Zambia: Internet censorship during the 2016 general elections?
A research study by the Open Observatory of Network Interference
(OONI) and Strathmore University’s Centre for Intellectual Property
and Information Technology Law (CIPIT).
Table of contents
Out of a total of 1,303 websites that were tested for censorship in
Zambia during and following its 2016 general election period, only 10 of
presented signs of
DNS, TCP/IP and HTTP interference, while previously
news outlets appeared to be accessible throughout the duration of the
No block pages were detected as part of this study that could confirm
cases of censorship. Yet, the
that connections to the websites of the World Economic Forum, the
Organization of American States (OAS), and an online-dating site
(pof.com) failed consistently from Zambia’s MTN network across the
testing period, while failure rates from control vantage points were
below 1%, indicating that these sites might have been blocked.
Pornography and sites supporting LGBT dating also appeared to be
inaccessible throughout the testing period, and such blocking can
potentially be legally justified under Zambia’s Penal
and Electronic Communications and Transactions Act
However, it remains unclear why connections to other websites, such as
that of Pinterest, may have been tampered with during Zambia’s 2016
The network tests run in Zambia
aimed at identifying “middle boxes” capable of performing internet censorship,
did not reveal the presence of censorship equipment.
However, this does not mean that censorship equipment is not present in the
country, but just that these particular tests were not able to highlight it’s
Zambia is known
for its relative political stability, having avoided conflict and
maintained a multi-party democratic presidential system since 1991. As
part of its
Zambia guarantees press freedom and various human rights, including
freedom of expression and the right to access information, which are
enshrined in its Bill of
Several cases of censorship however have been reported over the last
decades, including the
ban of The Post, one
of Zambia’s few independent newspapers, leading up to the country’s 1996
and 2016 general elections. Other cases of censorship were
between 2013 and 2014, when four independent online news outlets -
Zambian Watchdog, Zambia
Post, and Radio
Barotse - were blocked
for their critical coverage of the ruling party. OONI
revealed at the time that
Deep Packet Inspection (DPI) filtering tactics were used to block
Zambian Watchdog’s website.
In light of Zambia’s 2016 general elections, the Open Observatory of
Network Interference (OONI), in
collaboration with Strathmore University’s Centre for Intellectual
Property and Information Technology Law
(CIPIT), conducted a study to examine whether
internet censorship events occurred during the election period. This
study was carried out through the collection of network measurements
from a local vantage point in Zambia, based on a set of OONI software
tests designed to examine
whether a set of websites were blocked, and whether systems that could
be responsible for internet censorship and surveillance were present in
the tested network (MTN Zambia).
The aim of this study is to increase transparency about potential
internet controls in Zambia which might have interfered with the
democratic process of elections. The following sections of this report
provide information about Zambia’s network landscape and internet
penetration levels, its legal environment with respect to freedom of
expression, access to information and privacy, as well as about cases of
censorship and surveillance that have previously been reported in the
country. The remainder of the report documents the methodology and key
findings of this study.
Zambia is a landlocked country in Southern Africa, bordering with
Tanzania, Zimbabwe, the Democratic Republic of the Congo, Angola,
Malawi, Mozambique, Botswana and Namibia. Unlike most of its neighbors,
Zambia is known
for its political stability.
Following the country’s independence from the United Kingdom in 1964,
the United National Independence Party (UNIP) ruled Zambia for 18
years under a one-party
state with the motto “One Zambia, One
however, and an attempted
appear to include some of the factors that led to Zambia’s transition to
a multi-party democracy and presidential system in 1991. Zambia has
since held a number of general elections within this new framework.
This, however, was almost disrupted by another failed coup attempt in
1997, resulting in the
death sentence of 103 soldiers. Zambia’s last general elections were
held on 11th August 2016 which
a victory for the Patriotic Front (PF), whose candidate Edgar Lungu was
elected President for a five-year term.
Zambia was one of the world’s fastest growing
over the last decade, but the falling copper prices, exports and foreign
direct investment have
economy in recent years, while the rate of
has increased. Corruption also appears to remain
pervasive in the country
such as the strengthening of legal and institutional frameworks.
minorities live in Zambia,
the Bembe people being the largest ethnic group. The majority of the
of the population are Roman Catholic, Muslim, Buddhist, Hindu and Bahá’í.
Despite the presence of diverse ethnic and religious groups, civil war
has been prevented in the country. Xenophobic violence however has been
an issue, recently resulting in the death of
Rwandans who were
accused of engaging in ritual killings in Lusaka.
Food shortages and HIV/AIDS are some of the main issues that have
affected Zambia in recent decades. Around 70% of the population is
estimated to live on less
than US$1 per day. A national disaster due to droughts was
declared in 2005,
when the President appealed for food aid. While Zambia consists of a
population of around 16
more than 1
people are estimated to be living with HIV/AIDS.
Network landscape and internet penetration
Zambia was one of the first countries in Sub-Saharan Africa to adopt the
internet, when satellite and dial-up technology were installed at the
University of Zambia in the early 1990s. Today, three operators provide
Zambia’s national fiber backbone: Zambia Telecommunications Ltd
(Zamtel) and Zambia Electricity Supply
Corporation Ltd (ZESCO) - both of which are
state-owned - as well as Copperbelt Energy Corporation
(CEC), which is privately-owned.
All internet and mobile service providers in Zambia are privately-owned,
with the exception of Zamtel, which is state-owned. Overall, Zambia has
16 different Internet Service Providers (ISPs), and 3 mobile operators:
Airtel, MTN and Zamtel.
|Number of Mobile Operators||3||3||3||3||3||3||3|
|Number of PSTN Operators||1||1||1||1||1||1||1|
|Number of Active ISPs||-||-||-||16||16||16||16|
Source: Zambia Information and Communications Technology Authority
Zamtel has the largest share of internet subscriptions, but the smallest
share in the mobile phone market, where Airtel and MTN have the
|Network Coverage||2010||2011||2012||2013||2014||2015||2016 Q1|
|Internet Points of Presence (Districts)||-||-||-||99||-||-||-|
|PSTN Area Coverage (%)||90||90||90||90||90||90||90|
|National Network Geographical Coverage|
Source: Zambia Information and Communications Technology Authority
Internet penetration in Zambia is currently limited to about
of the population, according to the International Telecommunication
and Internet World
Stats. The limited
amount of internet users in Zambia is due to a number of reasons,
including high costs of hardware, software and access to the internet,
poor network coverage, erratic and expensive electricity, and high
levels of illiteracy and poverty
(60% of the
population is estimated to live below the poverty line, and
considered to live in extreme poverty). Nonetheless, access to
information and communication technologies (ICTs) has been increasing
steadily over the last few years, growing from a penetration rate of
10% in 2010 to about 21% in
The vast majority of Zambian ICT users access the internet via mobile
phones, as 70.5% of
the population is estimated to have mobile phone subscriptions, while
less than 1% of
Zambians access the internet from their homes via fixed line
subscriptions. As of 2013, SIM card
with an original and valid identity card is required for mobile phone
Zambia’s Information and Communications Technology Authority
(ZICTA) estimates that
35.6% of Zambia’s
mobile phone subscribers use the internet in 2016, as illustrated below:
|Fixed Line Subscription||115,423||0.72%|
|Mobile Internet Users||5,715,493||35.60%|
|Fixed Internet Subscription||35,960||0.22%|
Source: Zambia Information and Communications Technology Authority
Blackberry devices appear to be used the most
due to their cheap subscription fees, while the increasing number of
mobile internet users and government cybercafe
appear to be some of the reasons leading to the decreased popularity of
cybercafes in recent years.
Zambia’s ICT sector is regulated by ZICTA,
which was established under the 2009 Information and Communications
As part of its mandate, ZICTA manages the registration for the .zm
country code top-level domains, according to provisions under the 2009
Electronic Communications and Transaction
Act. The Independent
Broadcasting Authority is also responsible for
regulating some internet content.
Freedom of expression
Freedom of expression is enshrined in the Bill of
which is included in Part III of Zambia’s Constitution. According to
Article 21 of the Bill of Rights:
(1) A person has the right to freedom of expression which includes –
(a) freedom to hold an opinion;
(b) freedom to receive or impart information or ideas;
(c) freedom of artistic creativity;
(d) academic freedom; and
(e) freedom of scientific and technological research, as prescribed.
Clause 2 of Article 21 of the Bill of Rights specifies the conditions
under which freedom of expression is restricted:
(2) Clause (1) does not extend to –
(a) conduct or statements which incite war, genocide, crimes against
humanity or other forms of violence; or
(b) statements which –
(i) vilify or disparage others; or
(ii) incite hatred.
While freedom of expression is guaranteed under Zambia’s Constitution,
in practice this right can be limited by broad interpretations of laws
that restrict expression in the interest of national security, public
order and safety.
Zambia’s Constitution was recently
to include significant protections for press freedom.
Freedom of the media (electronic, broadcasting, print, and other forms)
is guaranteed under Article 23 of the Bill of
though “the State may license broadcasting and electronic media where
it is necessary to regulate signals and signal distribution.”
Clause 2 of Article 23 explicitly prohibits the State from exercising
control or interfering with the production or circulation of
publications, or with the dissemination of information through any
Furthermore, clause 4 of Article 23 guarantees the independence of the
public media to determine the editorial content of their broadcasts and
communications, as well as the right to present divergent views and
In practice, however, press freedom can potentially be limited by
various statutes. Zambia’s Penal
for example, includes clauses that criminalize the defamation of the
president and allow the president to ban publications that are
considered to be “contrary to the public interest”.
Access to information
Article 22 of the Bill of
guarantees the right to access information. Specifically, clause 1 of
Article 22 states that individuals have the right to access information
held by the State or another person which is lawfully required for the
exercise or protection of a right or freedom.
While the process of drafting Zambia’s Access to Information (ATI) Bill
started in 2002, the Bill has still not been enacted into law, thus
limiting the right to access information from being exercised in
Various non-profit organizations, including
the Open Society Initiative for Southern
have criticised the delay and have encouraged the Zambian government to
create a timeline for enacting the Access to Information (ATI) Bill into
The right to privacy is enshrined in Article 19 of Zambia’s Bill of
which extends to the protection of a person’s communications privacy
Data protection is included in Part VII (“Protection of Personal
Information”) of the 2009 Electronic Communications and Transactions
and Article 42 of the Act specifies the principles for the electronic
collection of personal information.
While most of these principles include important provisions for data
protection, it is noteworthy that principle 9 enables data controllers
to “use any personal information to compile profiles for statistical
purposes and may freely trade with such profiles and statistical data,
as long as the profiles or statistical data cannot be linked to any
specific data subject by a third party”. This principle raises concerns,
has shown that “anonymized datasets” can be de-anonymized by third
Censorship and surveillance
Zambia’s Electronic Communications and Transactions Act
(Part XI, “Interception of Communication”) includes details about how
lawful interception is carried out, generally requiring a court order
Article 65 of the Act establishes the Central Monitoring and
Coordination Centre, which manages and aggregates all authorised
interceptions of communications, and which is operated by the department
responsible for Government communications. According to Article 77,
service providers are required to install hardware and software
facilities and devices that enable the “real-time” and “full-time”
interception of communications upon request by law enforcement agencies.
Service providers are also required to provide interfaces for
transmitting all intercepted communications directly to the Central
Monitoring and Coordination Centre.
Part XIV (“Cyber Inspectors”) of the Act details the appointment and
powers of cyber inspectors. According to Article 94, a cyber inspector
may “monitor and inspect any website or activity on an information
system in the public domain and report any unlawful activity to the
Pornography is prohibited under Article 102 of Part XV (“Cyber crime”)
of the Act, according to which a fine and/or imprisonment can be imposed
on any person that “procures any pornography through a computer system
for oneself or for another person”, or “possesses any pornography in a
computer system or on a computer data storage medium”.
Previous cases of internet censorship and surveillance
Africa’s first known case of internet censorship occurred in Zambia
twenty years ago.
Leading up to the 1996 general elections, the government of Zambia
banned edition 401 of
The Post, one of Zambia’s three
primary newspapers, and ordered its removal from the newspaper’s
website. This incidence of censorship
because edition 401 stated that the government was secretly planning to
hold a referendum on the constitution without providing the public with
much prior notice.
In addition to censoring the online version and distribution of The
Post’s 401 edition, the government also
to hold the site’s Internet Service Provider (ISP), Zamnet, criminally
liable for the content, and three of the edition’s editors were
arrested under the
Official Secrets Act on charges for receiving and publishing “classified
No other incidents of internet censorship were reported in Zambia for
more than a decade.
The first new censorship attempt started in late 2012 when Zambia’s
registrar of societies
to deregister the Zambian
Watchdog, an investigative online
media that focuses on corruption and other major crimes, for allegedly
failing to pay required fees and submit a postal address. While this
attempt was unsuccessful, the news website was blocked during the
Four independent online news outlets - Zambian
Post, and Radio
Barotse - were
for about nine months, from July 2013 until April 2014, for their
critical coverage of the ruling party under President Sata.
OONI revealed at the time
that Deep Packet Inspection (DPI) filtering tactics were used to block
Zambian Watchdog’s website. According to the collected data, “reset”
packets were being injected by DPI device to terminate connections to
www.zambiawatchdog.com, leading to
the site being inaccessible.
Source: Open Observatory of Network Interference (OONI), “Zambia, a
country under Deep Packet Inspection”
Initially, only unencrypted connections to Zambian Watchdog’s website
were found to be blocked, but further
also revealed the blocking of encrypted SSL connections to the website.
The Zambian government did not officially claim any responsibility in
relation to this censorship, but Vice President Guy Scott reportedly
that the Zambian Watchdog’s website deserved to be blocked because it
was “promoting hate speech” and its reporting was “malicious, vicious
During this period, several journalists suspected of working for the
Zambian Watchdog were
on charges that included the “possession of obscene material”. Two years
later, one of those journalists was acquitted after a court
that evidence used against him had been planted.
In an open
news outlet Zambia Reports claimed that access to its website was also
blocked completely, and that it had received no prior notification or
explanation from the government in regards to why its website was being
blocked. Zambia Reports also revealed that it had filed a complaint
regarding the blocking of their IP address to ZICTA.
Censorship in Zambia is
enabled through collaboration with Chinese companies, such as
Huawei and ZTE,
that equip Zambian ISPs with DPI technology that can be used for the
purpose of blocking social media and “unfriendly” websites. The Zambian
spent about USD 1.8 million on its partnership with Chinese companies,
involving the installation of an internet monitoring facility and
possibly the development of backdoors within networks.
Zambian authorities might have also acquired sophisticated spyware,
known as Remote Control System
by an Italian surveillance company called Hacking
Team. According to one of Hacking Team’s
RCS spyware can remotely monitor and log activity on computers and
smartphones, while being undetected by anti-virus, anti-spyware and
anti-keylogging software. After Hacking Team got
last year, leaked emails
revealed that the Zambian government intended to acquire spyware for
monitoring and intercepting communications. This, though, has not been
confirmed to date, and it remains unclear if the Zambian government is
indeed using such technologies.
In 2013 Citizen Lab researchers
the presence of a Blue Coat PacketShaper device in Zambia. Blue Coat
Inc. is a California-based company which is known for developing,
marketing, and exporting technologies that can be used to monitor
internet traffic, block websites, and track users’ online activities and
As part of its
the Citizen Lab used a combination of network measurement and scanning
methods and tools to identify instances of Blue Coat ProxySG and
PacketShaper devices around the world. The research findings show the
presence of Blue Coat PacketShaper in Zambia, as illustrated below:
Source: Citizen Lab, “Some Devices Wander By Mistake: PLANET BLUE COAT
surfaced over the last years accusing the Zambian government of
extensive surveillance activities, some of which may have even
such as the foreign minister, and local leaders. Similarly, members of
the opposition have
the Zambian government of eavesdropping on their phone conversations.
Last year, two journalists
the High Court of Zambia to inquire into allegations of phone tapping by
Airtel - Zambia’s largest mobile service provider - under the previous
Zambia’s 2016 general elections and constitutional referendum
Zambia has a reputation for political
in comparison to its neighbours, being governed by a unitary presidential
The 2011 elections
resulted in a
victory for the Patriotic Front (PF), whose candidate Michael Sata was
elected President for a five-year term. However, following the death of
President Sata in October 2014, early presidential
were held last year to elect a successor to complete the remainder of
his term. This resulted in the election of PF candidate Edgar Lungu, who
beat Hakainde Hichilema of the United Party for National Development
(UPND) by a very narrow margin. The UPND did not
the credibility of the 2015 election.
On 11th August 2016, Zambia held its general
elect the President and National Assembly. Leading up to the elections,
violent outbreaks occurred in Lusaka after the government
The Post, one of Zambia’s few independent newspapers, on 10th June.
Due to the violence, the Electoral Commission suspended campaigning
activities in Lusaka and Namwala for ten days. During this period, the
government also took
against The Post on the ground of unpaid taxes of around USD 6
million. The ban on the newspaper was eventually
more than a month later.
This is not the first time that The Post was banned. This
previously occurred in
1996, leading up to the country’s general elections.
Members of the UPND, Zambia’s main opposition party, were
a few weeks before the 2016 general elections on the grounds that they
were trying to start a private militia. The police started off by
raiding the UPND Head
and questioning staff members and volunteers of the party. According to
the UPND, this was part of the PF government’s persecution and abuse
towards them. The police subsequently raided the house of the UPND’s
and a total of 28 people were arrested as part of the raid.
emerged in the printing of the ballot papers, which had previously been
printed in South Africa. This time, the Electoral Commission of Zambia
awarded the contract to Al Ghurair Printing &
Publishing, a Dubai-based firm,
which prepared the ballot papers used for Zambia’s 2016 elections.
Opposition members and civil society groups
this move on the grounds that the contract with the Dubai firm was
significantly more expensive than previous contracts, and that it
increased the possibility of electoral fraud. Similar concerns were also
raised in regards to the transport and distribution of the ballot
The 2016 elections presented a “large turnout” and were
as “calm and peaceful”, while including a tight competition between the
PF and the UPND. A total of nine candidates registered to run for the
presidency, as illustrated below:
Source: Electoral Commission of Zambia, General Election of 2016
Edgar Lungu of the PF won the 2016 elections and was re-elected for a
five-year term, beating the UPND again with a very close margin. The
chart below illustrates that the PF and UPND acquired the vast majority
of votes within Zambia:
Source: Electoral Commission of Zambia, General Election 2016
While the PF and UPND each acquired a similar share of the total votes
in the presidential elections, the PF
a majority in the National Assembly, winning 80 of the 156 elected
seats. In spite of the pre-election violence, the 2016 elections were
as “peaceful”. However, election observers in Zambia
that the media biased the vote in favour of the ruling party.
Following the elections, the UPND
the Electoral Commission of Zambia for participating in fraud due to its
significant delay in announcing the results and
that the vote was rigged. The US-based Carter Center also expressed
in regards to the delay of the announcement of the results, and stated
that the elections were characterized by significant inter-party
tensions and polarization.
Protests sprung against the reelection of President Lungu, resulting in
the arrest of 133
About a week after the elections, subscribers on MTN Zambia, Airtel
Zambia, and Vodafone’s 4G service expressed
regarding an internet shutdown, some attributing this to state sponsored
censorship in an attempt to stifle opposing views towards the election
outcomes. MTN and Airtel acknowledged the disruptions, but it remains
if the outage was ordered by the government or not.
Alongside the elections, a constitutional
also held in Zambia on 11th August 2016. Voters were asked to answer the
“Do you agree to the amendment to the Constitution to enhance the Bill
of rights contained in Part III of the Constitution of Zambia and to
repeal and replace Article 79 of the Constitution of Zambia?”
The referendum sought to enhance and amend Zambia’s Bill of
- a declaration of individual rights and freedoms, as issued by the
national government - by repealing and replacing Article 79, which
dictates the process of future amendments. Specifically, the
changes to the
Bill of Rights would include amendments to the “Civil and Political
Rights” section, and the addition of the “Economic, Social, Cultural and
Environmental Rights” and “Further and Special Rights” sections. For the
referendum to pass, a majority ‘yes’ vote was required, along with a
turnout of at least 50% eligible voters.
The referendum was criticised in advance by media organizations, who
the majority of Zambia’s voters understand the Bill of Rights and what
they were asked to answer through the referendum. The PF government was
for its delay in releasing the Bill of Rights, preventing voters from
reading in advance the contents that they were asked to vote for or
against. This was
as a ploy to deprive the people of Zambia from the opportunity to make
informed decisions in regards to the country’s constitution. Similarly,
the decision to combine the 2016 general election with a referendum was
as an undemocratic ploy by the PF government to acquire votes.
While the majority vote (71%) of Zambia’s 2016 constitutional referendum
was in favour, the turnout was below the 50%
preventing the validation of the result.
Examining internet censorship during Zambia’s 2016 general elections
The Open Observatory of Network Interference
(OONI), in collaboration with Strathmore
University’s Centre for Intellectual Property and Information
Technology Law (CIPIT), performed a study of
internet censorship in Zambia during its 2016 general elections.
The aim of this study was to understand whether and to what extent
censorship events occurred during the election period, limiting voters’
rights to access and disseminate information.
The sections below document the methodology and key findings of this
The methodology of this study, in an attempt to identify potential
censorship events in Zambia during its 2016 election period, included
A list of
that are relevant and commonly accessed in Zambia was created, and such
URLs - along with other
that are commonly accessed around the world - were tested for blocking
based on OONI’s free software tests. Such tests were run from a local
vantage point (the ISP MTN) in Zambia (AS 36962), and they also examined whether
systems that are responsible for censorship, surveillance and traffic
manipulation were present in the tested network. Once network
measurement data was collected from these tests, the data was
subsequently processed and analyzed based on a set of heuristics for
detecting internet censorship and traffic manipulation.
The testing period started on 11th August 2016 - the day of Zambia’s
general elections - and concluded on 24th August 2016. During this
period, network measurements were collected every day through the use of
OONI’s software distribution for Raspberry
Creation of a Zambian test list
An important part of identifying censorship is determining which
websites to examine for blocking.
OONI’s software (called
OONI Probe) is designed to examine URLs contained in specific lists
(“test lists”) for censorship. By default, OONI Probe examines the
which includes a wide range of internationally relevant websites, most
of which are in English. These websites fall under 30
ranging from news media, file sharing and culture, to provocative or
objectionable categories, like pornography, political criticism, and
These categories help ensure that a wide range of different types of
websites are tested, and they enable the examination of the impact of
censorship events (for example, if the majority of the websites found to
be blocked in a country fall under the “human rights” category, that may
have a bigger impact than other types of websites being blocked
elsewhere). The main reason why objectionable categories (such as
“pornography” and “hate speech”) are included for testing is because
they are more likely to be blocked due to their nature, enabling the
development of heuristics for detecting censorship elsewhere within a
In addition to testing the URLs included in the global test list,
OONI Probe is also designed to examine a test list which is specifically
created for the country that the user is running OONI Probe from, if such
a list exists. Unlike the global test list, country-specific test
include websites that are relevant and commonly accessed within specific
countries, and such websites are often in local languages. Similarly to
the global test list, country-specific test lists include websites that
fall under the same set of 30
as explained previously.
All test lists are hosted by the Citizen
GitHub, supporting OONI
and other network measurement projects in the creation and maintenance
of lists of URLs to test for censorship. Some criteria for adding URLs
to test lists include the following:
The URLs cover topics of socio-political interest within the country
The URLs are likely to be blocked because they include sensitive
content (i.e. they touch upon sensitive issues or express
The URLs have been blocked in the past
Users have faced difficulty connecting to those URLs
The above criteria indicate that such URLs are more likely to be
blocked, enabling the development of heuristics for detecting censorship
within a country. Furthermore, other criteria for adding URLs are
reflected in the 30
that URLs can fall under. Such categories, for example, can include
file-sharing, human rights, and news media, under which the websites of
file-sharing projects, human rights NGOs and media organizations can be
As part of the study on whether censorship events occurred during the
2016 election period in Zambia, OONI and CIPIT created a
country-specific test list for
containing URLs to be tested for blocking. The added URLs are specific
to the Zambian context, and include a number of websites that express
political criticism towards the PF party and report on human rights
violations. Overall, 90 different
mostly grouped under the “political criticism” and “human rights”
categories, are included in the Zambian test list, and were tested for
A core limitation to the study is the bias in terms of the URLs that
were selected for testing. As the testing period covered Zambia’s 2016
general elections, the URL selection criteria included the following:
Websites that were more likely to be blocked, because their content
expressed political criticism towards the ruling PF party.
Websites of organizations that were known to have previously been
blocked (such as zambiawatchdog.com) and were thus likely to be
Websites reporting on human rights restrictions and violations,
reflecting criticism towards the ruling PF party.
The above criteria reflect bias in terms of which URLs were selected for
testing, as one of the core aims of this study was to examine whether
and to what extent websites reflecting criticism towards the ruling
party were blocked during the election period, limiting open dialogue
and access to information across the country. As a result of this bias,
it is important to acknowledge that the findings of this study are only
limited to the websites that were tested, and do not provide a complete
view of other censorship events that may have taken place during the
2016 election period.
OONI network measurements
The Open Observatory of Network Interference
(OONI) is a free software project that
aims to increase transparency about internet censorship and traffic
manipulation around the world. Since 2011, OONI has developed multiple
free and open source software
tests designed to
examine the following:
Blocking of websites.
Detection of systems responsible for censorship and
Reachability of circumvention tools (such as Tor, Psiphon,
and Lantern) and sensitive domains.
As part of this study, OONI’s distribution for embedded
Lepidopter) was run from a local vantage point in Zambia, including
the following software tests:
The web connectivity test was run with the aim of examining whether a
set of URLs (included in both the “global test
and the recently updated “Zambian test
were blocked during the testing period and if so, how.
As the presence of Blue Coat filtering technology had previously been
by the Citizen Lab in Zambia (see section on “Cases of internet
censorship and surveillance”), the HTTP invalid request
and HTTP header field
tests were run for the purpose of examining whether such systems were
present in the tested network during the testing period.
The sections below document how each of these tests are designed for the
purpose of detecting cases of internet censorship and traffic
whether websites are reachable and if they are not, it attempts to
determine whether access to them is blocked through DNS tampering, TCP
connection RST/IP blocking or by a transparent HTTP proxy. Specifically,
this test is designed to perform the following:
HTTP GET request
By default, this test performs the above (excluding the first step,
which is performed only over the network of the user) both over a
control server and over the network of the user. If the results from
both networks match, then there is no clear sign of network
interference; but if the results are different, the websites that the
user is testing are likely censored.
Further information is provided below, explaining how each step
performed under the web connectivity test works.
1. Resolver identification
The domain name system (DNS) is what is responsible for transforming a
host name (e.g. torproject.org) into an IP address (e.g. 184.108.40.206).
Internet Service Providers (ISPs), amongst others, run DNS resolvers
which map IP addresses to hostnames. In some circumstances though, ISPs
map the requested host names to the wrong IP addresses, which is a form
As a first step, the web connectivity test attempts to identify which
DNS resolver is being used by the user. It does so by performing a DNS
query to special domains (such as whoami.akamai.com) which will disclose
the IP address of the resolver.
2. DNS lookup
Once the web connectivity
has identified the DNS resolver of the user, it then attempts to
identify which addresses are mapped to the tested host names by the
resolver. It does so by performing a DNS lookup, which asks the resolver
to disclose which IP addresses are mapped to the tested host names, as
well as which other host names are linked to the tested host names under
3. TCP connect
The web connectivity test will then try to connect to the tested
websites by attempting to establish a TCP session on port 80 (or port
443 for URLs that begin with HTTPS) for the list of IP addresses that
were identified in the previous step (DNS lookup).
4. HTTP GET request
As the web connectivity
connects to tested websites (through the previous step), it sends
requests through the HTTP protocol to the servers which are hosting
those websites. A server normally responds to an HTTP GET request with
the content of the webpage that is requested.
Comparison of results: Identifying censorship
Once the above steps of the web connectivity test are performed both
over a control server and over the network of the user, the collected
results are then compared with the aim of identifying whether and how
tested websites are tampered with. If the compared results do not
match, then there is a sign of network interference.
Below are the conditions under which the following types of blocking are
DNS blocking: If the DNS responses (such as the IP addresses
mapped to host names) do not match.
TCP/IP blocking: If a TCP session to connect to websites was
not established over the network of the user.
HTTP blocking: If the HTTP request over the user’s network
failed, or the HTTP status codes don’t match, or all of the
The body length of compared websites (over the control server
and the network of the user) differs by some percentage
The HTTP headers names do not match
The HTML title tags do not match
It’s important to note, however, that DNS resolvers, such as Google or a
local ISP, often provide users with IP addresses that are closest to
them geographically. Often this is not done with the intent of network
tampering, but merely for the purpose of providing users with localized
content or faster access to websites. As a result, some false positives
might arise in OONI measurements. Other false positives might occur when
tested websites serve different content depending on the country that
the user is connecting from, or in the cases when websites return
failures even though they are not tampered with.
HTTP invalid request line
tries to detect the presence of network components (“middle box”) which
could be responsible for censorship and/or traffic manipulation.
Instead of sending a normal HTTP request, this test sends an invalid
HTTP request line - containing an invalid HTTP version number, an
invalid field count and a huge request method – to an echo service
listening on the standard HTTP port. An echo service is a very useful
debugging and measurement tool, which simply sends back to the
originating source any data it receives. If a middle box is not present
in the network between the user and an echo service, then the echo
service will send the invalid HTTP request line back to the user,
exactly as it received it. In such cases, there is no visible traffic
manipulation in the tested network.
If, however, a middle box is present in the tested network, the invalid
HTTP request line will be intercepted by the middle box and this may
trigger an error and that will subsequently be sent back to OONI’s
server. Such errors indicate that software for traffic manipulation is
likely placed in the tested network, though it’s not always clear what
that software is. In some cases though, censorship and/or surveillance
vendors can be identified through the error messages in the received
HTTP response. Based on this technique, OONI has previously
detected the use
of BlueCoat, Squid and Privoxy proxy technologies in networks across
multiple countries around the world.
It’s important though to note that a false negative could potentially
occur in the hypothetical instance that ISPs are using highly
sophisticated censorship and/or surveillance software that is
specifically designed to not trigger errors when receiving invalid HTTP
request lines like the ones of this test. Furthermore, the presence of a
middle box is not necessarily indicative of traffic manipulation, as
they are often used in networks for caching purposes.
also tries to detect the presence of network components (“middle box”)
which could be responsible for censorship and/or traffic manipulation.
HTTP is a protocol which transfers or exchanges data across the
internet. It does so by handling a client’s request to connect to a
server, and a server’s response to a client’s request. Every time a user
connects to a server, the user (client) sends a request through the HTTP
protocol to that server. Such requests include “HTTP headers”, which
transmit various types of information, including the user’s device
operating system and the type of browser that is being used. If Firefox
is used on Windows, for example, the “user agent header” in the HTTP
request will tell the server that a Firefox browser is being used on a
Windows operating system.
This test emulates an HTTP request towards a server, but sends HTTP
headers that have variations in capitalization. In other words, this
test sends HTTP requests which include valid, but non-canonical HTTP
headers. Such requests are sent to a backend control server which sends
back any data it receives. If OONI receives the HTTP headers exactly as
they were sent, then there is no visible presence of a “middle box” in
the network that could be responsible for censorship, surveillance
and/or traffic manipulation. If, however, such software is present in
the tested network, it will likely normalize the invalid headers that
are sent or add extra headers.
Depending on whether the HTTP headers that are sent and received from a
backend control server are the same or not, OONI is able to evaluate
whether software – which could be responsible for traffic manipulation –
is present in the tested network.
False negatives, however, could potentially occur in the hypothetical
instance that ISPs are using highly sophisticated software that is
specifically designed to not interfere with HTTP headers when it
receives them. Furthermore, the presence of a middle box is not
necessarily indicative of traffic manipulation, as they are often used
in networks for caching purposes.
Through its data
processes all network measurements that it collects, including the
following types of data:
OONI by default collects the code which corresponds to the country from
which the user is running OONI Probe tests from, by automatically
searching for it based on the user’s IP address through the MaxMind
GeoIP database. The collection of
country codes is an important part of OONI’s research, as it enables
OONI to map out global network measurements and to identify where
network interferences take place.
Autonomous System Number (ASN)
OONI by default collects the Autonomous System Number (ASN) which
corresponds to the network that a user is running OONI Probe tests from.
The collection of the ASN is useful to OONI’s research because it
reveals the specific network provider (such as Vodafone) of a user. Such
information can increase transparency in regards to which network
providers are implementing censorship or other forms of network
Date and time of measurements
OONI by default collects the time and date of when tests were run. This
information helps OONI evaluate when network interferences occur and to
compare them across time.
IP addresses and other information
OONI does not deliberately collect or store users’ IP addresses. In
fact, OONI takes measures to remove users’ IP addresses from the
collected measurements, to protect its users from potential
However, OONI might unintentionally collect users’ IP addresses and
other potentially personally-identifiable information, if such
information is included in the HTTP headers or other metadata of
measurements. This, for example, can occur if the tested websites
include tracking technologies or custom content based on a user’s
The types of network measurements that OONI collects depend on the types
of tests that are run. Specifications about each OONI test can be viewed
through its git
and details about what collected network measurements entail can be
viewed through OONI
Explorer or through
OONI’s public list of
The OONI pipeline processes the above types of data with the aim of deriving
meaning from the collected measurements and, specifically, in an attempt to
answer the following types of questions:
Which types of OONI tests were run?
In which countries were those tests run?
In which networks were those tests run?
When were tests run?
What types of network interference occurred?
In which countries did network interference occur?
In which networks did network interference occur?
When did network interference occur?
How did network interference occur?
To answer such questions, OONI’s pipeline is designed to process data
which is automatically sent to OONI’s measurement collector by default.
The initial processing of network measurements enables the following:
Attributing measurements to a specific country.
Attributing measurements to a specific network within a country.
Distinguishing measurements based on the specific tests that were
run for their collection.
Distinguishing between “normal” and “anomalous” measurements (the
latter indicating that a form of network tampering is
Identifying the type of network interference based on a set of
heuristics for DNS tampering, TCP/IP blocking, and HTTP blocking.
Identifying block pages based on a set of heuristics for
Identifying the presence of “middle boxes” (such as Blue Coat)
within tested networks.
However, false positives and false negatives emerge within the processed
data due to a number of reasons. As explained previously (section on
“OONI network measurements”), DNS
resolvers (operated by Google or a local ISP) often provide users with
IP addresses that are closest to them geographically. While this may
appear to be a case of DNS tampering, it is actually done with the
intention of providing users with faster access to websites. Similarly,
false positives may emerge when tested websites serve different content
depending on the country that the user is connecting from, or in the
cases when websites return failures even though they are not tampered
Furthermore, measurements indicating HTTP or TCP/IP blocking might
actually be due to temporary HTTP or TCP/IP failures, and may not
conclusively be a sign of network interference. It is therefore
important to test the same sets of websites across time and to
cross-correlate data, prior to reaching a conclusion on whether websites
are in fact being blocked.
Since block pages differ from country to country and sometimes even from
network to network, it is quite challenging to accurately identify them.
OONI uses a series of heuristics to try to guess if the page in question
differs from the expected control, but these heuristics can often result
in false positives. For this reason OONI only says that there is a
confirmed instance of blocking when we have manually added a known
blocking page to the list of blockpages we support.
However, this means that when a block page is not presented by the
censor we are not able to confirm with absolute certainty that blocking
is occurring. For the purpose of this study we have extended our
methodology to also take into account unusual failures that could be
triggered by the censor. In particular, we have looked at sites that
appear to fail consistently (that is in the same way) and constantly
over the testing period, therefore most likely not due to transient
OONI’s methodology for detecting the presence of “middle boxes” -
systems that could be responsible for censorship, surveillance and
traffic manipulation - can also present false negatives, if ISPs are
using highly sophisticated software that is specifically designed to
not interfere with HTTP headers when it receives them, or to not
trigger error messages when receiving invalid HTTP request lines. It
remains unclear though if such software is being used. Moreover, it’s
important to note that the presence of a middle box is not necessarily
indicative of censorship or traffic manipulation, as such systems are
often used in networks for caching purposes.
Upon collection of more network measurements, OONI continues to develop
its data analysis heuristics, based on which it attempts to accurately
identify censorship events.
As part of this study, 38,598 network
collected on a daily basis from a local vantage point (MTN) in Zambia,
starting on the day of the general elections (11th August 2016) and
concluding twelve days later. Such network measurements were collected
via OONI’s software distribution for Raspberry
Pis, which is
designed to examine whether a set of URLs are blocked (and if so, how),
and whether systems (“middle boxes”) that could be responsible for
censorship, surveillance and traffic manipulation are used within a
Upon analysis of the collected data, the
that 10 different websites were consistently inaccessible during the
testing period based on DNS tampering, TCP/IP blocking, and various
forms of HTTP blocking. These findings are summarized in the table
|Tested site||DNS||HTTP-diff||HTTP-failure||TCP/IP blocking||CTRL failure rate|
The failure rate column in the table above shows the percentage of
failed requests to the sites in question from OONI’s control vantage
point from 2016-07-01 to 2016-09-01. Since no block pages were found in
testing the accessibility of sites in Zambia, OONI extended its
methodology to take into account the failure rate of sites during the
testing period compared to the overall failure rate from control vantage
points. In short, OONI considers a website to be blocked if connections
to it consistently fail across the testing period and if it exhibits a
low overall failure rate from control vantage points.
Based on this methodology, sites with low failure rates (from control
vantage points) - such as drugs-forum.com, cidh.org, and pof.com - are
more likely to have been blocked during the testing period than other
sites, such as proxyweb.net, which present higher failure rates.
of gayromeo.com, an online dating website for Lesbian, Gay, Bisexual,
and Transgender (LGBT) communities around the world, might potentially
be attributed to the prohibition of same-sex activity in Zambia.
Sections 155 through 157 of Zambia’s Penal
prohibit homosexual activity and impose a penalty of up to fourteen
years of imprisonment. Similarly, both online-dating.org and pof.com
may have been blocked for supporting homosexual dating, though
online-dating.org also presents a high level of global failures.
in Zambia under Article 102 of Part XV (“Cyber crime”) of the Electronic
Communications and Transactions Act 2009, which might explain why
to be inaccessible throughout the testing period. It’s worth pointing
out, however, that other pornographic websites were found accessible
during the same testing period.
The inaccessibility of other websites appears to be less justifiable.
The World Economic Forum’s website, for
to be consistently inaccessible based on DNS tampering and HTTP
failures, but the motivation or legal justification behind this remains
unclear. Quite similarly, it also remains unclear why the
website of the Organization of American States
(OAS), which is responsible for the promotion and protection of human
rights in America, was found to be
in Zambia during the 2016 election period. While the website of the
World Economic Forum also presented a failure rate of about 7%
(indicating that it might not actually have been blocked by Zambian
ISPs), the website of the OAS presented a failure rate of less than 1%,
indicating that it might have been blocked.
Other websites that raise questions include the
of the World Zionist Organization, which aims at establishing a legally
assured home in Palestine for the Jewish people. Interestingly enough,
this website presented 0% failure rates from control vantage points, but
connections to it failed consistently throughout the testing period.
It’s unclear though if this is due to TCP/IP blocking implemented by
Zambia’s MTN, or if the website itself rejected connections coming from
Zambia. Photo-sharing platform Pinterest also
to be inaccessible, presenting HTTP failures consistently across the
testing period, but the website’s failure rates (around 7%) indicate
that this might not actually be a case of censorship.
Multiple other websites, beyond the ones included in the above table,
also presented signs of network interference. However, upon examining
these websites across the testing period, connections to them appeared
to be successful in most cases, indicating that many of the cases of
network interference were likely false positives due to transient
On a positive note, the websites of Zambia’s opposition members and the
news outlets (such as zambiawatchdog.com/) that were previously censored
between 2013 and 2014 were not
found to be blocked
during this testing period. Out of a total of 1,303 websites that were
tested for censorship in Zambia, only 10 of those websites presented
signs of network interference.
The above cases, as detected through the use of OONI’s
software, indicate the
presence of censorship equipment within the tested network. However,
OONI’s HTTP invalid request
and HTTP header field
tests did not detect the fingerprints of such equipment, preventing
the identification of the specific types of equipment being used.
Acknowledgement of limitations
The findings of this study present various limitations, and do not
necessarily reflect a comprehensive view of internet censorship in
Zambia during the 2016 general election period. The first limitation is
associated with the testing period, which started on the day of the
general elections (11th August 2016) and concluded only twelve days
later, without covering the pre-election period when other censorship
events might have occurred. This limitation is associated with safety
concerns and challenges in regards to probe deployment.
Another limitation to this study is the amount and type of URLs that
were tested for censorship. As mentioned in the methodology section of
this report (“Creating a Zambian test list”), the criteria for selecting
URLs that are relevant to Zambia were biased. This URL selection bias
was influenced by the core objective of this study, which sought to
examine whether websites reflecting criticism towards the ruling party
were blocked. Furthermore, while a total of 1,303 different URLs were
tested for censorship as part of this study, not all the URLs on the
internet were tested, indicating the possibility that other websites not
included in test lists might have been blocked.
Furthermore, this study was limited to one local network vantage point
(MTN Zambia) and therefore does not include measurements from other
networks, where more and/or other censorship events might have occurred.
This limitation is associated to safety concerns and challenges in terms
of engaging volunteers in Zambia to run tests.
Finally, the heuristics used as part of OONI’s methodology present
limitations. This is due to the fact that many false positives and false
negatives occur within collected data (as explained in the methodology
section of this report), limiting OONI’s ability to confirm cases of
censorship with confidence in many cases. Moreover, OONI’s heuristics
are limited to a sample of censorship equipment fingerprints, limiting
the ability to identify other types of equipment that may have been used
within tested networks.
This study highlights the possibility of DNS, TCP/IP and HTTP
blocking of 10
different websites during Zambia’s 2016 general election period. As no
block pages were detected, none of these cases can be confirmed with
Sites that support LGBT dating and pornography were found to be
inaccessible throughout the testing period. Under the provisions of
and Electronic Communications and Transactions Act
the blocking of such sites can potentially be legally justified.
Pinterest was also
to be inaccessible, as well as the websites of the World Economic Forum, the
Organization of American States (OAS) and the World Zionist Organization.
However, the motivation and legal justification behind these possible
censorship events remains unclear. On a positive note, the websites of Zambia’s
opposition members and the news outlets that were previously censored between
2013 and 2014 were not found to be blocked during this testing period.
OONI and the CIPIT
encourage transparency around internet controls, particularly during election
periods, to help enhance the safeguard of human rights and democratic