In the months leading up to the Burmese military coup on February 1, the country’s telecommunications and internet service providers were ordered to install interception spyware that would allow the ‘army to listen to communications from citizens, sources with direct knowledge of the plan told Reuters.
Technology gives the military the power to listen in on calls, view text messages and web traffic, including emails, and track the location of users without the help of telecommunications companies and Internet, the sources said.
The directives are part of a large-scale military effort to deploy electronic surveillance systems and exercise control over the internet in an effort to keep tabs on political opponents, crush protests and cut channels for any future dissent, they added.
The decision-makers in the Civilian Ministry of Transport and Communications who gave the orders were former military officials, according to an industry executive with first-hand knowledge of the plans and another briefed on the matter.
“They presented it as coming from the civilian government, but we knew the army would have control and we were told you could not refuse,” the executive said knowingly, adding that officials of the Ministry of the Interior controlled by the army also sat. on meetings.
More than a dozen people with knowledge of interception spyware used in Myanmar have been questioned by Reuters. All have asked to remain anonymous, citing fear of reprisals from the military junta.
Neither junta officials nor representatives of politicians attempting to form a new civilian government responded to Reuters requests for comment.
The 2019 and 2020 budget documents from the previous government led by Aung San Suu Kyi that were not publicly disclosed contain details of planned purchases of $ 4 million of interception spyware products and parts, as well as sophisticated data mining and phone hacking technology. The documents were provided by the activist group Justice for Myanmar and have been independently verified by Reuters.
Reuters was unable to establish to what extent senior non-military figures in Suu Kyi’s government were involved in the order to install the interception.
The idea of a so-called “lawful interception” was first floated by Burmese authorities in the telecommunications sector at the end of 2019, but the pressure to install such technology did not come until the end of 2020, said several sources, adding that they had been warned not to talk about it. .
The interception plans were publicly reported by Norwegian company Telenor (TEL.OL) in an annual update on its activities in Myanmar, which is one of the country’s largest telecommunications companies with 18 million customers on a population of 54 million inhabitants.
Telenor said in the December 3 briefing and statement posted on its websites that it was concerned about the plans of the Burmese authorities for a lawful interception capable of “directly accessing the systems of every operator and ISP without approval to the case by case ”, because Myanmar had not done so. laws and regulations sufficient to protect clients’ rights to privacy and freedom of expression.
In addition to Telenor, the companies involved include three other telecommunications companies in Myanmar: MPT, a large state-backed operator, Mytel, a company between the Burmese military and Viettel which is owned by the Vietnam Ministry of Defense, and Ooredoo of Vietnam. Qatar (ORDS.QA). MPT and Mytel are now under full control of the junta, the sources said. There are a dozen Internet service providers.
Telenor declined to answer Reuters questions for this article, citing unspecified safety concerns for its employees.
MPT, Mytel and Ooredoo did not respond to requests for comment. Japanese trading house Sumitomo Corp (8053.T), which, along with wireless operator KDDI Corp (9433.T), announced in 2014 a planned $ 2 billion investment in MPT, declined to comment. KDDI and Viettel did not respond to requests for comment.
Many governments allow what are commonly referred to as “lawful interceptions” to be used by law enforcement to catch criminals. But in most democratic countries and even in some authoritarian regimes, such technology is generally not employed without some sort of legal process, cybersecurity experts say. The Burmese military, on the other hand, directly exploits invasive spyware in telecommunications without legal or regulatory safeguards to protect human rights in place, according to industry executives and activists.
Even before the coup, the Myanmar military wielded disproportionate influence in the democratically elected civilian government led by Suu Kyi. He had an unelected quota of 25% of parliamentary seats and the constitution gave him control over several key ministries. He also wielded considerable influence in communications and other government departments through the appointment of former army officers. It has become total control since the coup.
MONITORING AND INTERCEPTIONS
According to three sources of companies familiar with the surveillance system, not all telecommunications companies and Internet service providers have the full interception spyware installed. Reuters has not been able to establish to what extent it has been installed and deployed.
But military and intelligence agencies are tracing SIM cards and intercepting calls, two of those sources said. A source said calls redirected to other numbers and connecting without a dial tone were among the signs of interception.
A legal source with knowledge of cases against those involved in the protests also said there was evidence of spyware surveillance being used to prosecute them. Reuters did not see any documents to support the claim.
A senior official who helps ousted politicians seeking to form a parallel government also said their group had been warned by people working for the junta but sympathetic to protesters that the phone numbers were being traced.
“We have to change SIM cards all the time,” the senior official said.
According to Amnesty International’s security lab and three other tech experts, the interception products outlined in government budget documents would enable the bulk collection of phone metadata – data about who calls, when they call and during how long – as well as the targeted interception of content. .
CABLE CABLE, TELEPHONES FOR ACTIVISTS BLOCKED
One of the military’s first actions on Feb. 1 was to order armed soldiers to break into data centers across the country at midnight and cut internet cables, according to employees at three companies who showed to Reuters photos of cut cables.
In a data center where workers resisted, soldiers held them at gunpoint and also smashed monitors to threaten them, a source with knowledge of the matter said.
Although the internet was largely restored with hours, the military started shutting it down every night. Within days, the military had secretly ordered telecommunications companies to block the phone numbers of activists, junta opponents and human rights lawyers, providing the companies with lists, according to three knowledgeable industry sources. On the question. These orders have not been reported previously.
The sources added that operators are required by law to share customer lists with authorities.
The military has also led the blocking of specific websites. Facebook (FB.O), which was used by half the country and quickly became crucial for protest organizers, was among the first to be banned, followed by news sites and other social media platforms. Read more
When opposition grew in March, the military cut off mobile data access altogether, leaving most Burmese without internet access.
“Businesses have to obey orders,” an industry source said. “Everyone knows if you don’t, they can just come in with guns and cut the wires. It’s even more effective than any interception. “
Executives from Telenor and Ooredoo who protested have been urged to remain silent otherwise the companies risk losing their licenses, four sources said.
THE ARMY TIGHTENING HANDLE
Under the previous rims that ruled between 1963 and 2011, activists and journalists were regularly bugged and smartphones were scarce.
As Myanmar has opened up, it has become a success story in telecommunications with a thriving, albeit nascent, digital economy. Mobile phone penetration, the second lowest in the world in 2011 after North Korea at 6.9%, has skyrocketed to 126% in 2020.
The civilian government’s first known step towards nationwide surveillance came in 2018, with the establishment of a social media surveillance system that it said was aimed at preventing the influence of foreign forces. This followed with a biometric SIM card registration reader last year, claiming that using multiple SIM cards was undesirable and that a central database was needed.
The authorities are now seeking even more power over telecommunications.
On February 10, the Communications Ministry proposed a new law stating that Internet and telecommunications companies will be required to retain a wide range of user data for up to three years and remove or block any content deemed to be disruptive “the unity, stabilization and peace. “, With possible prison sentences for those who do not comply.
In late April, the junta began ordering telecom operators to unblock certain websites and apps, starting with apps from local banks, three people briefed on the development said. Microsoft Office, Google’s Gmail, Google Drive, and YouTube have also since been unblocked.
Asked about the unlock, a Microsoft representative said the company has not engaged with officials in Myanmar. Google did not respond to requests for comment.
Industry sources and activists believe the measures are part of the junta’s attempt to establish its version of the Internet, similar to what China has done with the “great firewall.”
“The military want to control the Internet, so it will be a safe zone, but only for them,” said an industry executive. “We went back five years. “
Our Standards: Thomson Reuters Trust Principles.