Although Myanmar’s internet rated freer this year than ever before, no laws exist around online privacy and those on the books could be twisted to turn against free speech, according to University of Washington-affiliated researcher Dan Arnaudo.
This past December, watchdog organisation Freedom House bumped Myanmar’s “Freedom on the Net” ranking up from “not free” to “partly free”, highlighting heightened mobile access and legislative reform as key developments. Currently, only a few policies stand in place to regulate online behaviour in the country. This lack helps make Myanmar’s internet one of the Southeast Asian region’s freest, but could also leave users’ privacy unprotected. Meanwhile, legacy legislation could punish people for what they post, according to Mr Arnaudo.
After the government abolished media censorship in 2012, Myanmar internet users have been able to access content online, even of the variety that might be blacked out or bleeped in other countries. From that year on, “political content appeared to be almost universally available, and even social content, such as pornography, was not blocked as of mid-2014”, the report said.
Distinct from neighbours like China, whose “Great Firewall” looms over internet users, Myanmar doesn’t – or can’t – surveil and censor online activity on a grand scale.
“You don’t have really a censorship system in place like China or Thailand that censors information, where [if] people post something against the king, or against the military, they arrest bloggers,” Mr Arnaudo said at a February 5 event at local innovation lab Phandeeyar. “And at the same time you don’t really have a surveillance system, at least that’s operating on the internet.”
The absence of the technology, people and policies means restrictions haven’t gone up like they have elsewhere, he continued.
“This is a really new space and especially for Burmese [people], this is something to think about now because this is a time when these laws could be changed and when these laws are going to be written,” he said. “You’re looking at privacy laws in particular and the way those are going to be written is really going to set the stage for your definition of privacy as a legal instrument.”
The idea of “privacy” lacks context in Myanmar. Mr Arnaudo said the word had no Myanmar-language equivalent, let alone its own legislative guarantee. No policy might mean no protection in some cases, like those having to do with lawful intercept – the litigious route governments take to access user data.
“I think you are seeing real challenges to addressing those kinds of interception practices because you don’t have strong mechanisms to fight back against them,” Mr Arnaudo said. Meanwhile, the government retains the right, through vaguely worded legislation, to demand information that impacts Myanmar’s security or the rule of law.
“Clause 75 [of the Telecommunications Law] grants unspecified government agents the authority ‘to direct the organization concerned as necessary to intercept, irrespective of the means of communication, any information that affects the national security or rule of law,’” the Freedom House report said. “The clause added that the government would do so without affecting the fundamental rights of the citizens, but included no privacy protections.”
However, recent telecoms market entrants Telenor and Ooredoo have both said they would safeguard users from government wiretapping, and Telenor requested more information regarding interception protocols and processes, according to the report.
The issue proves a weighty one for the Norwegian telco, whose Thai subsidiary last year complied with commands from the country’s military junta to briefly bar users from accessing Facebook.
“In our licence there are clear definitions as to the procedures to be developed over these issues, and these details are about to be developed,” Telenor CEO Jon Fredrik Baksaas told The Myanmar Times last year. “Our starting point is really that you need an independent court order in order to move into the information flow in the network ... We are advocating that from the outset of a new telecom law, there should be regulation attached that secures privacy but also allows governments to see activities in the network, either from a criminal perspective, or from a security
“This needs to be regulated in a transparent set of rules, and so far we are of the understanding that this is developing in that direction,” he
While some laws have needed clearing up, others – even some that have been updated – harbour the potential to tamp down on freedom of expression online. Myanmar’s 2004 Electronic Transaction Law “penalises political speech”, Mr Arnaudo said. “It’s not just penalising crimes against corporations or people where you hack into their system or something like that. It criminalises speech, and that’s still the law in the country.”
While Freedom House notes the Myanmar government amended the Electronic Transaction Law, the measure holds the power to jail journalists and others that have committed acts detrimental to state security, law and order, community peace and tranquillity, national solidarity, the national economy, or national culture, the report said. Sentences range from three to seven years.
“These laws get twisted in a lot of different contexts, so it’s important to understand that these words have meaning,” Mr Arnaudo said.
He also outlined how users could begin to take cybersecurity into their own hands, likening basic measures to locking a car door and proceeding on to high-level encryption. “This kind of privacy tool is the next generation of privacy,” he said. “It’s something that I think we have to increasingly think about, finding technological solutions to problems like privacy that don’t rely necessarily on policy.”
“Whether it’s in the United States or Myanmar or anywhere else in the world, we have the power to define the rules of the game in a lot of ways because [the government doesn’t] know what they are. They haven’t defined them.”