During the months leading up to February’s military coup in Myanmar, the country’s four mobile operators were ordered to install intercept spyware that allowed the army to access mobile subscribers’ communications.
The technology granted the military sweeping access to private communications, allowing them to eavesdrop on calls, read text messages and view web traffic and emails, as well as identifying user locations without the involvement of telecom or internet firms.
Reuters confirmed that it was informed of the directive by sources with direct knowledge of it, adding that the plan formed part of the army’s strategy to exert control over the internet to monitor political opponents, quell dissent and quash protests.
Speaking on condition of anonymity, a telecoms industry executive said that while the order was given by the civilian Ministry of Transport and Communications, the decision was made by ex-military officials.
"They presented it as coming from the civilian government, but we knew the army would have control and were told you could not refuse," said the executive, who noted that officials from the Ministry of Home Affairs – which is openly controlled by the military – were present at the meeting when the order was given.
Reuters’ sources confirmed that Myanmar’s authorities had suggested the idea of ‘lawful’ intercept software to the telecoms sector in late 2019. In late 2020, the government ordered Myanmar’s operators - state-owned MPT, Ooredoo Myanmar, Telenor Myanmar and Viettel’s Mytel - and ISPs to install surveillance software affording the authorities unfettered access to their internal systems. Myanmar’s operators have previously issued statements confirming that they must by law follow such orders.
While the firms were warned not to make the order public, Telenor’s annual business update in December 2020 highlighted its concern over the request, noting that it would allow the government to “directly access each operator and ISP's systems without case-by-case approval" as Myanmar did not have the necessary laws and regulations to enshrine the customer’s right to privacy and freedom of expression.
Telenor registered a loss of NOK6.5 billion ($786.2 million) on its Myanmar unit during Q1 2021, attributing this to political and economic instability that it could only see worsening in the near future.
Lawful intercepts are frequently used by law enforcement agencies in governments worldwide in order to trace and catch criminals, but even in more authoritarian regimes the technology is seldom deployed without any legal oversight. Reuters’ sources claim that Myanmar’s junta is directly operating the spyware with no legal or regulatory recourse to safeguard human rights. Additionally, the agency reported that Mytel and MPT are now under the full control of the junta.