anwar Sadat that lasted for more than three decades—have a way of sticking around. Legal precedents that are set during wartime often become normalized—or reinvoked during times of crisis, as occurred in 2015, when France brought back a 1955 law related to the Algerian War of Independence amidst the Paris attacks.

And the stakes are high. As we’ve seen in Syria and Ukraine, regulations and platform policies can cause wartime human rights documentation to disappear. When journalists are constrained and eyewitness footage is criminalized, accountability is weakened. And when arrests become widespread, people learn to self-censor.

Protecting freedom of expression in times of conflict is a requirement for accountability, not a concession to disorder. When people can document, report, and share information freely, it becomes harder for abuses to be hidden behind official narratives. Even in wartime, the public interest is best served by defending the space to tell the truth, not by silencing speech.

  •  

Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom

This is the third installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. You can read the first post here, and the second here.

When people recall the 2011 uprisings across the Middle East and North Africa (MENA), they often picture crowded squares, raised phones, and the feeling that the internet had finally shifted the balance of power toward ordinary people. But the past decade and a half is also a story about how governments, companies, and platforms turned those same tools into the backbone of a powerful state surveillance apparatus.

For activists, journalists, everyday users, that means now living with a constant threat. The phone in your pocket, the platforms you organize on, and the systems you rely on for safety and connection can be weaponized at the flip of a switch. A global surveillance industry has treated repression by many MENA governments as a growth opportunity, and the tactics refined there now shape digital authoritarianism worldwide. This essay traces how that shift unfolded: security agencies upgraded older systems of repression with new surveillance tools and permanent monitoring infrastructure; cybercrime laws and mercenary spyware markets turned digital control into standard operating procedure; and biometrics, facial recognition, and ‘smart city’ projects laid the groundwork for AI‑driven surveillance that now shapes protests, borders, and everyday life far beyond the region. 

Remembering the Arab Spring means seeing the events of 2011 as both a remarkable moment of movement history when people leveraged networked tools in their fight for freedom and the beginning of a long, grinding effort to turn those same tools into mechanisms of state control.

Old‑School Repression, New‑School Tools

Long before Facebook and Twitter, regimes in countries like Egypt and Syria already knew how to crush dissent. They leaned on informant networks, physical surveillance, and wiretaps, backed by emergency laws that let security agencies monitor and detain critics with almost no restraint. Research on the use of surveillance technology in MENA shows that, even before the Arab Spring, states were layering early digital tools like internet monitoring, deep packet inspection, and interception centers on top of that older machinery of control.

At the same time, connectivity was racing ahead. Cheap smartphones and social media suddenly let people share information at scale, coordinate protests, and broadcast abuses in real time. In 2011, EFF described both the excitement around “Facebook revolutions” and the early signs that governments were scrambling to upgrade their capacity to watch and disorganize popular dissent.

After the uprisings, Western critics endlessly debated how much credit to give social media itself. While in the background, security agencies across several MENA states reached a much simpler conclusion: if networked communication can help topple a dictator, then they needed to embed themselves deep inside those networks. Analyses of the rise of digital authoritarianism in MENA show how quickly officials pivoted from being surprised by online organizing to building systems to monitor and pre‑empt it.

In the years after 2011, governments across the region poured money into tools that let them systematically watch what people said and did on major platforms. Foreign vendors set up monitoring centers and interception systems that let security agencies block tens of thousands of sites, scrape and analyze social media at scale, monitor activist pages and online communities, and track activists in real time. They built a new, pre‑emptive model of digital control, one that assumes the state should see as much as possible, as early as possible.

As we noted in 2011, exporting permanent surveillance infrastructure to already‑abusive governments doesn’t “modernize” public safety; it locks in an architecture of control that is primed to abuse dissidents, journalists, and marginalized communities.

Domestic Lawfare and Cyber-Mercenaries

After the uprisings, a number of governments also rewrote the rules that govern online life. Cybercrime laws, “fake news” provisions, and overbroad public‑order and ‘morality’ offences gave prosecutors and security agencies legal cover to act with impunity. Governments in Saudi Arabia, Tunisia, Jordan, and Egypt combined counterterrorism, cybercrime, defamation, and protest laws into a legal thicket designed to make online dissent feel dangerous and costly. Morality laws and cybercrime provisions are used to target queer and trans people based on identity and expression.​

At the United Nations, a new global cybercrime convention now risks baking this logic into international law. The convention was adopted by the UN General Assembly in late 2024, despite serious human rights concerns raised by civil society. Echoing our partners, EFF warned at the time that the UN cybercrime draft convention remained too flawed to adopt and urged states to reject the draft language because it legitimized expansive surveillance powers and criminalized legitimate expression, security research, and everyday digital practices around the world. While on paper, these instruments gesture to “public safety” objectives, in practice they function as pathways for state security agencies to monitor, prosecute, and silence the communities most at risk. For state-targeted communities, that makes being visible online a calculated risk, not a neutral choice.​​

Criminal codes are only half the story; mercenary tech is the other. As governments worldwide looked for ways to outpace their critics, a parallel market emerged to help them infiltrate and take over devices. Companies like NSO Group marketed Pegasus and similar tools as off‑the‑shelf capabilities for governments that wanted to hack a target’s cellphones or other devices to read messages, turn on microphones, and monitor entire social networks while bypassing the courts. 

In 2019, UN Special Rapporteur David Kaye called for a global moratorium on the sale and transfer of private surveillance tools until real, enforceable safeguards exist. Two years later, forensic work by Amnesty and media partners showed how the same spyware used to hack phones of Palestinian human‑rights defenders was used to surveil journalists, activists, lawyers, and political opponents across dozens of countries

Regional groups responded by demanding an end to the sale of surveillance technology to autocratic governments and security agencies, arguing that you cannot keep selling “lawful intercept” tools into systems where law itself is an instrument of repression. Commercial spyware is at the center of digital repression, not at its margins. Surveillance vendors are not neutral suppliers. Safeguards remain weak, fragmented, or nonexistent in most of the countries buying these tools, yet vendors continue seeking new contracts and new militarized “use cases.” Put bluntly, the companies that design, market, and maintain these systems precisely because they enable this kind of control profit from (and help entrench) authoritarian power.

Biometrics, Facial Recognition, and AI‑Powered Surveillance Cities

On top of this rapidly intensifying interception and spyware stack, governments and companies began layering biometrics and face recognition into everyday systems, creating pathways for bulk data collection, automated analysis, and risk profiling. In parts of MENA, national ID schemes, border and migration controls, and centralized biometric databases have been rolled out in environments with weak or captured data‑protection laws, making it easy to link people’s movements, services, and political activity to a single, persistent identifier.​

Humanitarian programs are not exempt from this protocol. In Jordan, Syrian refugees have been required to submit iris scans and biometric data to access cash assistance and food, turning “consent” into a precondition for survival. When access to aid depends on enrollment in centralized biometric systems, any breach, misuse, or repurposing of that data can have severe, life‑altering consequences for people who have no realistic way to opt out. Investigations into surveillance‑tech firms complicit in abuses in MENA show that vendors profit from supplying biometric and surveillance tools for migration management and internal security, even when those tools are used in discriminatory or abusive ways.​

Like elsewhere, mass surveillance technologies in MENA were first piloted on people who were already criminalized or made vulnerable by poverty. But their use quickly expanded from narrow, security‑framed deployments to routine use in city streets. As hardware sensors, cameras, and data storage got cheaper, “smart city” surveillance systems promised seamless security and services, and it became easier and less politically contentious to keep these systems running everywhere, all the time.​

Unlike targeted hacking tools, these broad, city‑wide surveillance infrastructures erase any practical line between people under investigation and the broad public, normalizing bulk, indiscriminate monitoring of public space and everyday movement. In the Gulf, facial recognition and dense sensor networks are increasingly built into high‑profile “smart city” and mega‑project plans that lean heavily on biometric and AI‑driven monitoring. These are security‑first development projects where biometric and sensor infrastructures are designed from the outset to embed policing, migration control, and commercial tracking into the urban fabric. In this vision of the Gulf’s “smart city” future—often sold as seamless services and digital opportunity—“smart” is the branding, and pervasive monitoring is the operating principle.​​

EFF has consistently opposed government use of face recognition and biometric surveillance, in some instances calling for outright bans. In contexts that treat peaceful dissent as a security threat, embedding biometric surveillance into everyday infrastructure locks in a balance of power that favors militarized policing and state control. That infrastructure is now the starting point for a new set of risks. Surveillance systems built over the last decade are being repackaged as the foundation for a new generation of “AI‑enabled” defense and security products. 

Companies that once focused on video management or perimeter security now advertise “defense applications” for AI‑driven situational awareness and threat detection, using computer‑vision models to scan camera feeds, compare against existing watchlists, and flag “suspicious” people or behaviors in real time. Drone and sensor platforms are being upgraded with embedded AI that tracks and classifies targets autonomously and with “drone‑based AI threat detection and intelligent situational awareness,” turning aerial surveillance into a continuous data feed for security agencies and militaries. In smart‑city and defense expos from the Gulf to Europe and North America, similar systems are marketed as neutral efficiency upgrades or tools to “protect critical infrastructure,” even where they are explicitly designed to scale up border enforcement, protest surveillance, and internal security operations.

As these systems are folded into AI‑driven defense products, the line between “civilian” infrastructure and militarized surveillance disappears, turning streets, borders, and aid sites into continuous input for security operations. That is the landscape that human rights and accountability efforts now have to confront.

Templates of Control, Networks of Resistance

The patterns established in heavily securitized MENA states after the Arab Spring now shape how states monitor and crush more recent uprisings, from Iran’s use of location data and facial recognition to track down protesters to long‑running crackdowns elsewhere in the region. This model of “digital authoritarianism” built on spyware, data‑hungry ID systems, platform control, and emergency‑style security laws has emerged everywhere from Latin America to Eastern Europe to here in the United States. As the new UN Cybercrime Convention moves toward implementation, its broad offences and surveillance powers risk turning this ad hoc toolkit into a formal template for cross‑border data‑sharing, repression, and an all‑purpose global surveillance instrument.

For people on the ground, none of this is theoretical. Human‑rights defenders, journalists, and ordinary users across the region face arrest, long prison sentences, and exile based on their digital traces. In that context, commercial spyware is not a marginal issue but part of the core machinery of repression. Pegasus has been used to hack journalists’ phones through zero‑click exploits and compromise human‑rights defenders and watchdog organizations themselves, including staff at Amnesty’s Pegasus Project partners and Human Rights Watch. These deployments give practical effect to the “cybercrime” and “terrorism” frameworks described earlier: person‑by‑person campaigns against particular communities, contacts, and networks, rather than “neutral,” generalized security measures.

Under these conditions, everyday security becomes a second job. People describe carrying multiple phones, keeping one for relatively “clean” uses and others for riskier conversations, splitting identities across platforms, using coded language, and moving their organizing off mainstream services when possible. Pushing this burden onto users is a political choice: states, platforms, and vendors could build systems that are safe by design; instead, they externalize risk to the people they watch and punish.

Even against that backdrop, civil society organizations have refused to capitulate to security agencies and vendors. Regional coalitions have demanded strict export controls and outright bans on selling intrusive surveillance tech to autocratic governments. Advocates have also pushed companies to do more than box‑ticking “due diligence.” Work with surveillance‑tech firms in the context of migration and border control has repeatedly shown that most are still far from serious human‑rights assessments, let alone willing to turn down these lucrative contracts.

Many of the same governments that have been critical of others on the issue of human rights have hosted or licensed companies that build these tools, in some cases buying similar capabilities for their own security agencies. European authorities, for instance, have investigated FinFisher’s export of spyware “made in Germany” to Turkey and other non‑EU governments. Meanwhile, the NSO Group has at least 22 Pegasus contracts with security and law‑enforcement agencies in 12 EU countries. This is a transnational industry, not a localized problem.

Against near impossible odds, people continue finding pathways to freedom. The global surveillance sector reinforces the same hierarchies and violence that people have found ways to survive for generations. Queer activists and others at the sharpest edges of this system have had to develop their own forms of resistance, including against biometric and data‑driven targeting. Encryption, circumvention tools, and security training are not silver bullets, but they remain essential for anyone trying to organize, document abuses, or simply exist online with a bit less risk. Resources like EFF’s Surveillance Self‑Defense are one piece of that ecosystem, alongside trainers and groups who have been doing this work on the ground for years.​

Defending the Future of Digital Dissent

The Arab Spring is often remembered through images of packed squares and hopeful tweets. But contending with its aftermath means confronting the surveillance architecture built in its shadow: laws that turn online speech into a crime, spyware and biometric systems that turn phones and faces into tracking beacons, and platform practices that routinely sacrifice the people most at risk. None of that is inevitable, and none of it is confined to one part of the world.

Accountability has to reach both governments and the companies that profit from arming them with these tools. That means pushing for far stronger limits on how surveillance tech is built, sold, and deployed; demanding meaningful transparency when these systems are used; and defending the tools people rely on to communicate and organize safely, including robust encryption and secure channels. It also means taking direction from the people and communities who have been navigating and resisting this landscape for years.

Surveillance itself is transnational: tools, playbooks, and data moves across borders as easily as money. And so we, too, continue our work, documenting abuses, sharing security knowledge, and collectively organizing against these violent systems.

This is the third installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. Read the rest of the series here.

  •  

Google and Amazon: Acknowledged Risks, and Ignored Responsibilities

In late 2024, we urged Google and Amazon to honor their human rights commitments, to be more transparent with the public, and to take meaningful action to address the risks posed by Project Nimbus, their cloud computing contract that includes Israel’s Ministry of Defense and the Israeli Security Agency. Since then, a stream of additional reporting has reinforced that our concerns were well-founded. Yet despite mounting evidence of serious risk, both companies have refused to take action. 

Amazon has completely ignored our original and follow-up letters. Google, meanwhile, has repeatedly promised to respond to our questions. Yet more than a year and a half later, we have seen no meaningful action by either company. Neither approach is acceptable given the human rights commitments these companies have made.

Additionally, Microsoft required a public leak before it felt compelled enough to look into and find that its client, the Israeli government, was indeed misusing its services in ways that violated Microsoft’s public commitments to human rights. This should have given both Google and Amazon an additional reason to take a close look and let the public know what they find, but nothing of the sort materialized. 

In such circumstances, waiting for definitive proof is not responsible risk management, it is willful blindness.

Google: Known Risks, No Meaningful Action

Google’s own internal assessments warned of the risks associated with Project Nimbus even before the contract was signed. Major news outlets have reported that Google provides the Israeli government with advanced cloud and AI services under Project Nimbus, including large-scale data storage, image and video analysis, and AI model development tools. These capabilities are exceptionally powerful, highly adaptable, and well suited for surveillance and military applications.

Despite those warnings, and the multiple reports since then about human rights abuses by the very portions of the Israeli government that uses Google’s and Amazon’s services, the companies continue to operate business as usual. It seems that they have taken the position that they do not need to change course or even publicly explain themselves unless the media or other external organizations present definitive proof that their tools have been used in specific violations of international human rights or humanitarian law. While that conclusive public evidence has not yet emerged for all the companies, the risks are obvious, and they are aware of them. Instead of conducting robust, transparent human rights due diligence, Amazon and Google are continually choosing to look the other way.

Google’s own internal assessments undermine its public posture. According to reporting, Google’s lawyers and policy staff warned that Google Cloud services could be linked to the facilitation of human rights abuses. In the same report, Google employees also raised concerns that the company’s cloud and AI tools could be used for surveillance or other militarized purposes, which seems very likely given the Israeli government’s long-standing reliance on advanced data-driven systems to control and monitor Palestinians.

Google has publicly claimed that Project Nimbus is “not directed at highly sensitive, classified, or military workloads” and is governed by its standard Acceptable Use Policies. Yet reporting has revealed conflicting representations about the contract’s terms, including indications that the Israeli government may be permitted to use any services offered in Google’s cloud catalog for any purpose. Google has declined to publicly resolve these contradictions, and its lack of transparency is problematic. The gap between what Google says publicly and what it knows internally should alarm anyone who hopes to take the company’s human rights commitments seriously.

Google’s and Amazon’s AI Principles Require Proactive Action

Even after being revised last year, Google’s AI Principles continue to commit the company to responsible development and deployment of its technologies, including implementing appropriate human oversight, due diligence, and safeguards to mitigate harmful outcomes and align with widely accepted principles of international law and human rights. While the updated principles no longer explicitly commit Google to avoiding entire categories of harmful use, they still require the company to assess foreseeable risks, employ rigorous monitoring and mitigation measures, and act responsibly throughout the full lifecycle of AI development and deployment.

Amazon has similarly committed to responsible AI practices through its Responsible AI framework for AWS services. The company states that it aims to integrate responsible AI considerations across the full lifecycle of AI design, development and operation, emphasizing safeguards such as fairness, explainability, privacy and security, safety, transparency, and governance. Amazon also says its AI services are designed with mechanisms for monitoring, and risk mitigation to help prevent harmful outputs or misuse and to enable responsible deployment across a range of use cases.

Google and Amazon have the knowledge, the leverage, and the responsibility to act now. Choosing not to is still a choice.

Here, the risks are neither speculative nor remote. They are foreseeable, well-documented, and exacerbated by the context in which Project Nimbus operates, which is an ongoing military campaign marked by widespread civilian harm and credible allegations of grave human rights violations including genocide. In such circumstances, waiting for definitive proof is not responsible risk management, it is willful blindness.

Modern cloud and AI systems are designed to be flexible, customizable, and deployable at scale, often beyond the vendor’s direct visibility. That reality is precisely why human rights due diligence must be proactive. Waiting for a leaked document or whistleblower account demonstrating direct misuse, as occurred in Microsoft’s case, means waiting until harm has already been done.

Microsoft’s Experience Should Have Been Warning Enough

As noted above, the recent revelations about Microsoft’s technologies being misused in violation of Microsoft’s commitments by the Israeli military illustrate the dangers of this wait-and-see approach. Google and Amazon should not need a similar incident to recognize what is at stake. The demonstrated misuse of comparable technologies, combined with Google’s and Amazon’s own knowledge of the risks associated with Project Nimbus, should already be sufficient to trigger action.

The appropriate response is to act responsibly and proactively.

Google and Amazon should immediately:

  • Conduct and publish an independent human rights impact assessment of Project Nimbus.
  • Disclose how they evaluate, monitor, and enforce compliance with their AI Principles in high-risk government contracts, including and especially in Project Nimbus.
  • Commit to suspending or restricting services where there is a credible risk of serious human rights harm, even if definitive proof of misuse has not yet emerged.

Waiting Is a Choice, and Not One That Protects Human Rights

Google and Amazon publicly emphasize their commitment to responsible AI and respect for human rights. Those commitments are meaningless if they apply only once harm is undeniable and irreversible. In conflict settings, especially where secrecy and information asymmetry are the norm, companies must act on credible risk, not perfect evidence.

Google and Amazon have the knowledge, the leverage, and the responsibility to act now. Choosing not to is still a choice, and one that carries real consequences for people whose lives are already at risk.

  •  

EFF’s Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age

Governments around the world are adopting new laws and policies aimed at addressing online harms, including laws intended to curb cybercrime and disinformation, and ostensibly protect user safety. While these efforts are often framed as necessary responses to legitimate concerns, they are increasingly being used in ways that restrict fundamental rights.

In a recent submission to the United Nations Office of the High Commissioner for Human Rights, we highlighted how these evolving regulatory approaches are affecting human rights defenders (HRDs) and the broader digital environment in which they operate.

Threats to Human Rights Defenders

Across multiple regions, cybercrime and national security laws are being applied to prosecute lawful expression, restrict access to information, and expand state surveillance. In some cases, these measures are implemented without adequate judicial oversight or clear safeguards, raising concerns about their compatibility with international human rights standards.

Regulatory developments in one jurisdiction are also influencing approaches elsewhere. The UK’s Online Safety Act, for example, has contributed to the global diffusion of “duty of care” frameworks. In other contexts, similar models have been adopted with fewer protections, including provisions that criminalize broadly defined categories of speech or require user identification, increasing risks for those engaged in the defense of human rights.

At the same time, disruptions to internet access—including shutdowns, throttling, and geo-blocking—continue to affect the ability of HRDs to communicate, document abuses, and access support networks. These measures can have significant implications not only for freedom of expression, but also for personal safety, particularly in situations of conflict or political unrest.

The expanded use of digital surveillance technologies further compounds these risks. Spyware and biometric monitoring systems have been deployed against activists and journalists, in some cases across national borders. These practices result in intimidation, detention, and other forms of retaliation.

The practices of social media platforms can also put human rights defenders—and their speech—at risk. Content moderation systems that rely on broadly defined policies, automated enforcement, and limited transparency can result in the removal or suppression of speech, including documentation of human rights violations. Inconsistent enforcement across languages and regions, as well as insufficient avenues for redress, disproportionately affects HRDs and marginalized communities.

Putting Human Rights First

These trends underscore the importance of ensuring that regulatory and corporate responses to online harms are grounded in human rights principles. This includes adopting clear and narrowly tailored legal frameworks, ensuring independent oversight, and providing effective safeguards for privacy, expression, and association.

It also requires meaningful engagement with civil society. Human rights defenders bring essential expertise on the local and contextual impacts of digital policies, and their participation is critical to developing effective and rights-respecting approaches.

As digital technologies continue to shape civic space, protecting the individuals and communities who rely on them to advance human rights remains an urgent priority.

You can read our full submission here.

  •  

Speaking Freely: Jacob Mchangama

Interviewer: Jillian York

Jacob Mchangama is a Danish lawyer, human-rights advocate, and public commentator. He is the founder and director of Justitia, a Copenhagen-based think tank focusing on human rights, freedom of speech, and the rule of law. His new book with Jeff Kosseff, The Future of Free Speech: Reversing the Global Decline of Democracy's Most Essential Freedom, comes out on April 7th.

Jillian York: Welcome, Jacob. I'm just going to kick off with a question that I ask everyone, which is: what does free speech mean to you?

Jacob Mchangama: I like to use the definition that Spinoza, the famous Dutch renegade philosopher, used. He said something along the lines, and I'm paraphrasing here, that free speech is the right of everyone to think what they want and say what they think, or the freedom to think what they want and say what they think. I think that's a pretty neat definition, even though it may not be fully exhaustive from sort of a legal perspective, I like that. 

JY: Excellent. I really like that. I'd like to know what personally shaped your views and also what brought you to doing this work for a living. 

JM: I was born in Copenhagen, Denmark, which is a very liberal, progressive, secular country. And for most of my youth and sort of young adulthood, I did not think much about free speech. It was like breathing the air. It was essentially a value that had already been won. This was up until sort of the mid-naughties. I think everyone was sort of surfing the wave of optimism about freedom and democracy at that time. 

And then Denmark became sort of the epicenter of a global battle of values over religion, the relationship between free speech and religion with the whole cartoon affair. And that's really what I think made me think deep and hard about that, that suddenly people were willing to respond to cartoonists using crayons with AK-47s and killings, but also that a lot of people within Denmark suddenly said, “Well, maybe free speech doesn't include the right to offend, and maybe you're punching down on a vulnerable minority,” which I found to be quite an unpersuasive argument for restricting free speech. 

But what's also interesting was that you saw sort of how positions on free speech shifted. So initially, people on the left were quite apprehensive about free speech because they perceived it to be about an attack on minorities, in this case, Muslim immigrants in Denmark. Then the center right government came into power in Denmark, and then the narrative quickly became, well, we need to restrict certain rights of hate preachers and others in order to defend freedom and democracy. And then suddenly, people on the right who had been free speech absolutists during the cartoon affair were willing to compromise on it, and people on the left who had been sort of, well, “maybe free speech has been taken too far” were suddenly adamant that this was going way too far, and unfortunately, that is very much with us to this day. It's difficult to find a principled, consistent constituency for free speech. 

JY: That's a great way of putting it. I feel like, with obvious differences from country to country, it feels like that kind of polarization is true everywhere, including the bit about flipping sides. I guess my next question, then, is: what do you feel like most people get wrong about free speech?

JM: I think there's a tendency—and I'm talking especially in the West, in the traditional free and open democracies—I think there's a huge tendency to take all the benefits of free speech for granted and focus myopically on the harms, real and perceived, of speech. I mean, just the fact that you and I can sit here, you know, I don't know where you are in the world, but you and I can have a direct, live, uncensored conversation…that is something that you know was unimaginable not that long ago, and we just take that for granted. We take it for granted that we can have access to all the information in the world that would previously have required someone to spend years in libraries, traveling the world, finding rare manuscripts.

We take it for granted, but this is the difference between us and say dissidents in Iran or Russia or Venezuela. We take it for granted that we can go online and vent against our governments and say things, and we can also vent things on social issues that might be deeply offensive to other people, but generally we don't face the risk of being imprisoned or tortured. But that's just not the case in many other countries. 

So, I think those benefits, and also, I would say, when you look at the historical angle, every persecuted or discriminated against group that has sought and achieved a higher degree of equal dignity, equal protection under the law, has relied on speech. First they relied on speech, then they could rely on free speech at some point, but initially they didn't have free speech right? So whether it's abolitionist the civil rights movement in the United States, you know my good friend Jonathan Rauch, who was sort of at the forefront of of securing same sex marriage in the United States, knows that was a fight that very much relied on speech. And women's rights…fierce women, who would protest outside the White House and burn in effigy figures of the President, would go to prison. Women didn't have political power. They didn't have guns. They didn't have economic power, they had speech, and that's what you need, to petition the government, to shine a light on abuse, to rally other allies and so on. And I think unfortunately, we've unlearned those hugely important precedents for why we have free speech today. 

JY: I’m definitely going to come back to that. But first I want to ask you about the new book you have coming out with Jeff Kosseff, The Future of Free Speech: Reversing the Global Decline of Democracy's Most Essential Freedom. I'm very excited, I’ve pre-ordered it. 

So, in light of that, I’ve got a two part question: First, what are some of the trends that concern you the most about what’s going on today? And then, what do you think we need to do to ensure that there is a future for free speech?

JM: So first of all, I was thrilled to be able to write it with Jeff, because Jeff is such an authority on First Amendment section 230 issues. But from the personal perspective, you could say that this book sort of continues where my previous book on the history of free speech finishes.

And so, based on the idea that we are living through a free speech recession that has become particularly acute in this digital age, where we see what I term as various waves of elite panic that lead to attempts to impose sort of top down controls on online speech in particular—and this is not only in the countries where you'd expect it, like China and Russia and Iran, but increasingly also in open democracies that used to be the heartland of free speech—there's a tendency, I think, in democracies, to view free speech no longer as sort of a competitive advantage against authoritarian states, or a right that would undermine authoritarians, but as sort of a Trojan horse which allows the enemies of democracies, both at home and abroad, to weaponize free speech against democracy, and so that's why the overwhelming

legislative initiatives and framing of free speech is often “this is a danger.” This is something we need to do something about. We need to do something about disinformation. We need to do something about hate speech. We need to do something about extremism. We need to do something about, you know, we need to have child safety laws. We need age verification. And you know, you know the list all too well. 

JY: I do, absolutely.

JM: Where I think where free speech advocates often fall short, is that we're very good at sort of talking about the slippery slope and John Stuart Mill and all these things, and that's important, but very often we don't have compelling proposals to sell to people who are not sort of civil libertarians at heart, and who are generally in favor of free speech, but who are frightened about particular developments at particular manifestations of speech that they think have become so dangerous to you know, freedom, democracy, whatever interest that they're willing to compromise free speech. 

And so we try to point to some concrete examples of—giving life to the old cliché—fighting bad speech with better speech. So some of those examples are counter speech. There are some great examples. One of them is from Brazil, where there was a black weather woman who was the first black weather woman to be sort of on a prominent TV channel, and she was met with brutal racism. So, you know, what should have been a happy moment for her became quite devastating. And so there was this NGO that printed billboards of these very nasty racist comments, blurred the identity of the user who had said it, but then put them in the neighborhoods where these people lived. So that was a very powerful way to confront Brazilians with the fact that, you know, racism is alive. It's right here in your neighborhood. And you know they used the N word and everything, and nothing was censored in terms of this racism, which was put right in front of it of everyone, and it actually led to a lot of people sort of deleting their comments and someone apologizing, and led to, I think, a fruitful debate in Brazilian society. 

Then you have other types of counter speech. One of them is a Swedish journalist called Mina Dennert. She started the “I am here” movement. So it's a counter speech movement, which I think spans 150,000 volunteers across 15 countries. And they use counter speech online, typically on Meta platforms, I think, where they essentially gather together and push back against hate speech, not necessarily to convince the speaker that they're wrong, but to give support to those who are the victims, but also to essentially convince what is often termed the movable middle, to show them that there are people who disagree with racist hate speech, and there's actually empirical data to suggest that these can be effective strategies. You can also use humor. 

Daryl Davis is a very extreme example. He's a black jazz musician who has made it his life mission to befriend members of the KKK. And he has converted around 200 members of the KKK, to essentially leave it and he does that by just having a conversation. Because if your worldview is that blacks are inferior and should not enjoy equal rights, and you have a conversation with someone in a way where it becomes impossible for you to uphold that worldview, because the person in front of you is clearly someone who's intelligent, articulate, who can counter all your your preconceived notions, then it becomes very difficult to uphold that worldview right? And you can imagine that those members who leave the KKK then become agents of change within their former communities. 

So there are various counter speech strategies that have shown a promise, and at the Future of Free Speech [think tank] that I direct, we've developed these toolkits, and we do teachings around the world, I think we've translated them into nine or ten languages. So it's not a panacea, obviously, to everything that's going on, but it's something quite practical, I think. And the good thing about it is also that it doesn't depend on an official definition of hate speech. If you're concerned about a particular type of speech, you can use counter speech to counter it. But you're not engaging in censorship, and we don't have to agree on what the definition of hate speech is. In that way, it’s hopefully an empowering tool. 

And another example: we talk about how Taiwan has been quite an inspiring case for using crowd sourced fact checking, for using sort of a bottom up approach to fighting disinformation from China, but also around Covid, so zero lockdowns and no centralized censorship, and they’re doing better than a lot of Western democracies that use more illiberal methods and the crowd sourced fact checking pioneered in Taiwan is what inspired Bird Watch on Twitter prior to its being taking over by Elon Musk, and which is now community notes on X, which I actually think for all the things you might dislike about X, is a feature that is quite promising. 

JY: Definitely.  I absolutely agree with that, and I'm really glad you mentioned your previous book, which I loved, and the idea of a free speech recession. 

You’ve done so much of this work all over the world, and have learned from people in different places and tried to understand the challenges they’re facing in terms of free speech. We actually started this project, Speaking Freely, primarily to share those different perspectives and to bring them to our readership, the majority of which comes from the U.S. What I’d like to ask you, then, is what do you feel that we in the “West” or in more open societies have to learn from free speech activists in the rest of the world?

JM: Just…the bravery of say, Iranians who now face complete—and this was even before the attacks by the US and Israel—complete internet bans. But who have also relied on social media platforms and digital creativity to circumvent official propaganda and censorship. I think those types of societies provide sort of a real time experiment, right? You know, okay, we have we have social media, and it's messy, and sometimes it's ugly, and sometimes some of these tech companies do things that we disapprove of, but you know the cure in terms of further government control, for instance, let's say, getting rid of section 230, adding age verification laws, trying to create exceptions to the First Amendment in cyberspace…we have societies where that is happening, albeit, of course, at a very extreme scale. But would you really trade the freedoms, however messy they are, for that kind of society? 

And then, I also worry a lot about the state of affairs in Europe, where I'm from, where it's not unusual if you're in Germany, to have the police show up at your door if you've insulted a powerful politician. For the book, I interviewed an Israeli, Jewish woman who lives in Berlin. She's on the far left and very opposed to to Israel's policies, and she's been arrested four times for for protesting with a plaque that says, “as an Israeli Jew, stop the genocide in Gaza.” And again, you can agree or disagree whether there's a genocide, but that's just political speech. Yet the optics of a Jew—an Israeli, Jewish woman—being arrested by German police in Berlin in the name of fighting antisemitism is, I think, absurd, right? 

JY: I’m laughing only because I think I’ve said that exact sentence in an interview with the German press.

JM: But this is the reality right now. And I think it's also a good example of the fact that there have been people on the left in Europe who have said, well, we need to do something about the far right. And therefore it's okay to crack down, you know, use hate speech laws and so on. And then October 7 happened, and suddenly you see a lot of minorities and people on the left who are becoming the targets of laws against hate speech or glorification of terrorism and so on and so forth. And I think that's a powerful case for why you want a pretty hard nosed principle of consistent protection of free speech, also online. And, given the priorities of the current administration in the United States, I think that if the First Amendment and section 230 were not in place in the United States, the kind of laws that you have in Europe would be very moldable for the current administration to go after. I mean, it’s already going after its enemies, real and perceived, but it often loses in court exactly because of constitutional protections, including the First Amendment. But if that protection wasn't there, they would be much more successful, I think, in going after speech that they don't like.

JY: That’s such a fantastic answer, and I’m in total agreement. I was actually living in Berlin until quite recently and saw quite a bit of that firsthand. It’s really troubling. 

I want to shift course for a moment. We hopefully have some young people reading this as well, and I think right now in this moment where age verification proposals are happening everywhere—which we at EFF are really concerned about—it’s important to speak to them as well. What advice would you give to young readers who are coming of age around the topic of free speech and who are interested in doing this sort of work?

JM: I think young people are obviously immersed in the digital age, and some of them may never have opened a physical book. I don't know. Maybe it's a Boomer prejudice when I say that, but, but, I don't think it's a stretch to imagine that the vast majority of speech and expression that they're confronted with is through devices of a sort. I think it's crucial to understand that, you know, the system of free speech was developed before that, and so not to focus solely on thinking about free speech only through the lens of the digital age. What came before it is really important to give you some perspective.

So that’s one thing, but I also have two kids, aged 13 and 16, so I’ve thought a lot and fought a lot about some of these issues. I understand where some of the age verification concerns come from. I have parental controls on my children's phones and devices, and try to control it as best as possible, because I do think there can be harms if you spend too much time. But on the other hand, I would also say—and this goes back to the harms and benefits—sometimes there's this analogy that people want to make that social media is like tobacco, which I think is such a poor comparison, because, you know, no one in the world would disagree that tobacco is extremely harmful, right? It's cancerous and all kinds of other things. There are no benefits to tobacco, but social media access, I think, is very different. For instance, I moved to the United States with my family three years ago. My children had no problem speaking English, doing well in school because of YouTube. They could speak almost with the accent, they were immersed into cultural idioms, and they could learn stuff. And also in terms of connections, they have friends back home, it would be very difficult for them to stay in touch the same way that they can now and have connections, if it wasn't due to technology. And so I think that social media for minors also has benefits that make it very, very different from the tobacco analogy. 

Plus, I also think, and here I'm pointing my finger at Jonathan Haidt, that some of the evidence that is being pushed for these kinds of bans seem not to reflect scientific consensus, and that there's a lot of subject matter experts who actually think that the case is much more muddled than than the message that he has pushed in his best selling book, but which is now going the rounds. 

But it amazed me to look at. First of all, let me say I've admired Jonathan Haidt for a long time. I loved his previous work, but I just feel like his crusade on social media for minors and age verification is…in a certain sense, he's gone down some of the roads that he warned against in some of his previous books, in terms of motivated reasoning and confirmation bias and so on. But I saw Jonathan Haidt praise the Minister of Digital Affairs for Indonesia for their age verification bill that is supposed to come into effect now. Indonesia is a country that right now, I think, has a bill in place that will give further powers to the government to ban LGBT content, and what’s the justification? Protecting children. It is a country where someone uploaded a Tiktok video where they said an Islamic prayer before eating pork…two years in prison, right? So it's a country that is in the lower half of Freedom House's Freedom on the Net rankings. So it's amazing to me that a good liberal Democrat like Jonathan Haidt would essentially lend his legitimacy to a country like Indonesia when no one, no serious person, can be in doubt that these kinds of laws will be used and abused by a country like Indonesia to crack down on religious and political, sexual minorities and dissent in general.

JY: Absolutely. And that actually fits really well with something that I've been thinking a lot about too. I know you've written a lot about the Brussels effect and I'm trying to look at the ways in which a similar effect—not necessarily coming from Brussels, of course—is shaping internet regulation in different directions, in terms of laws influencing other laws.

Now, in terms of laws influencing other laws, age verification is, I think, one of the big ones. I mean, seeing these laws modeled after things that the UK or Australia or the U.S. has proposed, and then, just being made so much worse, and then sometimes echoing back here as well. And I think Indonesia is such a great example of that.

JM: Yeah. I mean, Australia sort of opened the Pandora’s box, and everyone is rushing in now, and I think the consequences are likely to be grave, and I think it fits into another issue which I think is even more concerning, that is this rehabilitation or of the concept of digital sovereignty. If you went back 10 years ago and talked about digital sovereignty, you would say, “Well, this is something that they do in China or Russia,” but now digital sovereignty is shouted from the rooftops in Brussels and democracies. 

And you know, I could maybe understand, if digital sovereignty meant, yes, we're going to protect our critical infrastructure, or we don't want to be overly reliant on American tech platforms, given the Trump administration's hostility towards Europe. But digital sovereignty now essentially means a concept of sovereignty which asserts that governments and institutions like the European Union have powers to determine what types of information and ideas their citizens should be confronted with. Now look up Article 19 in the Universal Declaration of Human Rights, what does it say? Everyone has the right to free expression, which includes, and I'm paraphrasing here, the right to share and impart ideas across frontiers, regardless of media, right? You know this. So now we're reverting back to an idea of free expression, which says that the government can now control what type of information that…if a foreign government or information that purports to undermine democratic values in a society, then the government has a right to censor it or require that an intermediary take mitigating steps towards it. I mean, I think that is really a recipe for disaster.

JY: I’m so glad you talked about that. I don’t even think everyone talking about digital sovereignty is working with the same definition. 

JM: No no, digital sovereignty can mean a lot of things. But there’s no doubt that it’s now being stretched to also include pure information and ideas rather than critical infrastructure or industrial policy where it may have a more benign role to play.

JY: Absolutely. Well, we’ve covered a lot of territory, so I’m going to ask you my favorite question, the one we ask everyone: Who is your free speech hero?

JM: I think my free speech hero would be Frederick Douglass. To me, he’s just someone who epitomizes not only being a principled defender of free speech, but someone who did free speech in practice. In his autobiography—he wrote three, I think—but in one of them there’s a foreword by the great abolitionist William Lloyd Garrison, and he describes watching and listening to Frederick Douglass give one of his first public speeches in Nantucket in 1841 and Garrison describes the impact that Douglass had on this crowd and he says something along the lines of: “I think I never hated slavery so much as in that very moment.” So you can almost feel the impact of Douglass’s speech, and that’s the gold standard, right, for what speech can do and why it should be free.

JY: Such a great answer. Thank you.

JM: Thank you.




  •  

Digital Hopes, Real Power: From Revolution to Regulation

This is the second installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. You can read the first post here.

From Russia—where wartime censorship and more stringent platform controls have choked dissenting voices—to Nigeria, with its aggressive takedown orders turning social media into political battlegrounds, and to Turkey, where sweeping “disinformation” laws have made platforms heavily policed spaces, freedom of expression online is under attack. Per Freedom House’s 2023 Freedom on the Net Report, 66% of internet users live where political or social sites are blocked, and 78% are in countries where people have been arrested for online posts. New social media regulations have emerged in dozens of countries in the past year alone.

The online landscape looks markedly different than it did fifteen years ago. Back then, social media was still new and largely free from legal restrictions: platforms moderated content in response to user reports, governments rarely targeted them directly, and blocks (when they happened) were temporary, with censorship mostly focused on whole websites that VPNs or proxies could easily bypass. The internet was far from free, but governments’ crude tactics left space for circumvention.

Those early restrictions, as crude as they were, marked the start of a rapid evolution in online censorship. Governments like Thailand, which blocked thousands of YouTube videos in 2007 over critical content, and Turkey, which demanded takedowns from YouTube before blocking the site entirely, tested legal and technical pressures to mute dissent and force platforms’ compliance. By 2011, governments weren't just reacting—they had learned to pressure platforms into becoming instruments of state censorship, shifting their playbooks from blunt blocks to sophisticated systems of control that simple VPNs could no longer reliably bypass. Governments across the region were watching closely, and by the time the 2011 uprisings began, they were prepared to respond.

Looking Back

After learning that a Facebook page—We Are All Khaled Said, honoring a young man killed by police brutality—sparked Egypt’s street protests, Western media hailed online platforms as engines of democracy. Revolution co-creator Wael Ghonim told a journalist: “This revolution started on Facebook.” That claim was debated and contested for years; critically, Facebook had suspended the page two months earlier over pseudonyms violating its real-name policy, restoring it only after advocates intervened. 

Once the protests moved to the streets, Egypt’s government—alert to social media’s power—quickly blocked Facebook and Twitter, then enacted a near-total shutdown (more on that in part 4 of this series). As history shows, the measures didn’t stop the revolution, and Egyptian president Hosni Mubarak stepped down. For a brief moment, freedom appeared to be on the horizon. Unfortunately, that moment was short-lived.

Egypt’s Digital Dystopia

Just as the Egyptian military government quashed revolution in the streets, they also shut down  online civic space. Today, Egypt’s internet ranks low on markers of internet freedom. The military government that has ruled Egypt since 2013 has imprisoned human rights defenders and enacted laws—including 2015’s Counter-terrorism Law and 2018’s Cybercrime Law—that grant the state broad authority to suppress speech and prosecute offenders.

The 2018 law demonstrates the ease with which cybercrime laws can be abused. Article 7 of the law allows for websites that constitute “a threat to national security” or to the “national economy” to be blocked. The Association of Freedom of Thought and Expression (AFTE) has criticized the loose definition of “national security” contained within the law, as “everything related to the independence, stability, security, unity and territorial integrity of the homeland.” Notably, individuals can also be penalized—and sentenced to up to six months imprisonment—for accessing banned websites.

Articles 25, which prohibits the use of technology to “infringe on any family principles or values in Egyptian society,” and 26, which prohibits the dissemination of material that “violates public morals,” have been used in recent years to prosecute young people who use social media in ways in which the government disapproves. Many of those prosecuted have been young women; for instance, belly dancer Sama Al Masry was sentenced to three years in prison and fined 300,000 Egyptian pounds under Article 26.

Beyond Egypt: Regional Trends

Egypt’s trajectory reflects a wider regional and global pattern. In the years following the uprisings, governments moved quickly to formalize legal authority over digital space, often under the banner of combating cybercrime, terrorism, or “false information.” These laws often contain vaguely worded provisions criminalizing “misuse of social media” or “harming national unity,” giving authorities wide discretion to prosecute speech.

In Qatar and Bahrain, a social media post can result in up to five years in jail. In 2018, prominent Bahraini human rights defender Nabeel Rajab was convicted of “spreading false rumours in time of war”, “insulting public authorities”, and “insulting a foreign country” for tweets he posted about the killing of civilians in Yemen and sentenced to five years imprisonment

Two years later, Qatar amended its penal code by setting criminal penalties for spreading “fake news.” Article 136 (bis) sets criminal penalties for broadcasting, publishing, or republishing “rumors or statements or false or malicious news or sensational propaganda, inside or outside the state, whenever it is intended to harm national interests or incite public opinion or disturb the social or public order of the state” and sets a punishment of a maximum of five years in prison, and/or 100,000 Qatari riyals. The penalty is doubled if the crime is committed in wartime.

Now, as war has once again reached the region, these laws are being put to the test. Bahraini authorities have arrested at least 100 people in relation to protests or expression related to the war, while Qatar has arrested more than 300 people on charges of spreading “misleading information.”

And in the UAE, at least 35 people—most or all of whom are foreign nationals—have been arrested and “accused of spreading misleading and fabricated content online that could harm national defence efforts and fuel public panic,” according to the Times of India. The arrests fall under the UAE’s 2022 Federal Decree Law No. 34 on Combating Rumours and Cybercrimes which—says Human Rights Watch—is, along with the country’s Penal Code, “used to silence dissidents, journalists, activists, and anyone the authorities perceived to be critical of the government, its policies, or its representatives.”

From Regional Practice to Global Pattern

Today roughly four out of five countries worldwide have enacted cybercrime legislation, a dramatic expansion over the past decade, with many governments adopting or revising such laws in the years following the Arab uprisings. 

Outside the region, other nations have repurposed these laws to police speech. In Nigeria, journalists have been detained under the Cybercrime Act, with dozens of prosecutions documented since 2015. Bangladesh’s Digital Security Act has been used in thousands of cases—including hundreds against journalists—while in Uganda, authorities have prosecuted political critics under computer misuse laws for social media posts. 

Cybercrime laws are only one piece of a broader toolkit that governments now deploy to control digital spaces. Over the past decade, authorities have introduced sweeping “disinformation” laws, platform liability rules, age verification laws, and data localization requirements that force companies to store data domestically or appoint legal representatives within national jurisdictions. These measures give governments leverage over global technology firms, enabling them to demand faster content removals, obtain user data, or threaten steep fines and throttling if platforms fail to comply. Rather than relying solely on blunt instruments like blocking entire websites, states increasingly govern speech through layered regulatory systems that pressure platforms to police users on the state’s behalf.

The platforms too have changed. The same social media companies that were once championed as tools of democratic mobilization now operate in more constrained environments—and often act as willing participants in repressing speech. Facing financial penalties and the prospect of being blocked entirely, many companies expanded compliance with takedown requests after 2011, as can be seen in the companies’ own transparency reports. They later invested heavily in automated technologies that remove vast quantities of content before it is ever publicly available.

Rights groups around the world, including EFF, have warned that these dynamics disproportionately impact historically marginalized and vulnerable groups, as well as journalists and other human rights defenders. Research by the Palestinian digital rights organization 7amleh and reporting by Human Rights Watch have documented how content moderation policies, government pressure, and opaque enforcement mechanisms increasingly converge—leaving activists, journalists, and human rights defenders caught between state censorship and platform governance.

The New Architecture of Repression

Looking back now, it’s clear that, fifteen years ago, governments were caught off guard. They crudely blocked platforms, shut down networks, and scrambled to contain movements they did not fully understand. But in the years since, states have systematically adapted, transforming what were once reactive measures into durable systems of control.

Today’s controls are embedded in law, outsourced to platforms, and justified through the language of security, safety, and order. Cybercrime statutes, disinformation frameworks, and platform regulations form a layered architecture that allows states to shape online expression at scale while maintaining a veneer of legality. In this system, repression is often procedural, bureaucratic, and continuous.

The question is no longer whether the internet can enable dissent, but whether it can still sustain it under these conditions.

This is the second installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings. Read the rest of the series here.

  •  

UK Politicians Continue to Miss the Point in Latest Social Media Ban Proposal

The UK is moving forward with its efforts to ban social media for young people. Ahead of this week’s House of Lords debate on the topic, we’re getting you situated with a primer on what’s been happening and what it all means.

What was the last vote about? 

On 9 March, the House of Commons discussed amendments tabled by the House of Lords in the government’s flagship legislation, the Children’s Wellbeing and Schools Bill. 

The House of Lords previously tabled an amendment to “prevent children under the age of 16 from becoming or being users” of “all regulated user-to-user services,” to be implemented by “highly-effective age assurance measures,” which effectively banned under-16s from social media. When this proposal came before the House of Commons, MPs defeated it by 307 votes to 173. 

Instead, the Commons proposed its own amendment: enabling the Secretary of State to introduce provisions “requiring providers of specified internet services” to prevent access by children, under age 18 rather than 16, to specified internet services or to specified features; and to restrict access by children to specified internet services which ministers provide. 

Who does this give powers to?

The Commons proposal redirects power from the UK Parliament and the UK’s independent telecom regulator Ofcom to the Secretary of State for Science, Innovation and Technology, currently Liz Kendall, who will be able to restrict internet access for young people and determine what content is considered harmful…just because she can. The amendment also empowers the Secretary of State to limit VPN use for under 18s, as well as restrict access to addictive features and change the age of digital consent in the country; for example, preventing under-18s from playing games online after a certain time.  

Why is this a problem? 

This process is devoid of checks or accountability mechanisms as ministers will not be required to demonstrate specific harms to young people, which essentially unravels years-long efforts by Ofcom to assess online services according to their risks. And given the moment the UK is currently in, such as refusing to protect trans and LGBTQ+ communities and flaming hostile and racist discourses, it is not unlikely that we’ll see ministers start restricting content that they ideologically or morally feel opposed to, rather than because the content is harmful based, as established by evidence and assessed pursuant to established human rights principles. 

We know from other jurisdictions like the United States that legislation seeking to protect young people typically sweeps up a slew of broadly-defined topics. Some block access to websites that contain some “sexual material harmful to minors,” which has historically meant explicit sexual content. But some states are now defining the term more broadly so that “sexual material harmful to minors” could encompass anything like sex education; others simply list a variety of vaguely-defined harms. In either instance, this bill would enable ministers to target LGBTQ+ content online by pushing this behind an under-18s age gate, and this risk is especially clear given what we already know about platform content policies. 

How will this impact young people? 

The internet is an essential resource for young people (and adults) to access information, explore community, and find themselves. Beyond being spaces where people can share funny videos and engage with enjoyable content, social media enables young people to engage with the world in a way that transcends their in-person realm, as well as find information they may not feel safe to access offline, such as about family abuse or their sexuality. In severing this connection to people and information by banning social media, politicians are forcing millions of young people into a dark and censored world. 

How did each party vote? 

The initial push to ban under-16s from social media came from the Conservative Party, who have since accused the UK’s Prime Minister Keir Starmer of “dither and delay” for not committing to the ban. The Liberal Democrats have also called this “not good enough.” The Labour Party itself is split, with 107 Labour Party MPs abstaining in the vote on the House of Lords amendment. 

But we know that the issue of young people’s online safety is a polarizing topic that politicians have—and will continue to—weaponize for public support, regardless of their actual intentions. This is why we will continue to urge policymakers and regulators to protect people’s rights and freedoms online at all moments, and not just take the easy route for a quick boost in the polls.

How does this bill connect to the Online Safety Act?

The draft Children’s Wellbeing and Schools Bill that came from the Lords provided that any regulation pertaining to the well-being of young people on social media “must be treated as an enforceable requirement” with the Online Safety Act. The Commons amendment, however, starts out by inserting a new clause that amends the Online Safety Act. 

For more than six years, we’ve been calling on the UK government to pass better legislation around regulating the internet, and when the Online Safety Act passed we continued to advocate for the rights of people on the internet—including young people—as Ofcom implemented the legislation. This has been a protracted effort by civil society groups, technologists, tech companies, and others participating in Ofcom's consultation process and urging the regulator to protect internet users in the UK.

The MPs amendment essentially rips this up. Technology Secretary Liz Kendall recently said that ministers intended to go further than the existing Online Safety Act because it was “never meant to be the end point, and we know parents still have serious concerns. That is why I am prepared to take further action.” But when this further action is empowering herself to make arbitrary decisions on content and access, and banning under-18s from social media, this causes much more harm than it solves. 

Is the UK alone in pushing legislation like this? 

Sadly, no. Calls to ban social media access for young people have gained traction since Australia became the first country in the world to enforce one back in December. On 5 March, Indonesia announced a ban on social media and other “high-risk” online platforms for users under 16. A few days later, new measures came into effect in Brazil that restricts social media access for under-16s, who must now have their accounts linked to a legal guardian. Other countries like Spain and the Philippines have this year announced plans to ban social media for under-16s, with legislation currently pending to implement this.

What are the next steps?

The Children's Wellbeing and Schools Bill returns to the House of Lords on 25 March for consideration of the new Commons amendments. The bill will only become law if both Houses agree to the final draft. 

We will continue to stand up against these proposals—not only to young people’ free expression rights, but also to safeguard the free flow of information that is vital to a democratic society. The issue of online safety is not solved through technology alone, especially not through a ban, and young people deserve a more intentional approach to protecting their safety and privacy online, not this lazy strategy that causes more harm than it solves. 

We encourage politicians in the UK to look into what is best, not what is easy, and explore less invasive approaches to protect all people from online harms. 

  •  

Digital Hopes, Real Power: Reflecting on the Legacy of the Arab Spring

This is the first installment of a blog series reflecting on the global digital legacy of the 2011 Arab uprisings.

A new generation of protesters, raised on social media and often fluent in the tools of digital dissent, has taken to the streets in recent months and years. In Bangladesh, Iran, Togo, France, Uganda, Nepal, and more than a dozen other countries, young people have harnessed digital tools to mobilize at scale, shape political narratives, and sustain movements that might once have been easier to ignore or suppress.

The tools at their disposal are vast, allowing them to coordinate quickly and turn local grievances into visible, transnational moments of dissent. But each new tactic is met in turn: governments now implement draconian regulations and deploy sophisticated surveillance systems, content manipulation, and automated censorship to pre-empt, predict, and punish collective action. 

This cycle of digital empowerment and repression is not new. In many ways, its roots can be traced to the 2011 uprisings that rippled across the Middle East and North Africa. Often referred to as the “Arab Spring,” these movements didn’t just reshape politics…they transformed how we talk about the internet, and how governments respond in times of protest, crisis, and conflict. Fifteen years later, the legacy of that moment still defines the terms of resistance and control in the digital age.

At the time, we were sold the comforting narrative that the internet would help bring about democracy, that connectivity itself was revolutionary, and that Silicon Valley’s products—particularly social media platforms—were aligned with the people. It was a narrative that tech executives were sometimes happy to amplify and certain Western governments were happy to believe. 

But the same networks that helped protesters to organize and broadcast their demands beyond their own borders laid the groundwork for new forms of repression. Over the years, the same tools that were once celebrated as tools of dissent have become instruments for tracking, harassing, and prosecuting dissenters.

This series examines the digital legacy of the 2011 uprisings that shook the region: how governments refined censorship and surveillance after 2011, how platforms alternately resisted and enabled those efforts, and how a new generation of civil society has pushed back.

"Over the years, the same tools that were once celebrated as tools of dissent have become instruments for tracking, harassing, and prosecuting dissenters."

When Tunisian fruit vendor Mohamed Bouazizi set himself on fire on December 17, 2010, after repeated harassment by local officials, he could not have known the chain reaction his act would spark. After nearly twenty-three years in power, President Zine El Abidine Ben Ali faced a public fed up with repression. Protests spread across Tunisia, ultimately forcing him to flee.

In his final speech, Ben Ali promised reforms: a freer press and fewer internet restrictions. He left before either materialized. For Tunisians, who had lived for years under normalized censorship both online and off, the promises rang hollow.

At the time, Tunisia’s internet controls were among the most restrictive in the world. Reporting by the exiled outlet Nawaat documented a sophisticated filtering regime: DNS tampering, URL blocking, IP filtering, keyword censorship. Yet despite that machinery, Tunisians built a resilient blogging culture, often relying on circumvention tools to push information beyond their borders. When protests began—and before international media caught up—they were ready.

Eleven days after Ben Ali fled, Egyptians took to the streets. International headlines rushed to label it a “Twitter revolution,” mistaking a tool for a movement. Egypt’s government drew a similar conclusion. On January 26, authorities blocked Twitter and Facebook. The next day, they shut down the internet almost entirely, a foreshadowing of what we’d see fifteen years later in Iran.

As Egyptians fought to free their country from President Hosni Mubarak’s autocratic rule, protests swept across the region to Bahrain, where demonstrators gathered at the Pearl Roundabout before facing a brutal crackdown; to Syria, where early calls for reform spiraled into one of the most devastating conflicts of the century; to Morocco, where the February 20 Movement pushed for constitutional change. Outside of the region, movements took shape in Spain, Greece, Portugal, Iceland, the United States, and beyond.

In each context, digital platforms helped circulate images, testimonies, and tactics across borders. They created visibility—and, in turn, inspired a playbook. Governments watched not only their own populations but one another, quickly learning how to disrupt networks, identify organizers, and seize back control of the narrative.

Cause and Effect

To be clear, the internet didn’t create these movements. Decades of repression, corruption, labor organizing, and grassroots activism did. Later research confirmed what many in the region already understood: digital tools helped people share information and coordinate action, but they were neither the spark nor the engine of revolt.

But regardless, the myth of the “Twitter revolution” had consequences. The breathless coverage, and rapid policy reactions that followed shaped state strategy around the world. Governments across the region and well beyond invested heavily in surveillance technologies, developed new legal mechanisms, increased their own social media presence, and found ways to influence platforms. Internet blackouts, once rare, became a normalized tool of crisis response. And companies were forced into increasingly public decisions about whether to resist state pressure or comply.

When it comes to the internet, the legacy of the 2011 uprisings that swept the region and beyond is a story about power: how states moved to consolidate control online, how platforms—often under pressure—have narrowed the space for dissent, and how civil society has been forced to evolve to defend it.

This five-part series will take a deeper look at how the internet as a space for dissent and for hope has changed over the past fifteen years throughout the region and well beyond.  

  •  

Admiring Our Heroes for International Women’s Day: Celebrating Women Who Have Received EFF Awards 

For the last hundred years, women have had pivotal and far too often unsung roles in building and shaping the technology that we now use every day. Many have heard of Ada Lovelace’s contributions to computer programming, but far fewer know Mary Allen Wilkes, a prominent modern programmer who wrote much of the software for the LINC, one of the world’s first interactive personal computers (it could fit in a single office and cost $40,000, but it was the 60’s). Decades earlier, when the first all-electronic, digital Eniac computer was built in the 40’s, the “software” for it was written by women: Kathleen McNulty, Jean Jennings, Betty Snyder, Marlyn Wescoff, Frances Bilas and Ruth Lichterman. 

It’s thankfully become more common knowledge that actor and inventor Hedy Lamarr co-created the concept of "frequency-hopping" that became a basis for radio systems from cell phones to wireless networking systems. But too few know Laila Ohlgren, who in the 1970’s solved a major problem with the development of mobile networks and phones by recognizing that dialed numbers could be stored and sent all at once with a “call button,” rather than sent one number at a time, which created connection issues before a call was even made. 

Women in tech deserve more and brighter spotlights. At EFF, we’ve had the honor of celebrating some of our heroes at our annual EFF Awards, including many women who are leading the digital rights community. For International Women’s Day, we’re highlighting the contributions of just a few of these recipients from the last decade, whose work to protect privacy, speech, and creativity online has had a global impact.

Carolina Botero (EFF Award Winner, 2024) 

Carolina Botero is a leader in the fight for digital rights in Latin America. For over a decade, she led the Colombia-based Karisma Foundation and cultivated its regional and international impact. Botero and Karisma helped connect indigenous peoples to the internet and made it possible to contribute content to Wikipedia in their native language, expanding access to both history and modern information. They built alliances to combat disinformation, pushed for legal tools to protect cultural and heritage institutions from digital blackholes, and were, and remain, a necessary voice speaking for human rights in the online world. EFF worked closely with Karisma and Botero to help free Colombian graduate student Diego Gomez, who shared another student’s Master’s thesis with colleagues over the internet. Diego’s story demonstrates what can go wrong when nations enact severe penalties for copyright infringement, and thanks to work from Karisma, many partners, and many EFF supporters, he was cleared of the criminal charges that he faced for this harmless act of sharing scholarly research.

Carolina Botero receiving her EFF Award

Botero stepped down from the role in 2024, opening the door for a new generation. While her work continues—she’s currently on the advisory board of CELE, the Centro de Estudios en Libertad de Expresión—her EFF Award was well-deserved based on her strong and inspiring legacy for those in Latin America and beyond who advocate for a digital world that enhances rights and empowers the powerless. Learn more about Botero on her EFF Awards page and the recap of the 2024 event

Chelsea Manning (EFF Award Winner, 2017)

Chelsea Manning became famous as a whistleblower: In 2010, she disclosed classified Iraq War documents, including a video of the killings of Iraqi civilians and two Reuters reporters by U.S. troops. These documents exposed aspects of U.S. operations in Iraq and Afghanistan that infuriated the public and embarrassed the government. But she is also a transparency and transgender rights advocate, network security expert, author, and former U.S. Army intelligence analyst. 

Manning joined the military in 2007. Her role as an intelligence analyst to an Army unit in Iraq in 2009 gave her access to classified databases, but more importantly, it gave her a uniquely comprehensive view of the war in Iraq, and she became increasingly disillusioned and frustrated by what she saw, versus what was being shared. In 2010, she approached major news outlets hoping to give information to them that would reveal a new side of the war to the public. Ultimately, she shared the documents with Wikileaks. 

Manning’s bravery did not end there. When she was arrested a few months later, she endured "cruel, inhuman and degrading" treatment, according to the UN Special Rapporteur on torture. She was locked up alone for 23 hours a day over an 11-month period, before her trial. The mistreatment resulted in public outcry and advocacy by organizations like Amnesty International. Even a State Department spokesperson, Philip Crowley, criticized the treatment as "ridiculous, counterproductive, and stupid," and resigned. She was moved to a medium-security facility in April 2011. 

The government’s charges against Manning were outrageous, but in 2013 she was convicted of 19 of 22 counts as a result of her whistleblowing activities. She became one of fewerthan a dozen people prosecuted for espionage in the entire history of the United States, and she was sentenced to the longest punishment ever imposed on a whistleblower. Then, the day after her conviction, isolated from her community and in all likelihood expecting to remain in prison for years if not decades, she courageously issued a statement identifying herself as a trans woman, which she’d wanted to reveal for years. 

Over the next several years, while imprisoned, she became an advocate both for government transparency and for transgender rights. Her conviction and sentence pointed to the need for legal reform of both the Computer Fraud and Abuse Act (CFAA) and the Espionage Act.  EFF filed an amicus brief to the U.S. Army Court of Criminal Appeals arguing that the CFAA was never meant to criminalize violations of private policies like those of government systems, and EFF also pushed, and continues to fight for, narrower interpretations of the Espionage Act and stronger protections for whistleblowers, particularly to take into account both the motivation of individuals who pass on documents and the disclosure’s ramifications. 

Even after President Obama commuted her sentence in 2017, and EFF celebrated her work and her release with an EFF award in September, 2017, her fight wasn’t over. She was imprisoned again twice in 2019 and ultimately fined $256,000 for refusing to testify before grand juries investigating WikiLeaks founder Julian Assange. The U.N. Special Rapporteur on torture again criticized Manning’s treatment, writing that "the practice of coercive detention appears to be incompatible with the international human rights obligations of the United States." 

Manning was released in 2020 after having spent almost a decade in total imprisoned for her courage. She wrote a memoir, README.txt, in 2022, to take back control over her story.

EFF Award Winners Mike Masnick, Annie Game, and Chelsea Manning

Annie Game (EFF Award Winner, 2017)

Annie Game spent over 16 years as the Executive Director of IFEX, a global network of journalism and civil liberties organizations working together to defend freedom of expression.  IFEX (formerly International Freedom of Expression Exchange) began in the 1990s, when a group of organizations and the Canadian Committee to Protect Journalists came together to consider how to respond as a single voice to free-expression violations around the world. IFEX now is a global hub for the protection of free speech and journalism. 

Game recognized early on that digital rights and freedom of expression groups needed one another. Under her leadership, IFEX paired more traditional free-expression organizations with their more digital counterparts, with a focus on building organizational security capacities. IFEX Initiatives under Game’s leadership have been expansive. For example, the International Day to End Impunity for Crimes against Journalists, November 2, has been an annual wake-up call and reminder for UN member states to live up to their commitments to protecting journalists. UNESCO observed more than 1,700 journalists were killed globally between 2006 and 2024, and nearly 90% of these cases went unsolved in the courts. 

Game and IFEX have also focused on high-profile cases of journalists threatened by governments for their work, such as Bahey eldin Hassan in Egypt. Bahey is the director of the Cairo Institute for Human Rights Studies (CIHRS) and has advocated for freedom of expression and the basic human rights of Egyptians, but has lived in exile since 2014. The charges against him, of “disseminating false information” and “insulting the judiciary,” are common tactics of intimidation and harassment. Bahey’s supposed crimes were sharing social media posts criticising the Egyptian judiciary’s lack of independence, and speaking about the killing in Egypt of Italian researcher Giulio Regeni. Bahey—an IFEX member—is just one of many reporters and human rights workers in danger when they speak. But when journalists and those defending their rights online speak out as one voice, as IFEX helps them do, it makes a difference. 

Another initiative has been the Faces of Free Expression project, a partnership between IFEX and the International Free Expression Project. If you’re looking for more heroes, this project details the stories of “risk-takers and change-makers – individuals who put their careers, their freedom, their safety, and sometimes even their lives on the line,” while reporting, or defending free expression and the right to information. 

Wherever authoritarianism and repression of speech have been on the rise, Game has unapologetically called out injustices and made it safer for journalists to do their work, while ensuring accountability when crimes are committed. The work is more critical now than ever, and since leaving IFEX in 2022, she’s remained an activist while focusing increasingly on environmental protection. 

Twelve More Heroes 

EFF has honored many more women with awards over the years—from Anita Borg and Hedy Lamarr to Amy Goodman and Beth Givens. This blog from 2012 looks back and acknowledges the important contributions from twelve more EFF Award winners. 

We’ve also asked five women at EFF about women in digital rights, freedom of expression, technology, and tech activism who have inspired us. You can read that here.

Donate to Support EFF's Work

Your donations empower EFF to do even more.

  •  

Admiring Our Heroes for International Women’s Day: Five Women In Tech That EFF Admires

In honor of International Women’s Day, we asked five women at EFF about women in digital rights, freedom of expression, technology, and tech activism who have inspired us.  

Anna Politkovskaya 

Jillian York, Activist 
This International Women’s Day, I want to honor the memory of Anna Politkovskaya, the Russian investigative journalist who relentlessly exposed political and social abuses, endured harassment and violence for her work, and was ultimately killed for telling the truth. I had just started my career when I learned of her death, and it forced me to confront that freedom of expression isn’t an abstract principle but rather something people risk—and sometimes lose—their lives for. 

Her story reminds me that journalism at its best is an act of moral courage, not just a profession. In the face of threats, poison, and relentless pressure to stay silent, she chose to continue writing about what she saw, insisting that ordinary people’s lives were worth the world’s attention. She refused to compromise with power, even when she knew it could cost her life. To me, defending freedom of expression means defending those like Anna who bear witness to injustice, prioritize truth, and hold power to account for those whose voices are silenced.  

Cindy Cohn 

Corynne McSherry, Legal Director 
There are so many women who have shaped tech history—most of whom are still unsung heroes—that it’s hard to single out just one. But it’s easier this year because it’s a chance to celebrate my boss, Cindy Cohn, before she leaves EFF for her next adventure.  

Cindy has been fighting for our digital rights for 30 years, leading EFF’s legal work and eventually the whole organization. She helped courts understand that code is speech deserving of constitutional protections at a time when many judges weren’t entirely sure what code even was. She led the fight against NSA spying, and even though outdated and ill-fitting doctrines like the state secrets privilege prevented courts from ruling on the obvious unconstitutionality of the NSA’s mass surveillance program, the fight itself led to real reforms that have expanded over time.   

I’ve worked closely with her for much of her EFF career, starting in 2005 when we sued Sony for installing spyware in millions of computers, and I’ve seen firsthand her work as a visionary lawyer, outstanding writer, and tireless champion for user privacy, free expression, and innovation. She’s also warm and funny, with the biggest heart in the world, and I’m proud to call her a friend as well as a mentor.  

Donate to Support EFF's Work

Your donations empower EFF to do even more.

Jane

Sarah Hamid, Activist 
When talking about women in tech, we usually mean founders, engineers, and executives. But just as important are the women who quietly built the practices that underpin today’s movement security culture. 

For as long as social movements have organized in the shadow of state surveillance, women have been designing the protocols, mutual aid networks, and information flows that keep people alive. Those threats feel ever-escalating: fusion‑center monitoring of protests, federal agencies infiltrating and subpoenaing encrypted Signal and social media chats, prosecutors mining search histories.  

In the late 1960s and early 1970s, the underground Jane abortion counseling service—formally the Abortion Counseling Service of Women’s Liberation—built what we would now recognize as a feminist infosec project for abortion access. Jane connected an estimated 11,000 people with safer abortions before Roe v. Wade, using a single public phone number—Call Jane—paired with code names, compartmentalized roles, and minimal records so no one person held the full story of who needed care, who was providing it, and where. When Chicago police raided the collective in 1972, members destroyed their index‑card files rather than let them become a ready‑made map of patients and helpers—an analog secure‑deletion choice that should feel familiar to anyone who has ever wiped a phone or locked down a shared drive. 

The lesson we should take from Jane is a set of principles that still hold in our encrypted‑but‑insecure present: Collect less, separate what you do collect, and be ready to burn the file box. When a search query, a location ping, or a solidarity post can become evidence, treating information as both lifeline and liability is not paranoia—it is care work.  

Ebele Okobi

Babette Ngene, Director of Public Interest Technology 
In the winter of 2013, I had just landed my first job at the intersection of tech and human rights, working for a prominent nonprofit and I was encouraged to attend regular tech and policy events around town. One such event on internet governance was happening at George Washington University,  focusing on multi-stakeholder engagement on internet policy and governance issues, with companies, nonprofits, and government representatives in attendance. I was inexperienced with these topics, and I’ll admit I was a bit intimidated. 

Then I saw her. She was the only woman on the opening panel, an African woman, an accomplished woman. Not only was she a respected lawyer at Yahoo at the time, but her impressive background, presence, and confident speaking style immediately inspired me. She made me feel like I, too, belonged in that room and could become a powerful voice. 

Ebele Okobi would go on to become one of the most powerful and respected voices in the tech and human rights space, known for her advocacy for digital rights and responsible innovation across Africa and the broader global majority during her tenure at Facebook. Beyond her corporate advocacy, Ebele has consistently championed ethical technology and social justice. She embodies the leadership qualities I value most: empathy, speaking truth to power, integrity, and authenticity. 

I remain in the tech and human rights space because I saw her, because seeing her made me feel seen. Representation truly does matter.  

Ada Lovelace 

Allison Morris, Chief Development Director 
I’m not a lawyer, activist, or technologist; I’m a fundraiser and a lover of stories. And what storyteller at EFF couldn’t help but love Ada Lovelace? The daughter of Lord Byron—the human embodiment of Romanticism—Ada was an innovator in math and science and, ultimately, the writer of the first computer program.  

Lovelace saw the potential in Charles Babbage’s theoretical General Purpose Computer (which was never actually built) and created the foundations of modern computing long before the digital age. In creating the first computer code, Lovelace took Babbage’s concept of a machine that could perform mathematical calculations and realized that it could manipulate symbols as well as numbers. 

Given the expectations of women in her time and the controversy of what work should be attributed to Lovelace as opposed to the man she often worked with, I can’t help but be inspired by her story.  

Women in tech deserve more and brighter spotlights. At EFF, we’ve had the honor of celebrating some of our heroes at our annual EFF Awards, including many women who are leading the digital rights community. For International Women’s Day, we also highlighted the contributions of just a few of these recipients from the last decade, whose work to protect privacy, speech, and creativity online has had a global impact.

  •  
❌