Football fans in the Arab region experienced the FIFA World Cup on home soil for the first time in the tournament’s history. FIFA promised that this World Cup would feature some of the most advanced technological innovations in the sports industry, but what has this entailed for fans’ digital rights?
Cyber-security experts warned against potential risks to personal data security and privacy during the tournament. Despite affluent state investments in digital services, digital rights remain a contentious issue in the Gulf state.
New Tech: Setting up the FIFA Experience
With the FIFA+ Stadium Experience app, fans experienced football action in an unprecedented manner as the app offered impressive features including coverage from different camera angles, live augmented reality, heatmaps, insights, etc. that transported the FIFA experience to fans beyond the stadiums.
From AI-assisted offside detectors and motion-tracking balls to surveilled stadiums, the World Cup in Qatar was equipped with ultra-modern technology.
Simultaneously, in an effort to troubleshoot any possible security threat among the audience during the tournament, attendees entering the stadium were tracked by a system of 15,000 cameras equipped with facial recognition technology.
The surveillance system, which was the first connected stadium platform that had been implemented in a world cup event, was run by a technical hub consisting of the Aspire Command and Control center even as the technology expanded past the confines of the stadium and extended to nearby train and bus stations.
Unmanned aerial vehicles (UAVs), commonly known as drones, were also deployed in every game to estimate crowd size. “What you see here is a new standard, a new trend in venue operations, this is our contribution from Qatar to the world of sport,” Niyas Abdulrahman, the event’s chief technology officer, said in an interview with AFP. “What you see here is the future of stadium operations.”
Cybersecurity Risks during Global Events
With heightened tensions and emotions, cybercriminals can exploit the high-profile nature and huge following that comes with big sporting events like the World Cup, giving room for digital intrusion and other social engineering mechanisms.
As the world turns all its attention to the football festival in Qatar, sporting events of this nature remain a prime target for cyber-related offenses. This year, we’ve seen newly registered websites replicating the FIFA 2022 World Cup official page. Phishing attempts were on the rise during the tournament and have placed businesses, organizations, and fans at risk.
Mohammed Al-Maskati, a Digital Security Helpline Director with Access Now explained to SMEX that the indiscriminate collection of data from users on the internet using emerging technologies like artificial intelligence, blockchain, the internet of things (IoT), autonomous systems, or even facial recognition technology, could have privacy implications and data security risks.
“These new technologies contribute to collecting a lot of information about users from all over the world, and this may threaten the privacy of millions of users who participate in these huge events,” warned Al-Maskati. “Governments that use these technologies often do not have a privacy and information protection policy.”
The digital rights expert further pointed out the possibility of a database leakage that could expose the sensitive information of users. “The collection and storage of this information in an unknown and often unsafe way opens the door for hackers to seize it and exploit it to target thousands of people around the world,” added Al-Maskati.
“As it has happened to dozens of services and platforms, it may lead to the leakage of databases on the internet, which usually contain sensitive information like passport numbers, credit card numbers, etc.”
Developing an effective and innovative malware defense mechanism remains an urgent requirement in the cybersecurity community. This survey paper on emerging threats in cybersecurity recommends developing an understanding of all levels of users, including both non-experts and experts in the computing system to develop appropriate security mechanisms.
During the 2014 FIFA World Cup in Brazil, hackers claimed responsibility for attacks against various tournament-related websites, the Brazilian government, and the country’s intelligence agency – through a series of distributed denial-of-service (DDoS) attacks.
Also, the 2018 FIFA World Cup in Russia recorded around 25 million cyber-related attacks and other acts of criminality targeting the information structures at the Kremlin state.
Even with the advancement of technology in global sports events today, criminal elements can exploit the increasing penetration of internet connectivity by intruding on user privacy and impeding on digital rights. To troubleshoot any possible security breach and safeguard digital rights, sports fans are advised to watch out for and prepare against potential risks to personal data security and privacy.
Privacy Concerns over Qatari “Hayya” App
Off the field, Hayya, the official World Cup application was used to keep track of match tickets and provide access to stadiums and free public transport. Also, fans who downloaded the application were offered a free SIM card from Ooredoo, Qatar’s official telecommunications service provider.
Although the Qatari government had recently eased its Hayya Card entry policies for the 2022 FIFA World Cup, the app which had served as a digital identity (ID) for fans during their stay in the Gulf country raised digital rights concerns in the cybersecurity community.
According to a research report by SMEX and Ranking Digital Rights (RDR), Hayya’s privacy policy failed to address the possible range of privacy concerns that could result from using the application.
Also, in terms of expected standards for disclosure and accessibility to the privacy policies, the Hayya App and Portal excluded some languages as the app’s privacy policy was made available only in English and a few other languages but not in Arabic—the official language in the host country.
Ragheb Ghandour, a cybersecurity expert disclosed to SMEX that although the Hayya application remains a mobile app engineered to organize and manage the experience of fans at the World Cup, the effect it has on digital rights relates more specifically to the functionality of the application and the data it collects.
He further explained that the privacy implications of the mobile app remain subject to the cybersecurity laws of Qatar, the data management mechanism, and the trustworthiness of the telecommunications service provider in the gulf state.
“We discovered that its backbone service is mainly provided by Qatari ICT and Telecom provider, Ooredoo—raising questions about the locality of the data in Qatar. This makes the data collected subject to Qatar’s laws and regulations.”
Although the Supreme Committee for Delivery and Legacy (SC), the organizer of the competition, remains transparent on how it collects this information, it has failed to list all the types of user information that it collects and shares, nor its purposes for doing so.
Furthermore, the Hayya App and Portal with other SC platforms engage in targeted advertising and profiling by tracking users and monetizing their information.
Meanwhile, hundreds of football fans voiced their displeasure with the processing of the Hayya application as many of them were unable to enter Qatar for the FIFA World Cup despite having the Hayya cards.
Although Qatar’s Supreme Committee for Delivery and Legacy had assured fans of the app’s accessibility and functionality, some fans were left in limbo due to data errors.
While FIFA and Qatar have lived up to their promise of organizing a competition with some of the most advanced technological innovations ever seen in the sports industry, the extensive surveillance coupled with data transparency questions raised during the tournament continue to heighten digital rights concerns in the cybersecurity community.
