Myanmar: Scrap Cyber Security Draft Law and Restore Full Internet Connectivity

by | Feb 13, 2021 | Free Speech, Press Release, Privacy | 0 comments

Myanmar: Scrap Cyber Security Draft Law and Restore Full Internet Connectivity

The Myanmar military should immediately abandon the draft Cyber Security Law and end Internet restrictions it has imposed since taking power in a coup on 1 February, said ARTICLE 19, Open Net Association, and the International Commission of Jurists today.  

“It is telling that controlling cyberspace is one of the top priorities of the Myanmar military, which seized power through an illegitimate coup d’etat only last week,” said Sam Zarifi, ICJ’s Secretary General. “The military is used to having total power in Myanmar, but this time they have to face a population that has access to information and can communicate internally and externally.”

Under international law, the rights to freedom of expression and information may only be restricted if prescribed by law, in pursuit of a legitimate aim, and necessary and proportionate to that aim. This right applies equally online. In 2018, the UN Human Rights Council condemned ‘all undue restrictions on freedom of opinion and expression online that violate international law’.

“Having illegally seized control of government, the military is trying to ram through a hugely problematic law that would imperil the Myanmar public’s ability to share and access information online,” said Matthew Bugher, ARTICLE 19’s Head of Asia Programme. “The draft law is further evidence of the military’s intent to control online discourse and permanently undermine Internet freedom in the country.”

Human rights bodies and experts have repeatedly condemned Internet shutdowns, which are inherently unnecessary and disproportionate irrespective of their purported objectives. Four UN special procedures with mandates from the Human Rights Council stated in their 2011 Joint Declaration on Freedom of Expression and the Internet that, ‘Cutting off access to the Internet, or parts of the Internet, for whole populations or segments of the public (shutting down the Internet) can never be justified, including on public order or national security grounds’. The UN Human Rights Council has repeatedly called on Myanmar to lift Internet restrictions in the country.

Anonymity is furthermore crucial to protecting the right to freedom of expression and other human rights, including the right to privacy. UN Human Rights Council Resolution 38/7 recognizes that ‘privacy online is important for the realization of the right to freedom of expression and to hold opinions without interference, and the right to freedom of peaceful assembly and association’. The UN Special Rapporteur on freedom of expression in a 2015 report stated that restrictions on encryption must confirm to the three-part test on restrictions to the freedom of expression noted above.

“The ban on online anonymity in the cybersecurity law is not just bad for Myanmar but sets a dangerous precedent for the whole of Asia”, said Kyung Sin Park, Executive Director of Open Net Association, whose founders spearheaded a successful constitutional challenge against a similar law in South Korea in 2012. “The content takedown provisions and criminalization of online speech in the draft law are extremely broad and utterly lacking due process even in comparison to other Asian countries. The proposal smacks of a legislative attempt to extend the powers the military had taken in an unlawful, anti-democratic coup.”

ISPs, online service providers (as defined by the draft law to mean content providers) and other stakeholders have only been given until 15 February for input. This is a clear indication that the military has no intention of engaging in meaningful consultation.

On 10 February, a group of 158 Myanmar civil society organizations released a statement rejecting the draft Cyber Security Law, while reiterating their view that the Myanmar military could not legitimately exercise legislative authority.

“All online service providers inside and outside the country should be alarmed at this intrusion of military authority into cyberspace and refuse to implement these hugely problematic restrictions,” said ICJ’s Sam Zarifi.

SPECIFIC PROBLEMATIC PROVISIONS OF THE DRAFT CYBERSECURITY LAW (based on an unofficial translation of the draft law):

 Many provisions in the draft law are vague and overbroad, in contravention of the principle of legality. If enacted, the draft law would greatly extend the powers of military authorities to restrict and punish online expression.

The law provides overarching control to the military’s ‘State Administration Council’, a newly-formed body appointed by the Commander-in-Chief. The direct military control of Internet service provision and its role in the policing of content online is in and of itself cause for alarm. Further, the military should in no circumstances be charged with protecting personal data.

Section 29 of the draft law is overly broad as it demands the prevention, removal, destruction and cessation of a broad and vaguely defined range of expression, including online comments deemed ‘misinformation’ or ‘disinformation’, any expression that causes hate and risks disrupting unity, stability, and peace, and ‘written and verbal statements against any existing law’.

Under section 64, any person convicted of creating ‘misinformation’ and ‘disinformation’ with the intent of causing public panic, loss of trust or social division in cyberspace is punishable by three years’ imprisonment, a fine, or both.

International human rights bodies have repeatedly urged governments against laws that create ‘false news’ offences, warning about their potential abuse by governments to suppress criticism and other forms of speech protected by international human rights law.

Section 30 threatens the right to online anonymity by requiring online service providers to retain usernames, IP addresses, national IDs, and other personal data for up to three years, and to provide this information to authorities upon request. For this purpose, Section 28 requires an online service provider to ensure that any device that stores the user’s information must be kept in a place designated by the relevant Ministry.

The draft law also has overly broad catch-all provisions in Sections 61 and 73 respectively whereby online service providers that fail to comply with any provisions of the draft law face a maximum penalty of three years’ imprisonment and a fine and individuals failing to comply with any rules, regulations, notifications, orders, directives, and procedures issued under the draft law are subject to one year’s imprisonment and a fine. These sanctions which are punitive in purpose and effective are non-compliant with the requirement of proportionality under international human rights law and standards on freedom of expression.

The draft law also provides for enhanced power to control the Internet without the benefit of judicial review by independent civilian courts. In the ‘public interest’, a ministry approved by the State Administration Council may temporarily prohibit any online service or take control of devices related to online service provision, as well as permanently ban any online service provider. This is a less stringent standard than that provided under the problematic and much-criticized section 77 of the Telecommunications Act, which allows for shut downs or control of telecommunications in an ‘emergency situation’.

 

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *