iMAP State of Internet Censorship Report 2022 - Myanmar

မြန်မာဘာသာသို့ ပြန်ဆိုပါသည်။

• Blocking of independent New Media. 112 out of 2,130 websites were detected 1,473 confirmed blocking counts through 6 local vantages under DNS level interference and HTTP level interference. There were 11 out of 31 websites’ categories from OONI were found as confirmed blocking. Among 11 categories, News Media was experiential as the highest confirmed blocking measurement, following to pornography to the second largest blocking counts. Interestingly, within 117 government websites, OONI detects 15 websites were blocked from 2 vantage points of 2 ISPs.
• Sign of internet outages: IODA and Google Traffic data indicate that no major internet connectivity outages have been reported between January 1, 2022, and June 30, 2022. However, on May 16, 2022, and May 20, 2022, there were alerts regarding an Internet disruption and a possible internet outage.
• Potential blocking of Instant Messaging Apps: Apart from this finding period, we found no confirmed blocking in Facebook Messengers, Signal, and Telegram. In spite of this, Facebook Messenger found a large volume of anomalies during the test, which could be a sign of possible blocking. WhatsApp also detected a sign of potential blockings.
• Circumvention Tools: Circumvention tools appear to be blocked after the coup. As part of this study, Psiphon and Tor circumvention tools were detected accessible across the local networks.

Table of Contents

Introduction

Background

Political Landscape

Post 2010: Reforms

Post 2016: Civil military relations

Post 2021: Military coup

Legal Environment

Constitution of the Republic of Myanmar (2008)

Draft Cybersecurity Bill (2021)

Reported cases of internet censorship

Network Landscape and Internet Penetration

Findings of internet censorship in Myanmar

Blocking of Websites

Blocking of News Media

Blocking of Government Websites

Internet outages events

Blocking of Instant Messaging Apps

Blocking of Circumvention Tools

Acknowledgement of Limitations

Conclusion

References:

Acknowledgements

Annex I: Glossary

Annex II: Methodology

Data

Coverage

How are the network measurements gathered?

How are the network measurements analysed?

Country code

Autonomous System Number (ASN)

Date and time of measurements

Categories

IP addresses and other information

Network measurements

Confirmed vs Heuristics

About iMAP

About Sinar Project

Introduction

Myanmar today is among one of the most censored countries in the world. The country is ranked 17 out of 100 on internet freedom with a score of 9 out of 100 on the Global Freedom Index after the military coup.¹ The military shut down the internet, took control of the telecommunication infrastructure, blocked social media platforms, and increased intrusive surveillance to maintain their power. After one year of the coup, the Myanmar military arrested more than 100 journalists under section 505(A) of the penal code law.²

To examine the current state of internet censorship in Myanmar, this report looks at network interference measurements from OONI data during the period from 1 January 2022 to 30 June 2022.

In this study, we utilized OONI data which is run and collected by volunteers in Myanmar, to examine internet censorship in order to assess levels of internet freedom, freedom of expression and access to information. State surveillance has increased privacy and security concerns, immediately after the coup d’état in the country, however the period of assessment for this study was a year after the event.

Background

Myanmar is situated in Southeast Asia and is bordered on the north and north-east by China, on the east and south-east by Laos and Thailand. According to DATAREPORTAL³, the population of Myanmar was 55.02 million in January 2022. 51.8 percent of Myanmar’s population is female, while 48.2 percent of the population is male. Out of 55.02 million, 31.8 percent of the population lived in urban areas, while the majority (68.2 percent) lived in rural areas.

Myanmar is divided into seven states and seven regions, as one union territory which is divided generally by ethnic group. Kachin, Shan, Mon, Kayan, Kayin, Chin, Rakhine and Shan States are predominantly ethnic. As highlighted, almost three quarters of the population in Myanmar live in rural areas, which is largely dominated by ethnic minorities.⁴

Even though digital and network access has grown rapidly since 2011⁵, the benefits of the digital transformation in Myanmar are spread unevenly especially among women and ethnic minorities from rural communities. Gendered cultural biases limit Myanmar women from accessing both digital tools and skills.⁶ Less women than men use the internet.⁷ Communities living in rural and remote areas, also experience infrastructure barriers to accessing the internet Including, lack of basic infrastructure such as electricity, cellular and internet connections.

Figure 1: Individuals using the Internet (% of population) - Myanmar

Political Landscape

Post 2010: Reforms

Myanmar (or Burma as it was previously known) has undergone significant political and economic reforms under military rule for many decades. Until the elections in November 2010 the military junta ruled from 1962 until 2011. In the period of military rule, activists who defended information access, freedom of expression, and human rights were arrested regularly. In 2012, the country transitioned to democratization which seemed to be the end of military rule. Thein Sein who was a former president of Myanmar, becoming the country’s first civilian president⁸ in the first half of the century, however, it was still under military influence. During that period of time the government released hundreds of political prisoners including the chairperson of NLDs Aung San Suu Kyi from house arrest. The NLDs party began campaigning in 2011, with Aung San Suu Kyi leading the party in negotiations to attain multiparty democracy.

Post 2016: Civil military relations

In the 2015 general election, the NLD party won the election and became the first non-military governments ending 54 years of military rule. The NLD government has endeavored to maintain a friendly relationship with the junta since coming to power in 2016. The high profile case of persecution of the Rohingya ethnic minority in Rakhine State, shifted the international perception of the state counselor Aung San Suu Kyi who was highly criticized for the denying all accusations of genocide at the International Court of Justice in 2019.⁹

Post 2021: Military coup

Although the Aung San Suu Kyi maintained an amiable relationship with the military regime, General Min Aung Hlaing seized back the power after 10-year non-military ruling. On February 1, 2021, Senior General Min Aung Hlaing and other military leaders staged a coup and detained and charged de facto civilian leader Aung San Suu Kyi who won the landslide general elections in November 2020 with corruption and other crimes. The military claimed that the election was irregular due to unfair voter turnout and detained many NLD party members. In the week after the coup, nationwide peaceful protests took place, known as Spring Revolution, which called for the military to relinquish power.¹⁰ Street demonstrations occurred throughout the country, civil servants enacted a Civil Disobedience Movement through strikes, a flurry of images, print materials, and graffiti slogans against the military dictatorship were shared physically and via social media. The Human Rights Watch report that the SAC denied the call for the military to relinquish power and killed at least 1,200 protesters and bystanders, including approximately 75 children, and have detained over 8700 government officials, activists, journalists, and civil servants.¹¹

An opposition party was formed consisting of ousted NLD lawmakers, protest leaders, and activists from several minority groups, to counter the SAC and represent a civilian parallel government known as the National Unity Government (NUG). On September 7, 2021, the NUG declared war on the junta and formed an armed division known as the People’s Defense Force (PDF).¹² By 2022, nationwide civil war between ethnic arms groups, PDF and SAC has been occurring not only in the ethnic territories but also in the cities.¹³ Since the coup, the military imposed martial law in several townships and severely targeted ethnic armed groups. Continued military rule threatens human rights, freedoms of expression and perpetuates persecution against ethnic minorities and women. There was a significant impact of violence perpetrated against women and girls before the coup. Post coup, women and girls are more likely to become victims of emotional and physical abuse due to increased safety concerns. A new United Nations survey has found that women feel unsafe even in their home at night.¹⁴

Legal Environment

A number of laws both directly and indirectly related to censorship in Myanmar. These include the following:

Internet freedom in Myanmar collapsed following the February 2021 military coup reported by Freedom House 2021¹⁵. Several laws amended and proposed which affect both directly and indirectly related to freedom of expression online, access to information online, online privacy, censorship and surveillance in the digital space in Myanmar. These include the following:

• Constitution of the Republic of Myanmar (2008)
• Draft Cybersecurity Bill (2021)¹⁶
• Electronic Transactions Law (2004, amended 2021)
• Telecommunications Law (2013)
• Law Protecting the Privacy and Security of Citizens (2017, August 2020)
• Draft Right to Information Bill (2016)
• Myanmar Penal Code (1861)
• Broadcast Law (2015)
• Official Secrets Act (1923)

Constitution of the Republic of Myanmar (2008)

Among the rights, the 2008 constitution¹⁷ somewhat guarantees all citizens the right to freedom of expression under Articles 354 and 365. However, the Constitution does not fully protect the right to freedom of expression. Articles 354¹⁸ (liberty of expression and publication) and 365¹⁹ (freedom of artistic expression) do not comply with international standards. Furthermore, it threatens freedom of expression for journalists and human rights defenders, said Human Rights Watch²⁰.

Draft Cybersecurity Bill (2021)²¹

A draft Cybersecurity Bill was first introduced in 2019²², but it was abandoned. This Cybersecurity bill (1.0) was again proposed by the State Administration Council a week after the coup in 2021. On 28 January 2022²³, the military revised the draft law (Law 2.0) by requesting a few stakeholders’ feedback. Based on Free Expression Myanmar (FEM) analysis, the new draft Cyber Law (2.0) repeats and adds on the repressive provisions of previous drafts (2021), seriously threatening the safety and security of Myanmar’s digital space²⁴. This amendment further threatens privacy, information access and freedom of expression. The Asia legal adviser at Human Rights Watch, Linda Lakhdhir, told Human Rights Watch that the proposed cybersecurity law would consolidate the junta’s ability to conduct pervasive censorship and surveillance and hamper the operation of businesses in Myanmar”²⁵ as this law does not only apply to social media and other content-sharing platforms, but to digital marketplaces, search engines, financial services, data processing services, and communications services providing messaging or video calls and games.

· Electronic Transactions Law (2004, 2014 and amended 2021)

The Myanmar Electronic Transactions Law²⁶, originally enacted in 2004, and was amended in 2014 to remove some problematic provisions. On February 15, 2021, after the military coup, the SAC amended this law again without forewarning and opportunity to consult. This new amendment mostly copies the 2021 Draft Cybersecurity Bill, including Articles 9/38, 38a, 38d and 38e. This new crime amendment will restrict further digital rights.

The 2021 amendment extends criminalizing antiregime statements which further restricts information access and freedom of expression. The new crimes and their long prison sentences will create significant risk to the right to freedom of expression especially in the digital space. Dozens of journalists have been forced to flee following the military’s crackdown on press freedoms. According to the Committee to Protect Journalists (CPJ), more than 100 journalists were arrested under criminal charges in 2021²⁷.

Reported cases of internet censorship

The internet in Myanmar was introduced in the early 2000 when the first internet connection was established after the former president Thein Sein under a new regime of civilian government, rejected almost all forms of censorship by opening internet access for all.²⁸ Since 2011, the internet accessibility in Myanmar seems relatively positive until 2019, during ongoing conflict between the military junta and ethnic armed groups in Rakhine state, where the Rohingya ethnic group was specifically targeted. The Ministry of Transportation and Communication, ordered four internet service providers to suspend internet access including mobile internet services to nine townships in northern Rakhine state and southern Chin state.²⁹ Together, more than 200 websites and several Indigenous news sites were blocked.³⁰ Free Expression Myanmar reports that digital freedom of expression in Myanmar declined between 2018 to 2020³¹, see Table 1.

At the beginning of the COVID-19 pandemic a proliferation of fake news started spreading regarding the pandemic which was challenging for the government to counter. Then the Myanmar Press Council released a press statement including a list of sites viewed as spreading “fake news”.³² The 2020 OONI report, showed that Internet Service Providers (ISPs) in Myanmar received a directive from the Ministry of Transport and Communications to block 230 websites.³³ Telenor Myanmar (previously renamed as ATOM) disclosed that they blocked access to 230 websites, but the list of these URLs has not been published. However, the OONI measurement revealed that 174 domains had been blocked through DNS by Telenor Myanmar under the pornography and news media categories (under the pretext that these sites could potentially be viewed as “fake news”). The Myanmar Press Council’s list of blocked domains contain sites belonging to news outlet and content relating to News pornography. In March 2020, the Frontier reported that 50 “fake news”³⁴ sites including ethnic media outlets, such as Rakhine-based Development Media Group (DMG) and Narinjara were blocked under section 77 of the Telecommunications Law. According to Myanmar illegal contents such as drugs, alcohol, or gambling, and pornography are highly restricted in addition to prohibition of sexual education content and homosexuality.³⁵ By far the most censored content online is that of political dissidents. Any criticism or anti-military content, directly or indirectly in opposition to the current military authorities can lead to jail sentences under existing laws. Human Rights Watch reported 98 journalists arrested for violating section 505A of the penal code according to the Assistance Association for Political Prisoners, as of October 25, 2021.³⁶ Since the passing of the year anniversary of the coup d’etat, more than 100 journalists have been arrested.³⁷

February 1, 2021, marked significant disruptions to the country’s internet connection. Digital access became limited for all in Myanmar, exceptionally impacted were ethnic groups living in conflict-affected zones, including the Rohingya. The military regime banned local ethnic news outlets,³⁸ as well as satellite TV and radio, which are the dominant forms of access to information in rural areas.³⁹ Additionally, Freedom House reported that 2000+ websites have been blocked from February to August 2021, under the Telecommunication Law⁴⁰ and Myanmar’s low ranking in 2018 with 36 points dropped further to 17 points in 2021 (see Table 1).

Table 1. Freedom on the Net 2021 country report

On February 3, 2021, Access Now reported that the military ordered all internet providers to block social media such as Facebook, including Instagram, WhatsApp, and Messenger⁴¹. Almost half of the population⁴² in Myanmar use Facebook to access and contribute information. Facebook is synonymous with the internet for the user in Myanmar. Although the military regime restricted using Facebook in Myanmar, citizens in Myanmar used circumvention tools like virtual private network (VPN) to overcome Facebook access restriction. To further restrict the flow of information to and from the country, the regime is set to ban VPN use.⁴³ On February 5, 2022 Privacysavvy reported that Twitter and Instagram were also blocked.⁴⁴

Surveillance of the Myanmar population has increased significantly through developing technical tools,amending laws and introduction of the Cybersecurity bill to monitor and target critics and protesters. The New York Times reported that the military uses dual-purpose surveillance, hacking, and forensic technology to monitor and target critics and protesters.⁴⁵ For example, by installing spyware to private communications, they can monitor users via listening conversation on phone, view private messages, and track people’s locations. Furthermore, the military’s intent to introduce a new Cybersecurity Bill^{46 47} is likely to increase digital control, suppress free speech and access to information across Myanmar.

All in all, Myanmar today is among one of the most censored countries in the world. Through extreme restrictions and control the military regime has limited internet access through online surveillance, intimidation and threats, physical shutdowns and through laws and regulations that if violated incurred criminal charges with heavy punishments. The military junta’s main objective here appears to be total control over the telecommunication infrastructure in an effort to block social media platforms, and increase intrusive surveillance to maintain power and crush dissent.

Network Landscape and Internet Penetration

Digital access has grown quickly in Myanmar since its relatively recent entry into the digital revolution in 2011. Increasingly affordable SIMs and smartphones, combined with more internet service providers and high-speed connection access points has meant that as at January 2021, there were 69.43 million mobile SIMs connections⁴⁸ and 23.65 million internet users,⁴⁹ compared to a total population of Myanmar of 54.61 million in 2021, amounting to half the population of Myanmar before the military coup.

The Myanmar government began to liberalize towards a digital transformation and invited private investments into the development of communications infrastructure and technology. Similarly, internet censorship also declined for the first time during this period of historical change. International news sites, including Voice of America, BBC, and Radio Free Asia, and local news such as the Democratic Voice of Burma and Irrawaddy, long blocked by Burmese censors, were suddenly accessible.⁵⁰ The transformation saw the government’s openness to the world, as well as significant relaxation of its censorship policies, noted in Freedom Express, which showed that internet censorship had declined slightly between 2018 to 2020.

Myanmar’s four telecommunications network operators⁵¹ - Myanmar Posts and Telecommunications (MPT) is a state owned enterprise under the supervision of the Ministry of Transport and Communication. Ooredoo is a subsidiary of the Qatari Ooredoo Group but intends to sell it to Singapore vehicle Nine Communications Pte. Ltd, with an enterprise value of $576 million, according to Ooredoo Group announcement on September 8, 2022.⁵² Telenor (a Norwegian firm) recently withdrew and sold to the M1 Group, which has a master lease agreement with military-backed Mytel.⁵³ Similarly, while there are more than 30 internet service providers⁵⁴ licensed under the Ministry of Transport and Communications (MoTC) but the market is dominated by four main ISPs: Myanmar Net, Myanmar MPT, MyTel, and 5BB.⁵⁵ Freedom House reported that the fixed-line internet speed is slower than average after the coup.⁵⁶ Since February 2021, all media, internet, and mobile connections have been fully controlled by the State Administrative Council (SAC)⁵⁷ affecting internet speeds and social media platform access and websites have been banned.⁵⁸

Though internet users rapidly increased in the previous year, the unexpected transition back to high censorship and Internet restrictions has seen periodic blackouts of the internet, inability to use VPN, reduction of internet speed, increased mobile data and SIMs card price, telecommunications infrastructure problem, and unstable electricity supply affecting not just connectivity but general living standards. The general impact has resulted in a general reduction of online usage, mainly due to increased fear and insecurity. Additionally, pro-democracy protectors or Civil Disobedience Movement (CDM) advocates proactively discourage the use of mobile connections using telco-services that are associated with military junta, further reducing internet usage and online activities.

Regardless, the systematic and nationwide internet shutdowns for 8 hours from 1 am to 9 am was mandated immediately after the military coup took over and lasted for approximately two weeks⁵⁹ (see figure 2).⁶⁰ Although internet connections have relatively been restored, the military had continued to crackdown on internet usage and accessibility by repeatedly reducing the network speed, and blocking mobile networks across 22 townships⁶¹ until now.

Figure 2: Internet connectivity, Myanmar: February 15, 2022 to February 16, 2022 UTC

Findings of internet censorship in Myanmar

Open Observatory of Network Interference (OONI) is a software that monitors free and open internet disruptions to help by increasing transparency around internet censorship around the world. The measurements of internet censorship can be carried out by OONI Run and OONI Probe. The results of the measurements are recorded on OONI Explorer and the measurement consists of many different tests.

Web connectivity test is to measure whether websites are blocked by means of DNS tampering, TCP/IP blocking or by a transparent HTTP proxy. Instant messaging is to measure the reachability of WhatsApp, Facebook Messenger, Telegram, and Signal, within a tested network. Circumvention is to test the blocking of circumvention tools such as Psiphon, Tor or RiseupVPN. Performance test is to measure the speed and performance of the network by NDT (Network Diagnostic Test) and to measure video streaming performance by DASH (Dynamic Adaptive Streaming over HTTP). Middleboxes test consists of HTTP Invalid Request Line Test and HTTP Header Field Manipulation Test, to detect the presence of network components.

The test results of OONI measurements are determined by the indicators listed in Table 2. Table 3 shows the breakdown of OONI measurements on web connectivity, instant messaging and circumvention tools from January to June 2022.

Table 2. Indicators of OONI Measurements

Table 3. The Breakdown of OONI Measurements for Various Tests

Blocking of Websites

The websites to be tested are distinguished into 30 categories.

During the first half-year of 2022, 753,018 OONI measurements were collected from 2,130 websites through 37 vantage points in Myanmar. From this total, it was seen that 88.8% (668,881) were OK, 9.9% (74,711) were anomalies, 1.1% (7,953) were failed measurements and 0.2% (1,473) were confirmed blockings.

Among those 2,130 websites, there are 112 blocked websites (5.26% of 2,130) of 11 categories with 1,473 blocking times through 6 vantage points from 6 internet service providers (ISPs). The ISPs blocking the websites are:

1. Frontiir Co., Ltd.
2. Myanmar Net
3. Global Technology Co., Ltd.
4. Atom Myanmar Ltd. (former Telenor Myanmar)
5. Fortune Telecom Co., Ltd.
6. Myanmar Information Highway Ltd.

The following chart illustrates the blocking of websites of 11 categories in Myanmar from January to June 2022, based on OONI data.

Figure 3: Websites categories with blocking counts

In order to filter out the false positives of the OONI measurement and to confirm the blocking fingerprints of the measurement, the heuristics analysis has also been applied to these 112 blocked websites from OONI measurements. The concepts of the heuristics are as follows:

1. Does the IP in question have a PTR record pointing to something that looks like a blockpage (eg. a hostname that is related to the ISP)?
2. What information can we get about the IP by doing a whois lookup?
3. Is the ASN of the IP the same as the network where the measurement was collected?
4. Do we get a valid TLS certificate for one of the domains in question when doing a TLS handshake and specifying the SNI?

The analysis confirms again that these 112 websites are blocked by ISPs with the use of blocking types such as DNS level interference and HTTP level interference.

Figure 4: 6 ISPs blocked the websites during Jan to June 2022

According to the test results, News media websites are mainly blocked and secondly Pornography websites whereas Social networking websites are the ones with the largest blocking times of 683. Please see Table 5 and Figure 5 .

Table 5. Blocked websites in Myanmar (Jan-June 2022)

Figure 5: Breakdown of Blocked Websites under Categories

Blocking of News Media

During the first half of 2022, 30 websites of News Media were blocked by 2 ISPs: Atom Myanmar Ltd. with the network AS133385 and Global Technology Co., Ltd. with AS133384.

Figure 6: ISPs blocked News Media websites

Among the 30 News Media websites, we have selected 3 websites: http://karennews.org/,

https://rohingyakhobor.com/, and https://www.rohingyanewsbank.com/ for detailed findings of heuristics.

Karen News website is partly blocked by 2 ISPs with the use of DNS tempering and TCP/IP blocking (See Figure 7) but ISPs sometimes give the access in some days during the testing period (See Figure 8). The blocking times increase in May and June 2022.

Figure 7: Karen News page blocked by ISPs

Figure 8: Measurements of Karen News page

The following charts describe that Rohingya Khobor and Rohingya News Bank sites are also blocked by DNS tempering (dns.confirmed) and TCP/IP blocking (tcp.connection_timeout) during the testing period and the websites are sometimes accessible.

Figure 9: Measurements of Rohingya Khobor page

Figure 10: Measurements of Rohingya News Bank page

Blocking of Government Websites

In the case of blocking the government websites, the websites are referred to as those of CRPH (Committee Representing Pyidaungsu Hluttaw) and NUG (National Unity Government). The State Administration Council (SAC), the country’s ruling military junta, has declared the NUG and CRPH illegal. This becomes the reason for blocking. Those 15 websites are blocked by 2 ISPs: Atom Myanmar Ltd. with the network AS133385 and Global Technology Co., Ltd. with AS133384. The following Table states the 15 blocked websites under Government categories with the blocking times from 2 vantage points of 2 ISPs.

Table 6. Blocked Websites under Government Categories

OONI measurements recorded the same 117 Government websites for each ISPs. Apart from those 15 sites, the others are accessible and sometimes likely blocked. The following charts describe the measurements on the government websites by 2 ISPs during the testing period.

Figure 11: Measurements on Government Websites from Global Technology Co., Ltd.

Figure 12: Measurements on Government Websites from Atom Myanmar Ltd.

Internet outages events

Internet access was apparently stable until Monday February 1, 2021 while the military regime took power, shutting down the entire internet connection approximately from 3:00 am Myanmar local time until 8:00 am. That was the first nationwide internet outage after a decade of digital transformation in which internet connectivity in Myanmar has fallen to 50% from ordinary levels reported by Netblocks (see Figure 13).⁶² Then internet disruption repeatedly occurs in the year of 2021 (see the OONI previous report).⁶³

Figure 13: Network Connectivity: January 30, 2022 to February 1, 2022 UTC (Source: Netblocks)

In this finding, we utilized Internet Outage Detection and Analysis (IODA) and Google traffic data to observe internet connectivity outages in Myanmar. The Internet Outage Detection and Analysis (IODA) is a project to measure internet outages worldwide in near real-time. IODA uses four measurement⁶⁴ including google traffic⁶⁵ and inference methods to track and identify internet outages. IODA provides access to their measurements through their Dashboard, which allows users to explore internet outages with country, region, and AS level of granularity. In this observation, we show only two measurements (Routing (BGP), Active Probing) from the IODA dashboard and Google transparency report dashboard.

Figure 14: Internet connectivity status in Myanmar: January 01, 2022 to March 30, 2022 (IODA Dashboard, 2022)

Figure 15: Internet connectivity status in Myanmar: April 01, 2022 to June 30, 2022 (IODA Dashboard, 2022)

Figure 16: Internet connectivity alert in Myanmar: May 15, 2022 to May 21, 2022 (IODA Dashboard, 2022)

Figure 17: Internet connectivity status in Myanmar: January 01, 2022 to June 30, 2022 (Google Transparency Report, 2022)

According to public data source IODA and Google traffic data, there were no significant internet connectivity outages between January 1, and June 30, 2022. However, IODA detects that there was an alert of internet connectivity drop on May 16, 2022 and May 20, 2022 (as figure 9 shown) measured by (Routing (BGP), Active Probing and Google traffic) that appear a sign of internet connectivity outages. In some ways, mobile and wifi internet outages occurred in some regions and states including Sagaing region especially in the conflict-zone due to electricity shortage and political conflict.⁶⁶

Blocking of Instant Messaging Apps

In testing the blocking of Instant Messaging Apps, we can measure for Facebook Messenger, Signal, Telegram and WhatsApp.

OONI’s Facebook Messenger test is to examine the reachability of Facebook Messenger within a tested network by a TCP connection and DNS lookup to Facebook’s endpoints over the vantage point of the user. The blocking occurs if TCP connections to Facebook’s endpoints fail or/and if DNS lookups to domains associated with Facebook do not resolve to IP addresses allocated to Facebook.

According to OONI’s measurements, there were more than 90% anomalies across 3 ASNs (AS9988, AS139711 and AS141704). Hence it may be concluded that Facebook Messenger is likely blocked due to TCP connections failing by preventing the target IP from being reachable.

Figure 18: Measurement on Facebook Messenger

Signal Test is to measure the reachability of the Signal messaging app within a tested network. According to the OONI measurements from January to June 2022, most of Signal TestsTeat are found accessible. On the other hand, some results show the anomaly presenting signs of potential network interference.

Figure 19: Measurement on Signal App

Telegram Test is to examine the reachability of Telegram’s app and web version within a tested network. The below chart shows that almost all of Telegram tests reported continued access during the testing period. It is likely blocked in May and June 2022.

Figure 20: Measurement on Telegram App

WhatsApp Test is designed to examine the reachability of both WhatsApp’s app and web version within a tested network. The measurements show that WhatsApp was accessible in Myanmar during the testing period but with signs of potential blocking on some vantage points.

Figure 21: Measurement on WhatsApp

Blocking of Circumvention Tools

Psiphon is a free and open source tool that utilizes VPN, SSH, and HTTP proxy technology for censorship circumvention. The Psiphon VPN essentially serves as a tunnel that enables you to circumvent censorship. The OONI Probe Psiphon test provides an automated way of examining whether the Psiphon app works in a tested network. In almost the whole research period, Psiphon works in the tested network and can be used to circumvent internet censorship.

Figure 22: OONI data on the testing of Psiphon circumvention tool

Tor is a free and open software for anonymity, privacy, and censorship circumvention, and OONI Tor Test examines whether Tor works in a tested network. In Jan-June 2022, Tor was reachable in Myanmar.

Figure 23: OONI data on the testing of Psiphon circumvention tool

Acknowledgement of Limitations

Through this study, various limitations were found, which could reflect on the internet censorship finding.

Firstly, the examination might not include sufficient test lists and measurements counts for this study period that could reflect the finding. After the coup, the military government highly restricted cyber users who could be threatened to run the OONI run and test lists with local vantage points in Myanmar.

Another limitation is unspecified categories. Within the study period, some blocked sites are detected that do not fall into any of the 30 categories. Thus, in this finding, only 112 websites that are categorized under the CitizenLab test lists are reported here in detail. The remaining blocked sites that are unspecified, are not reported in this report but included in a separate sheet in Annex MM-1.

Conclusion

The state of internet freedom was improved until the 2019 Rohingya crisis, and it went downhill after February 1, 2022, when the military regime took power in the country. Myanmar now became among one of the most censored countries in the world. The military took control of the telecommunication infrastructure, blocked social media platforms, and shut down the internet to increase its surveillance.

Consequently, multiple censorship events have been reported after the coup. In order to comprehend internet censorship, the independent researcher and iMAP team collected and analyzed network interference measurements between 1 January 2022 and 30 June 2022 to find out whether sites, instant messaging apps, and censorship circumvention tools were blocked or not.

Throughout OONI’s study, it has been discovered that internet censorship has increased in Myanmar to a wider extent than ever before when comparing it to the 2017 report. According to 2022 OONI measurement analysis, 112 out of 2,130 websites within eleven categories in Myanmar are found as confirmed blocking sites by 6 local networks relating DNS and HTTP level interference. Among 112 websites under 11 categories, News media category is the category with the highest number of confirmed blocked websites, including ethnic independent News media http://karennews.org/ and https://www.rohingyanewsbank.com/ censored by way of DNS tempering and TCP/IP blocking. OONI detected 15 out of 117 government websites were confirmed blocking due to multiple government actors against one another. In addition to this finding, there was no sign of confirmed blocking of Instant Messaging Apps, however, Facebook messenger and WhatsApp were found to have a high number of anomalies during the tests, which could be concluded as confirmed blocking. During the test, circumvention tools such as Tor and Psiphon appear to be reachable across the Myanmar local networks where OONI tests were run.

Finally, in comparison to the data shown in Myanmar’s report in 2017, which presented only five sites of TCP/IP and HTTP blocking, the state of internet censorship is showing a huge change by now with its significant increase and the decline of internet freedom.

References

Xynou, M. (2021). A multi-perspective view of Internet censorship in Myanmar. OONI. https://ooni.org/post/2021-multiperspective-view-internet-censorship-myanmar/

Acknowledgements

Foremost, we would like to thank the Open Observatory of Network Interference for their work on this project. We would also like to thank the anonymous volunteers in Myanmar who have run the OONI Probe and provide this data. If not, this study would not be possible.

Annex MM-1: Confirmed blockings

Notes:

Website categories are based on the Citizen Lab test lists. If the websites are unclassified, it means that the website is not part of the test list. If the column ‘Confirmed by OONI’ shows “TRUE”, it means that the website has been confirmed blocking by OONI based on current blocking fingerprints. If this column shows “#N/A” but the column ‘Confirmed by Heuristics’ shows “TRUE” the website has been only confirmed blocked through heuristics, which is further explained in Annex II. More metadata is also available to download here: https://github.com/Sinar/imap-data.

Annex I: Glossary

A comprehensive glossary related to OONI can be accessed here: https://ooni.org/support/glossary/.

Annex II: Methodology

Data

Data computed based on the heuristics for this report can be downloaded here: https://github.com/Sinar/imap-data whereas aggregated data can be downloaded from OONI Explorer.

Coverage

The iMAP State of Internet Censorship Country Report covers the findings of network measurement collected through Open Observatory of Network Interference (OONI) OONI Probe App that measures the blocking of websites, instant messaging apps, circumvention tools and network tampering. The findings highlight the websites, instant messaging apps and circumvention tools confirmed to be blocked, the ASNs with censorship detected and method of network interference applied. The report also provides background context on the network landscape combined with the latest legal, social and political issues and events which might have an effect on the implementation of internet censorship in the country.

In terms of timeline, this first iMAP report covers measurements obtained in the six-month period from 1 January 2022 to 30 June 2022. The countries covered in this round are Cambodia, Hong Kong, Indonesia, Malaysia, Myanmar, Philippines, Thailand, and Viet Nam. India will only be included starting in the next period of reporting.

How are the network measurements gathered?

Network measurements are gathered through the use of OONI Probe app, a free software tool developed by Open Observatory of Network Interference (OONI). To learn more about how the OONI Probe test works, please visit https://ooni.org/nettest/.

iMAP Country Researchers and anonymous volunteers run OONI Probe app to examine the accessibility of websites included in the Citizen Lab test lists. iMAP Country Researchers actively review the country-specific test lists to ensure up-to-date websites are included and context-relevant websites are properly categorised, in consultation with local communities and digital rights network partners. We adopt the approach taken by Netalitica in reviewing country-specific test lists.

It is important to note that the findings are only applicable to the websites that were examined and do not fully reflect all instances of censorship that might have occurred during the testing period.

How are the network measurements analysed?

OONI processes the following types of data through its data pipeline: https://github.com/ooni/pipeline

Country code

OONI by default collects the code which corresponds to the country from which the user is running OONI Probe tests from, by automatically searching for it based on the user’s IP address through their ASN database the MaxMind GeoIP database.

Autonomous System Number (ASN)

OONI by default collects the Autonomous System Number (ASN) of the network used to run OONI Probe app, thereby revealing the network provider of a user.

Date and time of measurements

OONI by default collects the time and date of when tests were run to evaluate when network interferences occur and to allow comparison across time. UTC is used as the standard time zone in the time and date information. In addition, the charts generated on OONI MAT will exclude measurements on the last day by default.

Categories

The 32 website categories are based on the Citizenlab test lists: https://github.com/citizenlab/test-lists. As not all websites tested on OONI are on these test lists, these websites would have unclassified categories.

IP addresses and other information

OONI does not collect or store users’ IP addresses deliberately. OONI takes measures to remove them from the collected measurements, to protect its users from potential risks. However, there may be instances where users’ IP addresses and other potentially personally-identifiable information are unintentionally collected, if such information is included in the HTTP headers or other metadata of measurements. For example, this can occur if the tested websites include tracking technologies or custom content based on a user’s network location.

Network measurements

The types of network measurements that OONI collects depend on the types of tests that are run. Specifications about each OONI test can be viewed through its git repository, and details about what collected network measurements entail can be viewed through OONI Explorer or through OONI’s measurement API.

In order to derive meaning from the measurements collected, OONI processes the data types mentioned above to answer the following questions:

• Which types of OONI tests were run?
• In which countries were those tests run?
• In which networks were those tests run?
• When were tests run?
• What types of network interference occurred?
• In which countries did network interference occur?
• In which networks did network interference occur?
• When did network interference occur?
• How did network interference occur?

To answer such questions, OONI’s pipeline is designed to answer such questions by processing network measurements data to enable the following:

• Attributing measurements to a specific country.
• Attributing measurements to a specific network within a country.
• Distinguishing measurements based on the specific tests that were run for their collection.
• Distinguishing between “normal” and “anomalous” measurements (the latter indicating that a form of network tampering is likely present).
• Identifying the type of network interference based on a set of heuristics for DNS tampering, TCP/IP blocking, and HTTP blocking.
• Identifying block pages based on a set of heuristics for HTTP blocking.
• Identifying the presence of “middle boxes” within tested networks.

According to OONI, false positives may occur within the processed data due to a number of reasons. DNS resolvers (operated by Google or a local ISP) often provide users with IP addresses that are closest to them geographically. While this may appear to be a case of DNS tampering, it is actually done with the intention of providing users with faster access to websites. Similarly, false positives may emerge when tested websites serve different content depending on the country that the user is connecting from, or in the cases when websites return failures even though they are not tampered with.

Furthermore, measurements indicating HTTP or TCP/IP blocking might actually be due to temporary HTTP or TCP/IP failures, and may not conclusively be a sign of network interference. It is therefore important to test the same sets of websites across time and to cross-correlate data, prior to reaching a conclusion on whether websites are in fact being blocked.

Since block pages differ from country to country and sometimes even from network to network, it is quite challenging to accurately identify them. OONI uses a series of heuristics to try to guess if the page in question differs from the expected control, but these heuristics can often result in false positives. For this reason OONI only says that there is a confirmed instance of blocking when a block page is detected.

Upon collection of more network measurements, OONI continues to develop its data analysis heuristics, based on which it attempts to accurately identify censorship events.

The full list of country-specific test lists containing confirmed blocked websites in Myanmar, Cambodia, Hong Kong, Indonesia, Malaysia, Philippines, Thailand, and Vietnam can be viewed here: https://github.com/citizenlab/test-lists.

Confirmed vs Heuristics

Confirmed OONI measurements were based on blockpages with fingerprints recorded here https://github.com/ooni/blocking-fingerprints.

Hence, heuristics as below were run on raw measurements on all countries under iMAP to further confirm blockings.

Firstly, IP addresses with more than 10 domains were identified. Then each of the IP address was checked for the following:

When blocking is determined, any domain redirected to these IP addresses would be marked as ‘dns.confirmed’.

Secondly, HTTP titles and bodies were analysed to determine blockpages. This example shows that the HTTP returns the text ‘The URL has been blocked as per the instructions of the DoT in compliance to the orders of Court of Law’. Any domain redirected to these HTTP titles and bodies would be marked as ‘http.confirmed’.

As a result, false positives are eliminated and more confirmed blockings were obtained including countries like Cambodia, Vietnam and Philippines which have no confirmed blocking fingerprints on OONI.

In the case of Hong Kong, the results of the heuristics showed external censorship from outside of the country instead of local censorship. Thus, the local researchers had analysed the OONI measurements manually to identify confirmed blockings. The domains identified were based on the timed-out instances.

About iMAP

Internet Monitoring Action Project (iMAP) aims to establish regional and in-country networks that monitor network interference and restrictions to the freedom of expression online in 9 countries: Myanmar, Cambodia, Hong Kong, India, Indonesia, Malaysia, Philippines, Thailand, and Vietnam. Sinar Project is currently working with national digital rights partners in these 9 countries. The project is done via Open Observatory Network Interference (OONI) detection and reporting systems, involving the maintenance of test lists and measurements.

More information available at: imap.sinarproject.org. Any enquiries and suggestions about this report can be directed to team@sinarproject.org.

About Sinar Project

Sinar Project is a civic tech initiative using open technology, open data and policy analysis to systematically make important information public and more accessible to the Malaysian people. It aims to improve governance and encourage greater citizen involvement in the public affairs of the nation by making Parliament and the Malaysian Government more open, transparent and accountable. More information available at: https://sinarproject.org.

The internet and data accessibilities have been heavily controlled following the military coup that overthrew the democratically-elected government and seized power in February 2021.