“They found that picture and took her away. She said they used a device to check her phone, so that even deleted pictures were recovered,” said a villager in Hmawbi Township, recounting the case of a pregnant woman who miscarried after soldiers beat her when they found photos of her at protest rallies. “They used the phone to hunt the protesters.”
Reading these words gave me an unpleasant jolt. Just the day before, a well-connected source told me they believe a recent high-profile arrest was based on an intercepted phone call.
I should not have been surprised, though, because for the past three and a half months, I’ve been looking into the Myanmar military’s access to exactly this kind of surveillance technology. I’m talking about tools that can monitor WiFi, crack passwords, extract data from phones, recover deleted files, map people’s social media networks, and so on.
The last thing I want to do is unnecessarily alarm people in Myanmar who already have far too many things to worry about, but it is crucial that they are aware of the tools that are out there and how they can protect themselves.
My efforts to learn more about this technology were part of an investigation led by Lighthouse Reports, a Netherlands-based news organisation that invites reporters from different outlets to do deep dives into a particular issue. This time it was on how involved European companies are in providing “dual use” tools—meaning those that can be used for both civilian and military purposes—to Myanmar, if European Union funds were used, and whether EU laws were broken.
I interviewed former detainees, lawyers, activists, former lawmakers and people familiar with these issues in Myanmar. We pored over hundreds of pages of leaked budget documents from activist group Justice For Myanmar, as well as other leaked data and open source materials.
Around 40 Western companies, including from Sweden, Italy, Canada, the U.S. and Israel, appeared in these documents. We don’t know how many of these top-of-the-range surveillance products were actually sold, but we know some made it to Myanmar. We discovered tender documents to procure many of these tools, who won these tenders, and shipment details for some of them.
We published our findings in multiple outlets two weeks ago, on the same day the pregnant woman was arrested and beaten. Two days later, Al-Jazeera English (AJE), which was part of the Lighthouse Reports-led investigation, broadcast a chilling documentary exposing both the Myanmar regime’s use of the blunt force of violence against its opponents, as well as its deployment of softer, but no less sinister, spy tech tools.
Speaking to AJE, the daughter of one high-profile activist arrested on the morning of the February 1 coup revealed that her father had been charged based on a deleted e-mail. In a discussion with Ali Fowle, the reporter in the documentary, I expressed my concern that it was just a matter of time before the junta started to use these tools widely. But I didn’t expect this to happen so soon.
There are valid questions as to whether the regime has the skills or manpower to make full use of these tools, but given the military’s past conduct and its awareness of how our electronic devices can incriminate us, we should not underestimate the risks that its access to such technology presents.
The findings
The articles we published paint a disturbing picture of how regulations set up to prevent these technologies from falling into the hands of brutal rulers are either weakly enforced or interpreted liberally, creating loopholes that dictators can exploit.
For example, Italian journalist Riccardo Coluccini wrote about Italian company SecurCube’s BTS Tracker for the Investigative Reporting Project Italy (IRPI). This product can monitor radio frequencies and measure signal strength. It appeared in a Ministry of Transportation and Communications (MoTC) budget.
The Council of the European Union tightened its embargo on such dual-use products to Myanmar in 2018 in the wake of widespread condemnation of military atrocities against the Rohingya, but SecurCube told another Italian paper in 2019 that “there was no constraint” on the company to prevent them selling its BTS Tracker in the country. In another piece for Italian newspaper Domani, Riccardo asked how it was possible exports continued despite the ban.
For The Intercept, Zach Campbell and Caitlin Chandler uncovered how MSAB, a Swedish company that appeared on both MoTC and Ministry of Home Affairs (MoHA) budgets, has been receiving EU funding.
MSAB said its products, which can scan and analyse data on a smartphone, were sold to Myanmar’s police in 2019. The Bureau of Special Investigations, a department under MoHA, applied to buy a three-year license for an MSAB product in its 2020-2021 budget. The tender to procure that product was won by MySpace International, renamed Creative Exploration, a company headed by a former military officer and his wife, whose father was a former general and ambassador to Russia, according to a report by the New York Times.
Nathan Vanderklippe’s piece in The Globe and Mail zoomed in on two Canadian companies, OpenText and Magnet Forensics, identified in the Lighthouse Reports-led investigation. These companies sold powerful tools that can extract and decrypt information from computers and cell phones.
All of this shows that Myanmar has been building a strong arsenal of high-tech surveillance tools that can be used for internal repression, many of which come from the West.
Flimsy defence
The companies have either denied selling the products or defended the sales, saying they happened during the civilian government’s rule. But a quick search on Google would have told them Myanmar’s brutal military still held many levers of the government even then, including the control of three key ministries. MoHA is one of them.
In fact, two recent MoHA ministers were former spy chiefs. The current minister, Lt-Gen Soe Htut, was appointed in February 2020 and retained this role, a telling sign when most cabinet members in the National League for Democracy (NLD) government have either been arrested or are in hiding.
The MoTC was nominally under NLD rule, but that was only for five years. It is staffed with former military officials and was behind what Human Rights Watch called the “world’s longest internet shutdown” in parts of Rakhine and Chin states in western Myanmar. (Critics have noted that the NLD, which used cyber security as an excuse to buy intrusive technologies, was not much better or more supportive of internet freedom.)
So there is ample evidence, if only the companies had looked, to show they were not dealing with a “civilian” government or “civilian” middlemen. Companies have not only ethical and moral grounds to consider such contexts when doing business, but also a legal responsibility to do so. Now the people of Myanmar may be paying the price for their failures to live up to these responsibilities.
Myanmar people also need to learn to protect themselves. They can find good resources on how to keep their data safe and useful apps on the internet.
When the country opened up dramatically in 2011, with SIM card prices dropping from a few hundred dollars to $1.50, Myanmar suddenly came online. Over the past decade, many of us forgot the years of living in fear and isolation, when we worried if our land lines were tapped and informants were listening in on teashop conversations. Instead, we started sharing mobile phone numbers and locations on social media and discussed sensitive issues on unencrypted apps.
We need to unlearn these habits. Of course, we don’t always have a choice, like right now when internet access is still limited in many places in Myanmar. This means lots of people, including journalists, are having to balance two bad options—risk their lives by sharing information, or stay quiet and let injustices go unreported.
Still, if European nations truly care about human rights, justice and democracy in Myanmar as they say they do in statements, they need to tighten their embargo and regulate this industry better. Sure, leaders friendlier to the junta, like those in China and Russia, could still provide such tools, but that is beside the point. The West needs to uphold the values they always lecture us about.
Thin Lei Win is an award-winning multimedia journalist with more than 15 years of experience. For nearly 13 years, she was a correspondent with the Thomson Reuters Foundation, the non-profit arm of the Thomson Reuters global news agency, reporting on humanitarian issues, particularly climate change and food security. She has worked from Myanmar, Singapore, Vietnam, Thailand and Italy, where she is currently based. She also co-founded Myanmar Now in the run-up to the Myanmar elections in 2015, and co-founded The Kite Tales, a unique storytelling and preservation project chronicling the lives and histories of ordinary people across Myanmar.
