Privacy and security advocates slam proposal that would allow authorities to ‘inspect’ all social media traffic
The Mauritian government is considering plans to monitor and censor social media by intercepting web traffic.
In a consultation document (PDF), the country’s Information and Communication Technologies Authority (ICTA) calls for “harmful and illegal contents” to be removed.
To achieve this, it says, “It is important to segregate… all incoming and outgoing internet traffic in Mauritius, social media traffic, which will then need to be decrypted, re-encrypted and archived for inspection purposes as and when required.”
While freedom of speech is guaranteed under Mauritius’s constitution, the government has already introduced an amendment to the ICT Act, imposing prison sentences of up to 10 years for online messages that “inconvenience” the reader. In practice, this amendment has been used to file complaints against journalists and media outlets.
Now, in the consultation document, the ICTA claims it needs to take further measures thanks to “unacceptable abuses by a minority of individuals or organized groups”.
The Mauritian telecommunications regulator says it’s particularly concerned about "objectionable" Creole-language content which, it says, is taken down too slowly by social media companies.
And, says the ICTA, the lack of any local offices for social media firms makes it difficult to apply pressure on them to remove content as other nations can. Instead, it is turning to technical measures – a move that prompted stark warnings from security and privacy advocates.
“Unfortunately, the ability of Mauritius to block, turn off, or implement some form of internet censoring is very feasible,” Erick Thek, dedicated intelligence research manager at Trend Micro tells The Daily Swig.
“Mauritius nationalized both fiber optic backbones and these backbones are connected to the four undersea cables connecting Mauritius to the rest of the world.”
The move to allow authorities the ability to snoop on encrypted web traffic also creates potential security risks for citizens.
“To make this work, everyone will have to add a new Certificate Authority to their computers, so that they aren’t alerted to a manipulator-in-the-middle attack when their communications are intercepted,” the Malwarebytes Threat Intelligence team told The Daily Swig.
“By asking everyone to download something – a certificate – that isn’t widely understood, this proposal kicks the door open for copycat scammers proffering malware, running phishing scams with government branding, or offering their own certificates and running their own MitM attacks.”
Mauritius: Sun, sea, and censorship
Unsurprisingly, the proposal has prompted strong opposition from those fearing further government surveillance on the part of the Mauritian government.
In a recent blog post, Jillian York and David Greene of the Electronic Frontier Foundation (EFF), wrote:
Authorities wish to install a local/proxy server that impersonates social media networks to fool devices and web browsers into sending secure information to the local server instead of social media networks, effectively creating an archive of the social media information of all users in Mauritius before resending it to the social media networks’ servers.
This plan fails to mention how long the information will be archived, or how user data will be protected from data breaches.
Meanwhile, a petition calling for the proposals to be scrapped, launched by Anglo-Mauritian writer Ariel Saramandi, has reached around 22,000 signatures.
“This is a country that has arrested journalists, that arrests citizens for posting memes making fun of the prime minister, that already has a dangerous, absurd law in the ICT Act,” she tells The Daily Swig.
“The proposal, if put into place, would give authorities a tool of incredible magnitude in their hands, which would enable them to silence government critics. It’s a death knell for freedom of speech.”