The State of Internet Censorship in Myanmar

A research study by the Open Observatory of Network Interference (OONI), Sinar Project, and the Myanmar ICT for Development Organization (MIDO).

Table of contents

• Key Findings

• Introduction

• Background

• Network landscape and internet penetration

• Legal environment

  • Freedom of expression

  • Press freedom

  • Access to information

  • Privacy

  • Censorship and surveillance

• Reported cases of internet censorship and surveillance

• Examining internet censorship in Myanmar

  • Methodology

    • Review of the Citizen Lab’s test list for Myanmar

    • OONI network measurements

      • Web Connectivity test

      • HTTP Invalid Request Line test

      • HTTP Header Field Manipulation test

      • Vanilla Tor test

      • WhatsApp test

      • Facebook Messenger test

  • Data analysis

• Findings

  • Acknowledgement of limitations

• Conclusion

• Acknowledgements

Country: Myanmar

Probed ISPs: FMG Company Limited (AS63852), Global Technology Co., Ldt (AS133524), OOREDOO Myanmar (AS132167), Telenor Myanmar (AS133385), Myanma Posts & Telecommunications (AS9988), Yatanarpon Teleport Company Limited (AS18399).

Testing period: 25th October 2016 - 28th February 2017

OONI tests: Web Connectivity, HTTP Invalid Request Line, HTTP Header Field Manipulation, WhatsApp test, Facebook Messenger test, Vanilla Tor test.

Censorship method: Signs of TCP/IP blocking and HTTP blocking.

Key Findings

Out of 1,927 sites that were tested for censorship in six local vantage points in Myanmar, only five sites presented signs of TCP/IP and HTTP blocking, including the sites of the U.S. embassy in Myanmar and of the Organization of American States (OAS). The motivation and justification behind the potential blocking of these sites remains unclear. No block pages were detected as part of this study that can confirm cases of censorship.

Similarly, no middle boxes were detected as part of this study. Blue Coat software (some types of which can potentially be used for internet censorship and surveillance) was previously detected in Myanmar by OONI in late 2012. Extensive tests though performed across six different networks in Myanmar show that Blue Coat software didn’t appear to be present during the testing period (25th October 2016 to 28th February 2017), indicating that it may have been removed.

WhatsApp, Facebook Messenger, and the Tor network appeared to be accessible across all six networks in Myanmar where OONI tests were run.

Introduction

In an attempt to examine the current state of internet censorship in Myanmar, the Open Observatory of Network Interference (OONI), Sinar Project and Myanmar ICT for Development Organization (MIDO) collaborated on a joint study to examine whether internet censorship events were persisting in the country through the collection and analysis of network measurements.

The aim of this study is to increase transparency of internet controls in Myanmar and to collect data that can potentially corroborate rumours and reports of internet censorship events. The following sections of this report provide information about Myanmar’s network landscape and internet penetration levels, its legal environment with respect to freedom of expression, access to information and privacy, as well as about cases of censorship and surveillance that have previously been reported in the country. The remainder of the report documents the methodology and key findings of this study.

Background

Myanmar is a sovereign state with a population of around 51 million in South East Asia, bordering the Andaman Sea and the Bay of Bengal, between Bangladesh and Thailand. It is a parliamentary republic with 7 regions, 7 states, and 1 union territory.

Its population is comprised of 135 distinct officially recognised ethnic groups, with the majority Burman ethnic group making up 68% of the population and dominating the military and government. The minority ethnic groups includes the Shans (9%), Karens (7%), Rakhines (4%), Chinese (3%), Indians (2%) and Mon (2%), with the other ethnic groups consisting the remaining 5%.

According to Myanmar’s 2014 census, a large majority of Myanmar’s population practices Buddhism, with 87.9% identifying as Buddhists, 6.2% as Christians, 4.3% Muslims, 0.8% Animists, 0.5% Hindus, 0.2% as ‘other’ and the remaining 0.1% as ’none’. Non-Buddhist minorities face widespread persecution and prejudice, with the Rohingya minority having continued to suffer from human rights violation under the military junta since 1978, with continued criticism by human rights organisations on the government’s treatment of the Rohingya minority. The government has been actively accused of forced or pressured religious conversions of non-Buddhist minorities. Adherence to Buddhism was an unwritten prerequisite for promotions within the government and army, with nearly all senior level officers of the armed forces and the ruling State Peace Development Council (SPDC) identifying as Buddhists.

Civil wars and rampant ethnic and religious strife have been a constant feature of Myanmar’s socio-political landscape for most of its independent years as ethnic minorities struggle for ethnic and sub-national autonomy. Human rights violations and systematic denial of basic rights such as freedom of expression, association, and assembly, occurred with regularity during the military junta’s rule of the country from 1962 till 2011. The ruling State Peace and Development Council (SPDC) regularly arrested activists and opposition party members sentenced by unfair trials in closed courts, in addition to imposing systematic restrictions of information control to limit social mobilisation around key political events.

From 1962, the country was ruled by the military junta up until 2011 when it was officially dissolved and replaced with a nominally civilian government following the 2010 general election. Although the 2010 election was criticised for declaring the National League for Democracy (NLD) illegal, and only allowing government sanctioned political parties to contest in it, it marked the transition of the military’s movement towards more openness, with the government’s political reforms which included ending the house arrest of NLD’s pro-democracy leader Aung San Suu Kyi, the release of 200 political prisoners as part of a general amnesty, relaxation of press censorship, and institution of new labour laws.

Drastic reforms in September 2011 marked the military government’s transition to more openness, with significant relaxations of the country’s censorship policies. Censorship tests conducted by ONI in 2012 found reductions in the scope and depth of content filtered in 2012 compared to in 2005, with a majority of previously censored political content ranging from independent news sites, the websites of opposition parties, and critical political content made accessible. Despite that, a culture of self-censorship remains, with many media organisations taking precaution to avoid accusations of libel and state security charges. With the new transition towards a free democratic system following the win of the opposition party, National League for Democracy in the most recent 2015 election, it is imperative to continue the questioning of the true breadth and depth of the current state of censorship in Myanmar.

Myanmar’s transition to a civilian government in 2011 began an economic overhaul aimed at attracting foreign investors, and integrating Myanmar into the global economy. This, along with the easing of most Western sanctions has led to its accelerated growth in 2013 and 2014, with a GDP growth of 8.7%. Despite this, due to the former military government’s isolationist policies and economic mismanagement, Myanmar’s income gap is among the widest in the world, as a large proportion of the economy remains under the control of supporters of the previous military government.

Myanmar ranks as a corrupt nation, with a Corruption Perceptions Index rank of 136 out of 176, and a rating of 28 out of 100 as of 2016.

Network landscape and internet penetration

As of 2016, internet penetration rates in Myanmar are at 19.3%, quickly growing due to the sharp increase in its mobile penetration rate with the emergence of cheap mobile internet and improved telecommunication infrastructure. Despite the strong growth in Myanmar’s mobile penetration rate from 7% in 2013 to 85% by 2016, fixed line telephone penetration remains low at just under 1%.

Prior to September 2011, a combination of government censorship, deliberate infrastructure and technical constraints, deliberately controlled internet speeds with proxy-caching servers, and government restrictions on pricing limited the internet penetration rates in Myanmar, with it being as low as 0.2% in 2010.

The government’s expansive control over the internet was largely facilitated by the fact that users were limited to only two ISPs, Myanmar Posts and Telecom (MPT) and Bagan Cybertech (currently Yatanarpon Telecom), both of which were state-controlled by the Myanmar government. With low computer ownership, most users relied on internet cafés, promoted as “Public Access Centres” (PAC) for internet access, with many internet cafés utilising proxy sites and circumvention tools to bypass government restrictions.

Following the enactment of the Information Technology Law, the government began the issuing of ISP licenses to new operators in 2013 in an effort to open up Myanmar’s telecommunications market. With the entry of two foreign operators Ooredoo and Telenor in the local mobile market leading to the emergence of cheap mobile internet and improved telecommunication infrastructure, internet penetration rates skyrocketed to 12.6% in 2015, with it currently growing at 19.3% in 2016.

The table below illustrates some of the main providers in Myanmar.

Legal environment

Freedom of expression

Telecommunications Law 2013

The 2013 Telecommunications Law restricts speech via telecommunications equipment. Section 66D prohibits the “extortion, coercion, wrongful restrainment, defamation, undue influence or threatening of any person” using any telecommunications networks. The use of such subjective terms imposes on the criminal liability of the speech of any telecommunications user.

The Research Team for Telecommunication Law, as established by the Committee for Amending the Telecommunication Law, has analyzed the Telecommunication Law from various aspects, particularly from the view of the legal system and IT technology. According to the findings, this law has resulted in seven cases under section 66(d) and five charges under the former President U Thein Sein administration. Under the present National League for Democracy government, there have been forty-two 66(d) cases, with five resulting in charges, and eight people being held in custody. The rest are ongoing cases.

Many of these cases may result from the vague terminology and definitions used as part of Myanmar’s Telecommunication Law. The Research Team for Telecommunication Law pointed out, for example, that Section 68(a) of the Law (“Connecting, receiving, transmitting, distributing or handing out false information dishonestly or participating in such activity”) is vague, confusing, and does not specify the types of online activities that could potentially result in prosecution.

Myanmar Penal Code

Section 124A [Sedition] of the Myanmar Penal Code prohibits any words, either spoken or written, signs, or visible representations that bring into hatred, contempt, attempts to excite, or disaffection towards the government, and can be punished by life imprisonment or imprisonment of a shorter term to which a fine may be added.

Sections 499-502 [Defamation] allow the state to prosecute an individual for defamation, defined as making or publishing any imputation concerning a person intending to harm the reputation of such a person, with a penalty of imprisonment of up to 2 years.

Section 505B [Public Tranquility] punishes the creation, publication or circulation of any statement or rumour with the intent to cause fear or alarm to the public which may induce them to commit an offence against the State or against public tranquility, with the penalty of imprisonment which may extend to two years.

Computer Science Development Law (1996)

Section IX of the 1996 Computer Science Development Law requires prior permission and registration for the importing, keeping, or utilization of computers or related equipment in addition to the setting up of computer networks. Failure to comply with the stipulations of the Ministry of Communications, Posts and Telegraphs is punishable by imprisonment of up to 15 years, and may also be liable to a fine. Despite it being effectively superseded by the 2004 Electronic Transactions Act and subsequently the 2013 Telecommunications Act, it has never been formally repealed and technically remains in force.

Press freedom

End of pre-publication censorship 2012

In 2012, as part of Myanmar’s reform process, the country’s Ministry of Information abolished pre-publication censorship practices, no longer requiring media organisations to submit their content to a censorship board prior to publication. However, a culture of self-censorship remains, with many media organisations taking precaution to avoid accusations of libel and state security charges.

Broadcast Law 2015

The Broadcast Law lifted the ban on private ownership of daily newspapers for the first time, with broadcast licenses to public service, commercial and community broadcasters authorized and revoked by a Broadcast Council. However, the law maintains government control over the broadcasting sector– members of the Broadcast Council are appointed by its president, leaving it open to political manipulation, and undermining its independence.

Access to information

Official Secrets Act 1923

Myanmar’s broadly drawn Official Secrets Act which dates back to 1923 penalizes the receival and dissemination of a broadly defined range of documents, especially government documents. Section 3(1)(a) of the Official Secrets Act provides penalties of up to 14 years of imprisonment for anyone approaching or entering a broad range of prohibited places. Section 5 of the Act severely limits the disclosure of information of any kind by anyone within or with connections to the government, in addition to making it an offense to receive such information, with both offenses carrying providing penalties of up to 2 years of imprisonment.

Electronic Transactions Law 2004

The 2004 Electronic Transaction Law forbids the sending or distribution of “information relating to secrets of the security of the state” through the internet. Due to the broadness of this definition, this applies to communications about cultural or economic affairs, and has been used to imprison journalists, bloggers or activists. The law, along with the Television and Video Law was applied by closed courts (mostly operating out of Insein prison) to deliver sentences of up to 65 years to activists, bloggers and members of the 88 Generation Students Group.

Privacy

Section 357 of the Constitution of Burma 2008 states that “the Union must protect the privacy and security of home, property, correspondence and other communications of citizens under the law subject to the provisions of the Constitution”. Certain data privacy requirements exist as part of Myanmar’s 2004 Electronic Transactions Law. Some ISPs such as Telenor have adopted their own policies in regards to the privacy of their customers. The company stated in their policy that they hold a public commitment to protecting their subscribers’ freedom of expression and privacy in accordance with local legislation.

In mid-December 2016, Myanmar ICT for Development Organization (MIDO) organized the Myanmar Digital Rights Forum, together with Phandeeyar, Myanmar Centre for Responsible Business and EngagedMedia.org, with support from the Embassy of Sweden. The two-day Forum brought together about 90 representatives from organizations of the private sector and civil society, as well as government and media, to discuss concerns to digital rights.

The participants discussed the (then) draft Citizens’ Privacy and Security Protection Bill and raised a number of concerns about its impact and practical implementation. Many of the concerns pertained to the flaws and vague definitions included in the Bill, as well as to its limited compliance with international human rights standards. Some of the participants pointed out that the Bill does not contain a clear process for seeking permission, an order or a warrant that would authorize the circumstances for data collection and retention. As such, representatives from 18 organizations attending the Myanmar Digital Rights Forum released a joint statement urging the Union Parliament and the Government not to expedite the law enacting without having nation-wide public consultation.

Despite the comments and requests made by civil society organizations, the Citizens’ Privacy and Security Protection Bill was enacted into law on 8th March 2017. The main changes to the law, compared to the original draft, include the removal of the bylaw making powers from the Home Ministry, and the insertion of vague wording in Article 8 for “permission from the Union President or a Union-level Government body”.

Censorship and surveillance

Telecommunications Law 2013

Articles 75 and 77 of the 2013 Telecommunications Law allows the government to intercept, suspend, or obtain any information that threatens the national security and prevalence of law in the country. The broad provision fails to specify which government agents are authorised to do this, and what sort of information specifically constitutes the general terms such as ‘national security’.

Reported cases of internet censorship and surveillance

The internet freedom landscape in Myanmar appears to have taken a relatively positive turn following the 2011 reforms. Nonetheless, some cases of internet censorship and surveillance that have been reported since are included below.

Internet café surveillance

A 2011 report by Reporters Without Borders(RSF) revealed the issuing of a set of expansive directives by the Ministry of Communications Post and Telegraphs (MCPT) requiring owners of internet cafés to collect and share with the authorities the personal data of their patrons including their “names, National Registration Card number, passport number (if the user is a foreigner), contact address”, in addition to a log of their internet records.

Internet censorship devices

In 2011, Citizen Lab research uncovered the use of commercial filtering devices manufactured by U.S.-based Blue Coat Systems in Myanmar. Tests of internet filtering conducted within Burma running on Open Net Initiative (ONI) developed software provided evidence that Blue Coat’s devices were being used to actively filter internet content in Myanmar. Of the 37 Blue Coat content categories, all URLs from 10 categories on ONI’s test list appeared to be blocked entirely, including categories for pornography, LGBT, Hacking, and Proxy Avoidance.

Similarly, a report by Reporters without Borders revealed the acquisition of censorship equipment and hardware from the Chinese subsidiary of Alacatel-Lucent. The offering of a website filtering and surveillance system by Alcatel-Lucent’s Chinese subsidiary was confirmed by a spokesman for Hanthawaddy, a state-controlled ISP.

Blue Coat software (some types of which can potentially be used for internet filtering, censorship, and surveillance) was detected in Myanmar through OONI’s HTTP Invalid Request Line test in late 2012. It remains unclear, however, if this was a country-wide deployment or if it was only used in the specific network that was tested. Two years later OONI’s HTTP Invalid Request Line test was run in the same network, but the presence of Blue Coat systems was not detected (indicating that it was possibly removed from that specific network).

Hacking Team Surveillance Software

Leaked email communications from 2015 revealed a discussion between Hacking Team, an Italian spyware company, and the Myanmar government on establishing domestic surveillance mechanisms, with the earliest communication dating back to 2012. Although Hacking Team’s offer ‘active IT intrusion services’ appears to have failed, the fact that such options were being considered by the Myanmar government is disturbing.

Blocking of Facebook

Following days of unrest and inter-communal violence between Buddhist and Muslim residents of the Mandalay region which left two dead and 14 injured, Facebook went down in Myanmar coinciding with the government-imposed curfew hours in Mandalay, with speculation that the blocked access may have been to prevent online users from posting hate speech and fueling unrest in Mandalay.

Examining internet censorship in Myanmar

The Open Observatory of Network Interference (OONI), in collaboration with Sinar Project and Myanmar ICT for Development Organization (MIDO), performed a study of internet censorship in Myanmar. The aim of this study was to understand whether and to what extent censorship events occurred in Myanmar during the testing period.

The sections below document the methodology and key findings of this study.

Methodology

The methodology of this study, in an attempt to identify potential internet censorship events in Thailand, included the following:

• Review of the Citizen Lab’s test list for Myanmar

• OONI network measurements

• Data analysis

A list of URLs that are relevant and commonly accessed in Myanmar was created by the Citizen Lab in 2014 for the purpose of enabling network measurement researchers to examine their accessibility in Myanmar. As part of this study, this list of URLs was reviewed to include additional URLs which - along with other URLs that are commonly accessed around the world - were tested for blocking based on OONI’s free software tests. Such tests were run from local vantage points in Myanmar, and they also examined whether systems that are responsible for censorship, surveillance and traffic manipulation were present in the tested network. Once network measurement data was collected from these tests, the data was subsequently processed and analyzed based on a set of heuristics for detecting internet censorship and traffic manipulation.

The testing period for this study started on 25th October 2016 and concluded on 28th February 2017.

Review of the Citizen Lab’s test list for Myanmar

An important part of identifying censorship is determining which websites to examine for blocking.

OONI’s software (called OONI Probe) is designed to examine URLs contained in specific lists (“test lists”) for censorship. By default, OONI Probe examines the “global test list”, which includes a wide range of internationally relevant websites, most of which are in English. These websites fall under 31 categories, ranging from news media, file sharing and culture, to provocative or objectionable categories, like pornography, political criticism, and hate speech.

These categories help ensure that a wide range of different types of websites are tested, and they enable the examination of the impact of censorship events (for example, if the majority of the websites found to be blocked in a country fall under the “human rights” category, that may have a bigger impact than other types of websites being blocked elsewhere). The main reason why objectionable categories (such as “pornography” and “hate speech”) are included for testing is because they are more likely to be blocked due to their nature, enabling the development of heuristics for detecting censorship elsewhere within a country.

In addition to testing the URLs included in the global test list, OONI Probe is also designed to examine a test list which is specifically created for the country that the user is running OONI Probe from, if such a list exists. Unlike the global test list, country-specific test lists include websites that are relevant and commonly accessed within specific countries, and such websites are often in local languages. Similarly to the global test list, country-specific test lists include websites that fall under the same set of 31 categories, as explained previously.

All test lists are hosted by the Citizen Lab on GitHub, supporting OONI and other network measurement projects in the creation and maintenance of lists of URLs to test for censorship. As part of this study, OONI and Sinar Project reviewed the Citizen Lab’s test list for Myanmar by adding more URLs to be tested for censorship. Overall, 822 URLs that are relevant to Myanmar were tested as part of this study. In addition, the URLs included in the Citizen Lab’s global list (including 1,105 different URLs) were also tested.

It is important to acknowledge that the findings of this study are only limited to the websites that were tested, and do not necessarily provide a complete view of other censorship events that may have occurred during the testing period.

OONI network measurements

The Open Observatory of Network Interference (OONI) is a free software project that aims to increase transparency of internet censorship around the world. Since 2012, OONI has developed multiple free and open source software tests designed to examine the following:

• Blocking of websites.

• Blocking of censorship circumvention tools (such as Tor).

• Blocking of instant messaging apps.

• Detection of systems responsible for censorship, surveillance, and traffic manipulation.

As part of this study, the following OONI software tests were run from six different local vantage points in Myanmar:

• Web connectivity

• HTTP invalid request line

• HTTP header field manipulation

• Vanilla Tor

• WhatsApp

• Facebook Messenger

The Web Connectivity test was run with the aim of examining whether a set of URLs (included in both the “global test list” and the recently updated “Myanmar test list”) were blocked during the testing period and if so, how. The Vanilla Tor test was run to examine the reachability of the Tor network, while the WhatsApp and Facebook Messenger tests were run to examine whether these instant messaging apps were blocked in Myanmar during the testing period.

The HTTP invalid request line and HTTP header field manipulation tests were run with the aim of examining whether “middle boxes” (systems placed in the network between the user and a control server) that could potentially be responsible for censorship and/or surveillance were present in the tested network.

The sections below document how each of these tests are designed for the purpose of detecting cases of internet censorship and traffic manipulation.

Web Connectivity test

This test examines whether websites are reachable and if they are not, it attempts to determine whether access to them is blocked through DNS tampering, TCP/IP blocking or by a transparent HTTP proxy. Specifically, this test is designed to perform the following:

• Resolver identification

• DNS lookup

• TCP connect

• HTTP GET request

By default, this test performs the above (excluding the first step, which is performed only over the network of the user) both over a control server and over the network of the user. If the results from both networks match, then there is no clear sign of network interference; but if the results are different, the websites that the user is testing are likely censored.

Further information is provided below, explaining how each step performed under the web connectivity test works.

1. Resolver identification

The domain name system (DNS) is what is responsible for transforming a host name (e.g. torproject.org) into an IP address (e.g. 38.229.72.16). Internet Service Providers (ISPs), amongst others, run DNS resolvers which map IP addresses to hostnames. In some circumstances though, ISPs map the requested host names to the wrong IP addresses, which is a form of tampering.

As a first step, the web connectivity test attempts to identify which DNS resolver is being used by the user. It does so by performing a DNS query to special domains (such as whoami.akamai.com) which will disclose the IP address of the resolver.

2. DNS lookup

Once the Web Connectivity test has identified the DNS resolver of the user, it then attempts to identify which addresses are mapped to the tested host names by the resolver. It does so by performing a DNS lookup, which asks the resolver to disclose which IP addresses are mapped to the tested host names, as well as which other host names are linked to the tested host names under DNS queries.

3. TCP connect

The web connectivity test will then try to connect to the tested websites by attempting to establish a TCP session on port 80 (or port 443 for URLs that begin with HTTPS) for the list of IP addresses that were identified in the previous step (DNS lookup).

4. HTTP GET request

As the web connectivity test connects to tested websites (through the previous step), it sends requests through the HTTP protocol to the servers which are hosting those websites. A server normally responds to an HTTP GET request with the content of the webpage that is requested.

Comparison of results: Identifying censorship

Once the above steps of the web connectivity test are performed both over a control server and over the network of the user, the collected results are then compared with the aim of identifying whether and how tested websites are tampered with. If the compared results do not match, then there is a sign of network interference.

Below are the conditions under which the following types of blocking are identified:

• DNS blocking: If the DNS responses (such as the IP addresses mapped to host names) do not match.

• TCP/IP blocking: If a TCP session to connect to websites was not established over the network of the user.

• HTTP blocking: If the HTTP request over the user’s network failed, or the HTTP status codes don’t match, or all of the following apply:

1. The body length of compared websites (over the control server and the network of the user) differs by some percentage;

2. The HTTP headers names do not match;

3. The HTML title tags do not match.

It’s important to note, however, that DNS resolvers, such as Google or a local ISP, often provide users with IP addresses that are closest to them geographically. Often this is not done with the intent of network tampering, but merely for the purpose of providing users with localized content or faster access to websites. As a result, some false positives might arise in OONI measurements. Other false positives might occur when tested websites serve different content depending on the country that the user is connecting from, or in the cases when websites return failures even though they are not tampered with.

HTTP Invalid Request Line test

This test tries to detect the presence of network components (“middle box”) which could be responsible for censorship and/or traffic manipulation.

Instead of sending a normal HTTP request, this test sends an invalid HTTP request line - containing an invalid HTTP version number, an invalid field count and a huge request method – to an echo service listening on the standard HTTP port. An echo service is a very useful debugging and measurement tool, which simply sends back to the originating source any data it receives. If a middle box is not present in the network between the user and an echo service, then the echo service will send the invalid HTTP request line back to the user, exactly as it received it. In such cases, there is no visible traffic manipulation in the tested network.

If, however, a middle box is present in the tested network, the invalid HTTP request line will be intercepted by the middle box and this may trigger an error and that will subsequently be sent back to OONI’s server. Such errors indicate that software for traffic manipulation is likely placed in the tested network, though it’s not always clear what that software is. In some cases though, censorship and/or surveillance vendors can be identified through the error messages in the received HTTP response. Based on this technique, OONI has previously detected the use of BlueCoat, Squid and Privoxy proxy technologies in networks across multiple countries around the world.

It’s important though to note that a false negative could potentially occur in the hypothetical instance that ISPs are using highly sophisticated censorship and/or surveillance software that is specifically designed to not trigger errors when receiving invalid HTTP request lines like the ones of this test. Furthermore, the presence of a middle box is not necessarily indicative of traffic manipulation, as they are often used in networks for caching purposes.

HTTP Header Field Manipulation test

This test also tries to detect the presence of network components (“middle box”) which could be responsible for censorship and/or traffic manipulation.

HTTP is a protocol which transfers or exchanges data across the internet. It does so by handling a client’s request to connect to a server, and a server’s response to a client’s request. Every time a user connects to a server, the user (client) sends a request through the HTTP protocol to that server. Such requests include “HTTP headers”, which transmit various types of information, including the user’s device operating system and the type of browser that is being used. If Firefox is used on Windows, for example, the “user agent header” in the HTTP request will tell the server that a Firefox browser is being used on a Windows operating system.

This test emulates an HTTP request towards a server, but sends HTTP headers that have variations in capitalization. In other words, this test sends HTTP requests which include valid, but non-canonical HTTP headers. Such requests are sent to a backend control server which sends back any data it receives. If OONI receives the HTTP headers exactly as they were sent, then there is no visible presence of a “middle box” in the network that could be responsible for censorship, surveillance and/or traffic manipulation. If, however, such software is present in the tested network, it will likely normalize the invalid headers that are sent or add extra headers.

Depending on whether the HTTP headers that are sent and received from a backend control server are the same or not, OONI is able to evaluate whether software – which could be responsible for traffic manipulation – is present in the tested network.

False negatives, however, could potentially occur in the hypothetical instance that ISPs are using highly sophisticated software that is specifically designed to not interfere with HTTP headers when it receives them. Furthermore, the presence of a middle box is not necessarily indicative of traffic manipulation, as they are often used in networks for caching purposes.

Vanilla Tor test

This test examines the reachability of the Tor network, which is designed for online anonymity and censorship circumvention.

The Vanilla Tor test attempts to start a connection to the Tor network. If the test successfully bootstraps a connection within a predefined amount of seconds (300 by default), then Tor is considered to be reachable from the vantage point of the user. But if the test does not manage to establish a connection, then the Tor network is likely blocked within the tested network.

WhatsApp test

This test is designed to examine the reachability of both WhatsApp’s app and the WhatsApp web version within a network.

OONI’s WhatsApp test attempts to perform an HTTP GET request, TCP connection and DNS lookup to WhatsApp’s endpoints, registration service and web version over the vantage point of the user. Based on this methodology, WhatsApp’s app is likely blocked if any of the following apply:

• TCP connections to WhatsApp’s endpoints fail;

• TCP connections to WhatsApp’s registration service fail;

• DNS lookups resolve to IP addresses that are not allocated to WhatsApp;

• HTTP requests to WhatsApp’s registration service do not send back a response to OONI’s servers.

WhatsApp’s web interface (web.whatsapp.com) is likely if any of the following apply:

• TCP connections to web.whatsapp.com fail;

• DNS lookups illustrate that a different IP address has been allocated to web.whatsapp.com;

• HTTP requests to web.whatsapp.com do not send back a consistent response to OONI’s servers.

Facebook Messenger test

This test is designed to examine the reachability of Facebook Messenger within a tested network.

OONI’s Facebook Messenger test attempts to perform a TCP connection and DNS lookup to Facebook’s endpoints over the vantage point of the user. Based on this methodology, Facebook Messenger is likely blocked if one or both of the following apply:

• TCP connections to Facebook’s endpoints fail;

• DNS lookups to domains associated to Facebook do not resolve to IP addresses allocated to Facebook.

Data analysis

Through its data pipeline, OONI processes all network measurements that it collects, including the following types of data:

Country code

OONI by default collects the code which corresponds to the country from which the user is running OONI Probe tests from, by automatically searching for it based on the user’s IP address through the MaxMind GeoIP database. The collection of country codes is an important part of OONI’s research, as it enables OONI to map out global network measurements and to identify where network interferences take place.

Autonomous System Number (ASN)

OONI by default collects the Autonomous System Number (ASN) which corresponds to the network that a user is running OONI Probe tests from. The collection of the ASN is useful to OONI’s research because it reveals the specific network provider (such as Vodafone) of a user. Such information can increase transparency in regards to which network providers are implementing censorship or other forms of network interference.

Date and time of measurements

OONI by default collects the time and date of when tests were run. This information helps OONI evaluate when network interferences occur and to compare them across time.

IP addresses and other information

OONI does not deliberately collect or store users’ IP addresses. In fact, OONI takes measures to remove users’ IP addresses from the collected measurements, to protect its users from potential risks.

However, OONI might unintentionally collect users’ IP addresses and other potentially personally-identifiable information, if such information is included in the HTTP headers or other metadata of measurements. This, for example, can occur if the tested websites include tracking technologies or custom content based on a user’s network location.

Network measurements

The types of network measurements that OONI collects depend on the types of tests that are run. Specifications about each OONI test can be viewed through its git repository, and details about what collected network measurements entail can be viewed through OONI Explorer or through OONI’s measurement API.

OONI processes the above types of data with the aim of deriving meaning from the collected measurements and, specifically, in an attempt to answer the following types of questions:

• Which types of OONI tests were run?

• In which countries were those tests run?

• In which networks were those tests run?

• When were tests run?

• What types of network interference occurred?

• In which countries did network interference occur?

• In which networks did network interference occur?

• When did network interference occur?

• How did network interference occur?

To answer such questions, OONI’s pipeline is designed to process data which is automatically sent to OONI’s measurement collector by default. The initial processing of network measurements enables the following:

• Attributing measurements to a specific country.

• Attributing measurements to a specific network within a country.

• Distinguishing measurements based on the specific tests that were run for their collection.

• Distinguishing between “normal” and “anomalous” measurements (the latter indicating that a form of network tampering is likely present).

• Identifying the type of network interference based on a set of heuristics for DNS tampering, TCP/IP blocking, and HTTP blocking.

• Identifying block pages based on a set of heuristics for HTTP blocking.

• Identifying the presence of “middle boxes” (such as Blue Coat) within tested networks.

However, false positives and false negatives emerge within the processed data due to a number of reasons. As explained previously (section on “OONI network measurements”), DNS resolvers (operated by Google or a local ISP) often provide users with IP addresses that are closest to them geographically. While this may appear to be a case of DNS tampering, it is actually done with the intention of providing users with faster access to websites. Similarly, false positives may emerge when tested websites serve different content depending on the country that the user is connecting from, or in the cases when websites return failures even though they are not tampered with.

Furthermore, measurements indicating HTTP or TCP/IP blocking might actually be due to temporary HTTP or TCP/IP failures, and may not conclusively be a sign of network interference. It is therefore important to test the same sets of websites across time and to cross-correlate data, prior to reaching a conclusion on whether websites are in fact being blocked.

Since block pages differ from country to country and sometimes even from network to network, it is quite challenging to accurately identify them. OONI uses a series of heuristics to try to guess if the page in question differs from the expected control, but these heuristics can often result in false positives. For this reason OONI only says that there is a confirmed instance of blocking when a block page is detected.

OONI’s methodology for detecting the presence of “middle boxes” - systems that could be responsible for censorship, surveillance and traffic manipulation - can also present false negatives, if ISPs are using highly sophisticated software that is specifically designed to not interfere with HTTP headers when it receives them, or to not trigger error messages when receiving invalid HTTP request lines. It remains unclear though if such software is being used. Moreover, it’s important to note that the presence of a middle box is not necessarily indicative of censorship or traffic manipulation, as such systems are often used in networks for caching purposes.

Upon collection of more network measurements, OONI continues to develop its data analysis heuristics, based on which it attempts to accurately identify censorship events.

Findings

As part of this study, network measurements were collected through OONI Probe software tests performed across six local vantage points in Myanmar between 25th October 2016 to 28th February 2017.

Upon analysis of the collected data, no block pages were detected that could confirm cases of censorship. WhatsApp, Facebook Messenger, and the Tor network appeared to be accessible in all networks where tests were run. While OONI tests had previously detected the presence of Blue Coat software (some types of which can potentially be used for internet censorship and surveillance) in Myanmar in late 2012, the presence of Blue Coat was not detected as part of this study (and neither were any other middle boxes).

Certain sites, however, presented a high amount of network anomalies are part of our testing, indicating that connections to them might have been tampered with. The findings pertaining to these sites are summarized in the table below.

The values under the “Control failure” column in the table above pertain to measurements where we are unable to determine whether access to those sites was blocked or not, because the control request failed. It’s useful to cross-reference this information with whether connections to the site in question were confirmed to not be blocked. The fact that connections to vibe.com, for example, were not blocked twice indicates that the site is least likely to have been tampered with, in comparison to the other sites included in the table above. Access to realdoll.com, on the other hand, which presented HTTP failures every time it was tested is more likely to have been blocked. Similarly, gambling site sportingbet.com which presented signs of TCP/IP blocking almost every time it was tested is also likely to have been censored.

The website of the Organization of American States (OAS), which is responsible for the promotion and protection of human rights in America, presented signs of TCP/IP blocking. The testing of this site also presented signs of TCP/IP blocking in a previous OONI study on internet censorship in Zambia in October 2016. While this inevitably raises the question of whether such measurements are false positives, it’s worth noting that the failure rate from a control vantage point is less than 1%. The motivation behind the potential blocking of this site though remains unclear.

Finally, the testing of the site of the U.S. embassy in Myanmar presented signs of HTTP blocking, indicating that access to it may have been tampered with. The testing of multiple other sites also presented network anomalies, but those were ruled out as false positives based on our heuristics.

Acknowledgement of limitations

The findings of this study present various limitations and do not necessarily reflect a comprehensive view of internet censorship in Myanmar.

The first limitation is associated with the testing period. While OONI network measurements have been collected from Myanmar since 2012 and continue to be collected on the day of the publication of this report, this study only takes into account and analyzes network measurements that were collected between 25th October 2016 to 28th February 2017. This study is limited to this time frame because we aim to examine the most recent censorship events and because there was a significant increase in the collection of network measurements during this period, in comparison to previous months and years. As such, censorship events which may have occurred before and/or after the testing period are not examined as part of this study.

Another limitation to this study is associated to the amount and types of URLs that were tested for censorship. As mentioned in the methodology section of this report (“Review of the Citizen Lab’s test list for Myanmar”), OONI’s Web Connectivity test was run to examine the accessibility of 822 URLs that are more relevant to the Myanmar context and of 1,105 internationally relevant sites. While a total of 1,927 URLs were tested for censorship as part of this study, we did not test all of the URLs on the internet, indicating the possibility that other websites not included in tests lists might have been blocked.

Finally, while network measurements were collected from six different local vantage points in Myanmar, OONI’s software tests were not run consistently across all networks. Stable measurements were collected from certain vantage points throughout the testing period, but less stable measurements were also collected from a number of other vantage points following the launch of OONI’s mobile app on 9th February 2017. In other words, once OONI Probe became easier to install and run via its mobile version for Android and iOS, we received an increased amount of sporadic measurements from various new networks. Since tests were not always run consistently, our ability to evaluate whether censorship cases were persistent was limited.

Conclusion

Signs of TCP/IP and HTTP blocking pertaining to fives sites, including the sites of the U.S. embassy in Myanmar and of the Organization of American States (OAS), were detected as part of this study. It remains unclear though why those sites might be blocked. Overall, 1,927 URLs were tested for censorship. No block pages were detected that could confirm cases of internet censorship.

Similarly, no middle boxes were detected as part of this study. Blue Coat software (some types of which can potentially be used for internet censorship and surveillance) was detected in Myanmar by OONI in late 2012. It’s unclear, however, if this was a countrywide deployment or if it was only used in the specific network that was tested. Two years later, the presence of Blue Coat software was not detected in the same network, indicating that it may have been removed. Our recent study, covering the same network plus five additional networks, does not show the presence of Blue Coat software in tested networks.

WhatsApp, Facebook Messenger, and the Tor network appeared to be accessible across all six networks in Myanmar where OONI tests were run.

Acknowledgements

We thank the Open Technology Fund (OTF) and Access Now for funding this research. We also thank all the anonymous volunteers in Myanmar who have run and continue to run OONI Probe, thus making this research possible.