Myanmar junta's planned cyber law condemned
Rights groups say bill would give authorities 'sweeping powers' to block any content they don't like
published : 13 Feb 2021 at 15:12
Human rights activists inside and outside Myanmar have expressed alarm at a cybersecurity law that the new military junta is seeking to pass as its first piece of legislation.
The bill would give authorities “sweeping powers to access user data, block websites, order internet shutdowns and imprison critics and officials at noncomplying companies”, Human Rights Watch said in a statement.
The bill could even enable authorities to arrest anyone accessing sites such as Facebook, which is still banned in the country, via virtual private network (VPN) applications.
A total of 158 civil society groups in Myanmar have voiced their opposition to the bill that the military-appointed State Administration Council will be asked to pass.
The bill was sent to telecommunications operators and internet service providers on Feb 9 and they were asked to submit their comments by Monday.
In a statement, the 158 groups said they did not accept the bill as legitimate, as it was not issued by an institution that has been entrusted with legislative power by the public, the Myanmar Times reported.
The statement said the bill “includes clauses which violate human rights including the rights to freedom of expression, data protection and privacy”, and was drafted to “oppress those who are against its rule, and to restrict the mobilisation and momentum of online resistance”.
“It sounds more oppressive than protective. It can be expected that the true aim of the bill is to repress freedom of expression online and ban social networks,” U Aung Myo Min, director of the Human Rights Education Institute of Burma, told the Myanmar Times.
For example, although the bill states that those responsible for managing user data are not allowed to disclose or share it without consent, any government entity mandated to work on cyber security is nevertheless privy to that information.
As well, local services can be temporarily suspended with approval from the State Administration Council “for the public’s sake”, while licences can be temporarily suspended or revoked, with violators facing fines or imprisonment, U Aung Myo Min said.
“But laws are meant to protect the people. They are not for the government to rule as they like. This bill does not conform to human rights and we oppose it,” he added.
Keeping a lid on the internet has been a priority for the generals since they overthrew the elected government on Feb 1. All telecom and internet service was suspended for one day, and on Feb 4, providers were told to temporarily Facebook. This was followed by orders to block Twitter and Instagram a day later.
Data networks were shut down on Feb 6 and restored the next day. On Feb 9 and 10, providers received directives to temporarily block selected IP addresses.
“The draft cybersecurity law would hand a military that just staged a coup and is notorious for jailing critics almost unlimited power to access user data, putting anyone who speaks out at risk,” said Linda Lakhdhir, the Asia legal adviser at Human Rights Watch (HRW).
According to HRW, the draft law requires online service providers to keep a broad range of user data, including the person’s name, IP address, phone number, ID card number and physical address, for up to three years “at a place designated by” the as-yet-unspecified ministry authorised by the junta to deal with cybersecurity.
Companies must provide that data to the authorities when requested “under any existing law”. Those that fail to comply would face up to three years in prison.
Online service providers are required to block or remove a wide range of information at the instruction of the authorities, including “misinformation and disinformation”, information “causing hate, disrupting the unity, stabilisation and peace”, and statements “against any existing law”.
The law does not specify how the authorities are to determine what constitutes “misinformation”, nor does it provide any route of appeal for those whose content is blocked or removed. In effect, it would allow the military authorities to order the removal of any content it does not like, Human Rights Watch said.
Anyone who posts “misinformation or disinformation” faces up to three years in prison under Section 65 of the bill if they are found to have done so “with the intent of causing public panic, loss of trust or social division”.
Creation of a “fake” account, website, or web portal “with the intent of causing public panic, loss of trust or social division” carries the same possible penalties.
Since any criticism of the coup or the military could be deemed as intending to cause “loss of trust” in the junta or social division, the military could use these provisions as sweeping tools for censorship.
The restriction on “fake” accounts could also be used to curb online anonymity and the use of pseudonyms, which are essential for people to be able to express themselves freely, especially in environments such as Myanmar, said Human Rights Watch.
The bill also contains a number of provisions prohibiting “illegal” or “unauthorised” access to online material. It also increases the military’s power over providers by authorising the authorities to conduct unspecified “interventions” for a broad range of reasons, including public order, investigating crime, and “safeguarding public life, property and public welfare”.
Existing online service providers are required to register and apply for a new licence within one year from the date on which the law is enacted.
“Myanmar’s proposed cybersecurity law is the dream of despots everywhere,” Lakhdhir said. “It would not make people’s data, communications or the underlying infrastructure more secure, but it would consolidate the junta’s ability to conduct pervasive surveillance, curtail online expression, and cut off access to essential services.”