Ramy Raoof

Ramy Raoof is an Egyptian digital security researcher, civil society technologist, and activist based in Cairo whose career spanning over a decade covers three overlapping registers: investigating Egyptian government-linked surveillance campaigns against civil society; building the digital security capacity of NGOs, journalists, and activists across Egypt, MENA, and Central America; and sustaining the open-source internet-freedom infrastructure the movement depends on. He is tracked here as a Voice because his named investigative output — the Nile Phish report, the Global Voices Advox journalism, the award-recognised practitioner record — constitutes the primary corpus anchor for the Egypt / North Africa surveillance-accountability register, and because his practitioner register (field technologist and investigative journalist simultaneously, produced from within Egyptian civil society rather than reporting on it from outside) has no analogue in the corpus's current Voice coverage.

Voice anchor

The Voice closes the Egypt / North Africa mainland geo Voice gap — zero Egyptian entries existed before this filing. Egypt is the corpus's most significant MENA absence: the Egyptian civil society and digital rights ecosystem has produced several of the most-cited surveillance-accountability investigations of the last decade (Nile Phish is among the most-referenced Citizen Lab publications on state-civil-society surveillance in the region), and the Egyptian Initiative for Personal Rights is the corpus's sole Egyptian organization anchor. Raoof's Voice bridges the EIPR anchor and the broader surveillance-accountability and internet-freedom registers by providing the named field practitioner whose investigation output and capacity-building practice give those registers their ground-level content.

Three sub-type distinctions from existing corpus Voices in adjacent registers:

• Distinct from Felicia Anthonio's Voice. Anthonio anchors the West African internet-freedom activist register — the Ghana-rooted #KeepItOn campaign leadership at Access Now, focused on government-imposed internet shutdowns as a class of censorship. Raoof anchors the Egyptian / MENA civil-society-technologist register: Cairo-rooted surveillance-documentation and digital-security-capacity-building practice targeting the specific state surveillance ecosystem operating against civil society in the context of Egyptian legal repression under Case 173. Anthonio's register is shutdown advocacy (naming and pressuring governments that impose shutdowns); Raoof's is surveillance forensics and field security practice (documenting, exposing, and building resistance to targeted surveillance of known individuals).

• Distinct from Apar Gupta's Voice. Gupta anchors the South Asian (India) legal-advocacy and policy-mobilisation register — strategic litigation and civil liberties policy argument grounded in the Internet Freedom Foundation. Raoof anchors the Egyptian technologist-and-investigator register: field digital security, malware and phishing forensics, NGO security training — a practitioner register built on technical infrastructure skills rather than legal-advocacy ones. Gupta's primary public-output register is legal analysis and civil liberties policy argument; Raoof's is technical investigation and civil society security practice.

• Distinct from Anriette Esterhuysen's Voice. Esterhuysen anchors the Southern African elder-institutional-voice register on global internet governance multilateral architecture (the IGF, WSIS, GDC processes). Raoof anchors the Egyptian field-technologist register on surveillance-accountability and civil society security practice. Esterhuysen's register is multilateral engagement on structural governance design; Raoof's is ground-level practitioner work within an authoritarian surveillance context, closer to the Citizen Lab investigation register than to the UN governance register.

Signature investigations

Two investigations anchor Raoof's public record and constitute the primary corpus evidence for his Voice.

Nile Phish (2017). The Nile Phish report (Citizen Lab Research Report No. 88, 2 February 2017), co-authored with John Scott-Railton, Bill Marczak, and Etienne Maynier, documented what the authors described as "the widest, most sophisticated, and dangerous phishing and spearphishing campaign" against independent human rights groups in Egypt to that date. The targets were directly connected to Case 173 — the Egyptian government's sweeping prosecution of civil society organisations operating under foreign funding, which named the Egyptian Initiative for Personal Rights, Nazra for Feminist Studies, the Cairo Institute for Human Rights Studies, and the Egyptian Center for the Right to Education. The report's key findings: attack surges correlated to politically sensitive dates; operators appeared to possess advance knowledge of NGO operations (attacks launched within hours of arrests); attack content was tailored to each target organisation's specific activities and staff. Nile Phish became the named reference point for state-linked digital surveillance against Egyptian civil society and was covered by The Intercept, VICE, and Egyptian Streets.

2019 OAuth phishing wave. Working alongside Amnesty International Security Lab, Raoof co-investigated a second wave of government-linked phishing attacks against Egyptian human rights defenders in 2019, this time using OAuth phishing techniques — a technical evolution from the credential-phishing methods documented in 2017. The investigation confirmed the continuing practice of state-linked digital surveillance against Egyptian civil society and the sustained need for the technical counter-capacity Raoof's field work builds.

Hacking Team documentation (2015). When the 2015 Hacking Team data breach exposed clients' procurement of the Remote Control System spyware, Raoof was among the first voices in the Arab digital rights space to publicly document Egypt's purchase of Hacking Team tools since 2012, framing the breach as confirmation rather than revelation for an Egyptian civil society already operating under that knowledge. The documentation establishes the pre-Nile-Phish record of Egyptian civil society's awareness of state surveillance and Raoof's role in naming it publicly.

Civil society technologist practice

The investigations sit inside a broader practitioner register. Raoof has spent over a decade developing digital security strategies, rapid-response security plans, and secure information management systems for NGOs and media organisations across Egypt, MENA, and Central America (including volunteer work with Fundación Acceso in Central America). This capacity-building function — training rights defenders, journalists, and activists in operational security against state surveillance — is the ground-level analogue to the governance register Esterhuysen anchors at the multilateral layer; Raoof builds the technical security posture of the individual organisations and people the governance regime is meant to protect.

Two infrastructure-governance contributions formalise this practice:

• Tor Project Board (2017–2022). Raoof served on the Tor Project Board of Directors, the governance body overseeing one of the most critical privacy infrastructure projects globally. The board framed his appointment as bringing "valuable perspective" from his work at the intersection of Egyptian human rights and technology — specifically, the first-hand knowledge of what state surveillance looks like from within a targeted civil society, an epistemic position unavailable to most board members.

• OTF FOSS Sustainability Fund. As Technologist at the Open Technology Fund, Raoof created the FOSS Sustainability Fund — a mechanism providing long-term maintenance support for the open-source internet-freedom tools that activists, journalists, and civil society organisations rely on globally. OTF describes the fund as addressing a structural gap in internet-freedom tool support: the FOSS ecosystem's most-used privacy and censorship-circumvention tools are built and maintained by small teams without stable funding for long-term code maintenance. The fund is the institutional form of the practitioner insight that field security work and infrastructure governance are the same function at different scales.

Public output and venues

Raoof's named public-output record runs across three channels:

• Global Voices Advox (2009–present). Twenty-nine named-byline contributions since July 2009 documenting Egypt's surveillance infrastructure, the 2011 internet shutdown during the revolution, mobile security tactics for participants in peaceful assemblies, and the two-step-verification environment under Egyptian state surveillance. The Advox contributions constitute the longest-running and most continuous strand of his named journalism record, establishing the Egypt-surveillance documentation thread that the Nile Phish investigation formalised at the Citizen Lab level.

• Media commentary. Raoof is cited as an expert source in CPJ, openDemocracy, The Intercept, and VICE — the named outlets covering Egyptian civil society surveillance — providing the on-record Egyptian civil society technologist voice in the surveillance-accountability coverage the Nile Phish investigation generated.

• TEDxCairo ("PR!/@CY?", December 2016). A TEDxCairo talk on privacy and encryption delivered in December 2016, shortly before the Nile Phish publication — the named public-lecture register through which the privacy-for-activists argument is carried into Egyptian mainstream-professional audiences.

Why this is a Voice entry

A Voice entry is created here, rather than additional structure on the Person entry, because Raoof's named investigative output and practitioner record are the primary corpus objects the graph needs to track: the Nile Phish report as the named reference investigation for Egyptian civil society surveillance; the Global Voices Advox journalism as the long-running named-byline Egypt-surveillance documentation thread; the Tor Project board service and OTF FOSS Sustainability Fund as the named institutional contributions through which his practitioner insight reaches the internet-freedom infrastructure layer; and the recognition record (Access Now Hero 2017, Burke Award 2023) that anchors the public assessment of his work. The corpus had org-eipr and org-citizen-lab as the institutional anchors in the Egypt / surveillance-accountability register but no named Egyptian field practitioner carrying the ongoing work — this Voice closes the asymmetry. The distinctive register this Voice closes — Egyptian civil society technologist, where the field security practice and the investigation practice are inseparable and produced from within the targeted civil society — has no analogue in the corpus's current Voice coverage. Affiliation, training, and biographical detail are recorded on the linked Person entry per the corpus's Person/Voice split.