A startling discovery was made last month when passerbys in Myanmar’s central city of Pyin Oo Lwin came across a drone-like object resting in front of a small shed on the side of the road. Resembling a model airplane, the drone quickly attracted the attention of locals who rushed to investigate and take photos before it was picked up by unidentified authorities.
While startling for many to see a drone up close, reports of unmanned aerial vehicle (UAVs) sightings over Mandalay, Kayin and Kayah states have surfaced across social media in the months since Myanmar’s military staged a coup on February 1.
“Drones are sighted everywhere on the ground. People are taking pictures, people are seeing drones, drones are going around at night,” said Hnin, a woman from the ward where the drone crashed who spoke to those who saw it. While not in Myanmar, she asked that only her first name be used for her safety.
Though the UAV was quickly removed from the scene before any concrete evidence was unearthed, rumours of military surveillance tactics abounded across social media, adding fuel to growing fear and paranoia among those opposed to the coup of sophisticated digital surveillance by the military. Though Myanmar’s leaders have a long history of monitoring dissent, the rapid uptick in technology and internet usage in recent years has shifted age-old concerns from informants, or dalans, lurking in tea shops to fears of wiretapping, firewalls, drone attacks and facial recognition software.
But despite a growing tech arsenal, which includes imports from China and Russia, a lack of evidence of their use suggests a disconnect between the tools at the military’s disposal and the capacities of those in charge. Rather, the reality on the ground points to a reliance on older, more cumbersome forms of surveillance that seem to put the Tatmadaw several steps behind their tech-savvy opposition.
Hnin, also part of a close online group of protestors involved in the Civil Disobedience Movement (CDM) opposing the coup and military, says those conducting the surveillance often lack subtlety.
“I wouldn’t call them dumb, but maybe proud and ignorant. They don’t even bother hiding their identity or anything, they’re very proudly putting their information [online],” she said about the online informants declaring their political affiliations. “They collect data and information on who posted what.”
Also used are invasive in-person methods of spot checks, where police officers can arbitrarily stop anyone deemed suspicious on the street, demanding they hand over their phones for inspection and, at times, arresting them regardless of wrongdoing.
“The real dangerous ones are the ones on the ground,” Hnin added.
Can anyone ID this crashed drone in Mandalay (Myanmar), it's likely a Chinese drone, but not positive on that? pic.twitter.com/xvDywCPQOr— Nathan Ruser (@Nrg8000) May 6, 2021
Back online, surveillance researcher and Information Controls Fellowship Program (ICPF) fellow Phyu Phyu Kyaw says some of the most common tactics by the junta can also be blatant.
In an Open Technology Fund study on Myanmar’s rise of cyber surveillance late last year, he found nearly 80% of the 24 activists, researchers and journalists interviewed didn’t feel safe online due to the government’s monitoring of social media, rather than more subtle means like wiretapping or data theft.
Many experienced harassment and log-in attempts on their accounts, hate speech and lewd photos sent specifically to women, as well as threatening phone calls shortly after posting content. Participants also noted officers from the Special Intelligence Department often created fake accounts to interact with them online, not always with clear intentions.
Within his own group of colleagues, he said these stories of low-level hacking attempts are commonplace among the most outspoken.
“He would get these emails after emails of notifications saying ‘someone is trying to log into your account’. And that is something that’s happened to a lot of human rights activists,” Kyaw said. “People are trying to get into their accounts all the time.”
The military has moved much of its battleground online, although email phishing scams containing malware sent to the Committee Representing the Pyidaungsu Hluttaw (CRPH), a group of elected officials overthrown in the coup, provides insight into a slightly bumbling campaign.
Even though means for better surveillance is available, Kyaw says the skill level the Tatmadaw has to utilise this technology remains to be seen.
“I can’t say they [the military] don’t have the capacity to do surveillance when they’ve already had this technology [for a long time],” he said, citing reports of conversations dating back to 2012 with an Italian spyware company.
“It is not like they don’t know this stuff, it’s not like this is new to them. This is something they always knew. But how much are they reliant on it [spyware]?”
While it seems unlikely the military will be able to recruit tech-savvy youth from the country’s startup scene, a fledgling industry prior to the coup, to fill this skills gap, eyes are turning toward reports of imported tech from authoritarian allies.
Since the coup, unconfirmed reports on Twitter of imported Chinese technology disguised in seafood boxes created concerns for the many activists already in hiding. Fears of a possible Chinese firewall became widespread, but experts say the feasibility of developing and maintaining such a network in Myanmar, or even an intranet,’ are unlikely.
An analyst and cyber security researcher, who worked on a May report by the International Crisis Group called Myanmar’s Military Struggles to Control the Virtual Battlefield, explains the junta simply lacks the funds.
“If you look around the world, which countries have successfully built a parallel internet? In the case of Myanmar, the military is in pretty tight financial constraints and you’d have to be talking hundreds of millions of dollars,” said the analyst, who asked to remain anonymous for fear of reprisal.
“China spends billions of dollars a year just maintaining its firewall.”
There has also been fear of heightened surveillance following a new trade contract with Russia, signed mere days before the coup, in which Myanmar is set to acquire an unspecified number of Orlan-10E UAVs which can be used for both combat and surveillance purposes. However, the impact and use of these drones is yet to be seen.
Prior to the coup, the Tatmadaw also took a note from China in the form of its “Safe City” programme, installing 335 Huawei surveillance cameras in Naypyidaw in December, with Mandalay and three surrounding townships, as well as Yangon, to follow in mid-2021. These cameras use facial recognition and license plate identification software to track those on a “wanted list”, but there’s been no evidence yet whether any of these devices have yet been used.
Also troubling is the $4 million budget given to the Ministry of Transport and Communications for their “Lawful Interception System”, used in part with Norweigan service provider Telenor, to relay voice and data to the government. This surveillance-allotted cash is in addition to the $4.6 million spent in 2017 to monitor social media through a designated task force, the Social Media Monitoring Team.
Huge seafood arrived from China to Yangon! #ChineseCargoYGN #ShameonyouChina #militarycoupinMyanmar pic.twitter.com/NRPmlEWHli— Nantigks (@nantigks) February 11, 2021
It’s a capacity problem, I mean how do you process that much data? I think this is something that they are completely unprepared for
But as impressive as these projects sound for a country playing digital catch-up after decades of self-imposed isolation, the problem for the military lies largely in what to do with the trove of data.
The anonymous analyst believes the military might not have the ability to harvest anything of value from these calls and data due to their sheer quantity, as well as a lack of a centralised database for license plate and facial recognition, with some records still entirely paper-based.
“The problem for the Tatmadaw is the overwhelming scale of the opposition that doesn’t really lend itself to a methodical passing of user data just because the scale of it is so massive,” said the analyst. “It’s a capacity problem, I mean how do you process that much data? I think this is something that they are completely unprepared for.”
Despite the lack of evidence for their use so far, the potential of these large-scale surveillance projects, if deployed properly, has instilled fear and anxiety in the population. Fresh in the memory for Myanmar citizens too are smaller-scale surveillance efforts used in recent years.
In 2018, reports surfaced that the military was using forensic technology from Israeli-owned spyware firm Cellebrite that allows for the transfer of data from one device to another. After Reuters’ journalists Wa Lone and Kyaw Soe Oo were arrested that year for their reporting on a military massacre in Rakhine State, court documents later showed that Cellebrite technology had been used to pull information, including itineraries and source notes, from their phones.
Cellebrite pulled out of Myanmar shortly after the incident came to light and maintains that in such cases, when their terms of agreement are breached, the company reserves the right to immediately cease functionality of the technology.
“In the extremely rare case when our technology is used in a manner that does not meet international law or does not comply with Cellebrite’s values, we immediately flag these licenses for non-renewal and do not provide software updates,” Cellebrite wrote in a statement to the Globe.
Cellebrite did not comment on whether these blocks were applied to the technology sold to the Myanmar government or whether it was still in use.
Yet, even with masses of sophisticated technology seemingly at their disposal, the Tatmadaw continues to depend on low-tech methods of informants, censoring, and surveilling the population.
The same anonymous analyst explains that, while the military puts on a big show, in practice their tactics are lacking. They remain reliant on paper records and lack of centralised database for common information such as addresses, licenses, and households, putting into question the credibility of their high-tech threats.
Even more, while there are military personnel with high levels of training in surveillance technology – with many even sent for training in Russia given the lack of IT education in-country – senior officials with limited technical knowledge, holdouts from the days of extreme isolation, are still the ones calling the shots.
This lack of technological expertise within the outmoded institution is evidenced by its reliance on haphazard nationwide internet shutdowns in recent months. Notoriously inconsistent in their overnight timing, these blackouts were intended to prevent firsthand documentation of evening raids and arrests on anti-junta activists.
As the protest movement grew, the military proceeded to cut access to mobile data in March as well, leaving most of the country offline. Reuters reported that executives from Telenor and Ooredoo, the two international service providers in Myanmar, were told to “stay quiet” or lose their licenses. While reports on the ground indicate that some mobile access has since been restored, it continues to be unreliable.
Along with the internet shutdowns, the military also instated bans on several websites, including Facebook, to stifle communication and quash organised demonstrations. This has led to a notable uptick in Myanmar Twitter users since the coup.
Despite the ban, the Tatmadaw remains dependent on online platforms like Facebook in their surveillance efforts. It deploys pro-military supporters and military personnel across the platform to monitor posts and activity, a tactic used since Facebook first surfaced in Myanmar in 2010.
“They’re still using very rudimentary tools to identify people and arrest them for what they’re doing on social media. For instance, using informants to infiltrate private groups that are being used to coordinate CDM activities and CRPH activities,” said the analyst.
I would say that they’re not that high-tech of people. But I think if they want, they can have the help that they want [from China and Russia]. So it’s good that we don’t underestimate them
Thinzar Shunlei Yi, a prominent activist in the CDM, has managed to stay on Facebook with a VPN.
She reports online trolls as the most common and feared surveillance method. According to Shunlei, these spies spread misinformation and “steer the public narrative using hate speech” to threaten and ultimately target individuals like herself who have been designated as dissidents.
Since the coup, dalans have infiltrated Myanmar’s cybersphere, monitoring social media posts, including those in private groups, and recording online interactions with screenshots. These are subsequently used to corroborate trumped-up charges under the 505 penal code, used by the military to to prosecute anyone accused of inciting anti-military sentiment or public unrest, according to Kyaw. As of June 6, there are 886 detained under one of the three 505 charges and 56 arrested, according to statistics provided to the Globe by the Assistance Association for Political Prisoners.
Facebook, as Myanmar’s most popular platform used by nearly half the population of 54 million, has responded to the rise in operations by monitoring activity and blocking accounts run by pro-military supporters and military personnel.
“These networks of accounts, pages and groups were masking their identities to mislead people about who they were and what they were doing by manipulating public discourse and misleading people about the origins of content,” Rafael Frankel, director of public policy at Facebook, APAC Emerging Countries, told the Globe in a statement.
Yet, despite Facebook’s efforts, monitoring the cyber movements of every single user is impossible. That means Shunlei and fellow protesters must continue to exercise high caution when communicating online.
“We use Signal for secure messaging and VPNs to avoid detection and even for daily use we use different devices – we have our own device for work and for personal [use],” said Shunlei. “We also work with social media platforms, and if something happens we communicate with them directly.”
While these protective efforts have so far been effective for some, there is a risk that they could be insufficient in the face of higher-tech efforts if and when the military does decide to utilise their mass arsenal for cyberwarfare – a development that some are anticipating.
“I would say that they’re not that high-tech of people,” Hnin said. “But I think if they want, they can have the help that they want [from China and Russia]. So it’s good that we don’t underestimate them.”