In the months before Myanmar During the military’s February 1 coup, the country’s telecommunications and Internet service providers were ordered to install Intercept Spyware that would allow that army In order to eavesdrop on the communication of the citizens, sources with direct knowledge of the plan told Reuters.
The technology gives the military the ability to listen to calls, view text messages and web traffic including email, and track users’ locations without the assistance of telecommunications and internet companies.
The guidelines are part of the Army’s extensive efforts to deploy electronic surveillance systems and exercise control over the Internet to keep tabs on political opponents, quell protests and block channels for future disagreement, they added.
The civilian Department of Transportation and Communications decision-makers who issued the orders were former military officials, such as an industry manager with direct knowledge of the plans and another who was briefed on the matter.
“They presented it as being from the civilian government, but we knew the army would be in control and we were told it couldn’t be refused,” the executive said, knowing full well, adding that officials of the Military were in control Home Office also sat in the meetings.
More than a dozen people with knowledge of the Intercept spyware used in Myanmar were interviewed by Reuters. All asked to remain anonymous, citing fear of retaliation from the military junta.
Neither representatives of the junta nor representatives of politicians trying to form a new civilian government responded to Reuters’ requests for comment.
budget 2019 and 2020 documents for the previous government headed by Aung San Suu Kyi This undisclosed information includes details of $ 4 million planned purchases of Intercept spyware products and parts, as well as advanced data extraction and phone hacking technologies. The documents were provided by an activist group justice for Myanmar and have been independently verified by Reuters.
Reuters was unable to determine the extent to which senior non-military personnel in Suu Kyi’s government were involved in the interception order.
The idea of so-called “lawful interception” was first brought to the telecommunications sector by the Myanmar authorities in late 2019, but the pressure to install such technology didn’t come until late 2020, several sources said, adding that they were warned not to do so speak .
The interception plans were publicly announced by Norway’s Telenor in an annual update of its business in Myanmar, one of the country’s largest telecommunications companies with 18 million customers and 54 million people.
Telenor said in the December 3 briefing and statement posted on its websites that it was concerned about the Myanmar authorities’ plans for a lawful interception that “can directly access any operator and ISP systems without individual authorization “Like Myanmar did not have adequate laws and regulations to protect customers’ rights to privacy and freedom of expression.
In addition to Telenor, the companies affected include three other telecommunications companies in Myanmar: MPT, a large state-backed operator, Mytel, a company between Myanmar’s army and Viettel, owned by the Vietnamese Ministry of Defense, and Ooredoo from Qatar. MPT and Mytel are now under the full control of the junta, the sources said. There are around a dozen internet service providers out there.
Telenor declined to respond to Reuters questions about the article, citing unspecified safety concerns for its employees.
MPT, Mytel and Ooredoo did not respond to requests for comment. The Japanese trading house Sumitomo Corp, which, together with the wireless operator KDDI Corp, announced a planned investment of 2 billion US dollars in MPT in 2014, declined to comment. KDDI and Viettel did not respond to requests for comment.
Many governments allow law enforcement agencies to use what is known as “legitimate wiretapping” to catch criminals. But in most democratic countries and even some authoritarian regimes, such technology is usually not used without legal process, say cybersecurity experts. In contrast, according to industry executives and activists, the Myanmar military operates direct invasive telecommunications spyware without any legal or regulatory safeguards to protect human rights.
Even before the coup, Myanmar’s military exerted an overwhelming influence on the democratically elected civil government led by Suu Kyi. It had an unelected quota of 25% of parliamentary seats and the Constitution gave it control over several important ministries. It also had a major impact on communications and other ministries by appointing former army officers. That has become total control since the coup.
Tracks and interceptions
According to three sources at companies with knowledge of the surveillance system, not every telecommunications company or Internet service provider has all of the Intercept spyware installed. Reuters was unable to determine how extensively it was installed and deployed.
But military and intelligence agencies do some SIM card tracing and interception of calls, two of those sources said. According to one source, calls diverted to other numbers and connected without a dial tone were among the signs of interception.
A legal source with knowledge of cases against those involved in the protests also said there is evidence that spyware is being monitored for prosecution. Reuters has not seen any documents to support the claim.
A senior official who is helping displaced politicians form a parallel government also said their group had been warned by people working for the junta but sympathetic to protesters’ phone number tracking.
“We have to keep changing the SIM cards,” said the senior official.
According to Amnesty International’s Security Lab and three other technology experts, the interception products described in the government budget documents would enable the bulk collection of phone metadata – data about who users are calling, when and for how long they call – as well as targeted content interception.
CABLE CUT, TELEPHONES OF ACTIVISTS LOCKED
Under the militaryThe first action on February 1 was to order armed soldiers to break into data centers nationwide at midnight and cut Internet cables, according to employees of three companies who showed Reuters photos of severed cables.
In a data center where staff resisted, soldiers held her at gunpoint and also smashed monitors to threaten her, a source said.
Although most of the internet was restored within a few hours, the army began shutting it down every night. In a matter of days, the army had secretly ordered telecommunications companies to block the phone numbers of activists, junta opponents and human rights lawyers and to make lists available to the companies, according to three industry sources briefed on the matter. These orders have not yet been reported.
The sources added that operators are required by law to share customer lists with authorities.
The army also ordered certain websites to be blocked. Used by half of the country and quickly becoming vital to protest organizers, Facebook was among the first to be banned, followed by news sites and other social media platforms.
When the opposition increased in March, the military blocked access to cellular data altogether, leaving most of Myanmar without access to the internet.
“Businesses must follow directions,” said an industry source. “Everyone knows if you don’t do that, they can just come in with guns and cut the wires. It’s even more effective than any section.”
Telenor and Ooredoo executives who protested were urged to remain silent or the companies could lose their licenses, four sources said.
THE TENSION GRIP OF THE ARMY
Under previous juntas who ruled between 1963 and 2011, activists and journalists were routinely wiretapped and smartphones were rare.
As Myanmar opened up, it became a telecommunications success story with a thriving, albeit nascent, digital economy. Cell phone penetration, which was the second lowest in the world after North Korea at 6.9% in 2011, rose to 126% in 2020.
The civil government’s first known step towards nationwide surveillance came in 2018 with the establishment of a social media surveillance system designed to prevent the influence of foreign armed forces. As a result, with a biometric SIM card registration campaign last year, the use of multiple SIM cards was undesirable and a central database was required.
The authorities are now seeking even more power over telecommunications.
The communications ministry proposed a new law on February 10, requiring Internet and telecommunications companies to retain a wide range of user data for up to three years, and remove or block content that is viewed as “unity, stabilization and peace” “, with possible prison terms for those who fail to comply.
In late April, the junta began ordering telecom operators to unblock certain websites and apps, starting with local bank apps, said three people who were briefed on the development. Microsoft Office, Gmail, Google Drive and YouTube have now also been unlocked.
When asked about the unlock, a Microsoft representative said the company had not dealt with officials in Myanmar. Google did not respond to requests for comment.
Industry insiders and activists believe these steps are part of an attempt by the junta to establish a version of the Internet similar to what China did with the Great Firewall.
“The military wants to control the Internet so that it is a safe zone, but only for them,” said an industry manager. “We went back in time five years.”