Overseas IT firms offer Burma’s government added protection against online activism
Of the 1,100 prisoners of conscience currently languishing in jails throughout Burma, not one is a cyber-dissident. No organization contacted by The Irrawaddy has any record of Burma’s military government detaining or sentencing a single Burmese citizen because of their activities on the worldwide web.
Given Burma’s recent efforts to get its hands on the most advanced security and spying software available, however, that statistic may be about to change.
Companies and IT specialists from the US, Canada, Britain, Thailand and Singapore are now offering their wares to the Burmese government as it strives to further secure the net, meaning those that have been bypassing the country’s filtering system thus far may be in for a nasty surprise.
“Burma’s system of internet control…may worsen as it moves to a more sophisticated software product and as the state moves to tighten online restrictions,” the Open Net Institute—a collaboration between the universities of Harvard, Toronto and Cambridge—said in a report published last month.
But since its publication, the situation has been progressing even more quickly in Burma’s IT sector—ONI’s research does not include deals done since the spring, when it conducted its research into the activities of US-based Fortinet.
The company appears to have been involved in Burma since last May, when sales representative Benjamin Teh visited Rangoon to introduce Fortiguard, considered one of the most comprehensive filtering products available. The New Light of Myanmar documented the occasion with a report saying Fortinet had teamed up with Myanmar Millennium Group.
MMG would not take calls to discuss the arrangement, while Teh himself says Fortinet has no involvement in Burma, even refusing to admit he had visited the country. He was, however, caught out by The New Light of Myanmar, which on May 15 printed a picture of Teh warmly shaking hands with Burma’s former prime minister Khin Nyunt.
Fortinet’s Michelle Spolver, the company’s chief spokesperson at its headquarters in Sunnyvale, California, has also refused to acknowledge a relationship with Burma, referring to the company’s “two-tier distribution model,” which suggests that Fortinet is not directly responsible for where its products end up.
However, Yvonne Cheong—who acts as Fortinet’s spokesperson in the Asia Pacific region—went further in her evaluation of the company’s activities: “I believe that [MMG] could be our reseller. We are currently investigating the matter and we are evaluating appropriate action,” she said.
Cheong will not have to look far in conducting investigations on behalf of Fortinet—she is based in the same office as Teh on the 40th floor of the second Petronas Tower in Kuala Lumpur, where the company’s regional office is located.
Fortinet’s product is believed to be in use now—Burma’s internet users first noticed something was different earlier this year when the usual DansGuardian banned content screen was replaced by “access to requested URL has been denied,” a message ONI says is the work of Fortiguard.
The product consists of two parts—the Fortigate anti-virus firewall and the Fortiguard ratings server. It is the latter component that experts say greatly reduces access to sensitive or illegal websites.
Fortiguard uses 55 categories in real time to create a detailed profile of the content the network operator does not wish its users to see, a system Fortinet describes as “the industry-leading content ratings database.” The industry seems to agree—Fortinet has received numerous awards for its product.
“The Fortinet suite is more extensive and, arguably, more sophisticated [than DansGuardian],” says Derek Bambauer, a research fellow at the Berkman Center for Internet and Society, Harvard Law School.
But while Fortiguard draws the line at censoring web content in Burma—a country described by ONI as “one of the world’s most restrictive regimes of internet control”—there is another product introduced into Burma more recently that will undoubtedly have digital dissenters squirming in their seats.
Burma’s internet caf?s have always required that users submit their personal details prior to using the internet. They also spy on customers with surveillance cameras. Soon Burma’s network will be hooked up to the industry standard in what the IT world calls “legal intercept products”—software that allows the operator to spy on every piece of data on the system, including emails, without the user’s permission or knowledge.
Indeed, Xciprio—produced by another California-based company, SS8 Networks—is generally considered a cyber-dissident’s worst nightmare. Vineet Sachdev of SS8 says Xciprio is the market-leader in products that allow the administrator of a network to spy on users. Again the product has received a series of industry awards.
“I believe that is what is being deployed in Myanmar [Burma],” Sachdev said, admitting he was unsure of the exact details of SS8’s involvement in the country.
The product’s abilities, however, are clear: “You could tap into someone’s IP communication…you can tap into data or voice communication,” he says.
Details of SS8 Network’s recent involvement in Burma were first reported on October 3 in The Voice—a Rangoon-based weekly—which said the security software specialist had agreed to a three-year deal with Ahaed Company Limited based in Rangoon, information it attributed to Ahaed’s managing director Myo Myint.
SS8 does not have an office in Hong Kong, as reported, although it did have premises in the territory two years ago which it has since closed, opening a replacement in Nanjing, mainland China.
Like Fortinet, SS8 claims it is investigating its ties with Burma, although under different circumstances. Thomas Gudsnuk, company vice president of corporate development, claims SS8 Networks—the real one—is the subject of a scam: “The report is in error, or worse yet, there is a group posing as SS8 Networks unlawfully,” he told The Irrawaddy. Gudsnuk denies his company is involved with any Burmese companies.
However, Lee Chee Hoong, a technical consultant for the company based in the country’s regional office in Malaysia, says the Ahaed deal was done “via one of our partners in the US.”
The article on SS8 that appeared on the front page of The Voice on October 3—which was picked up by a number of news agencies, including China’s Xinhua—also mentioned a deal involving another North American company, this time in Canada.
Teleglobe—a telecommunications firm with networks throughout the world—is reported to have signed an agreement on August 25 which would make it only the second private ISP in Burma after Bagan Cybertech.
Again, the company has been reluctant to divulge any information about the deal. Josse Saint-Pierre, the company’s chief spokesperson at its headquarters in Montreal, failed to oblige repeated requests for further information.
However, a quick look at the company’s website reveals it is very much involved in Burma. A detailed map of Teleglobe’s worldwide telecommunications network reveals the company has already established Burma as one of its interconnection sites, a line it shows runs to Singapore and then on to Hong Kong, its regional service access location.
The company’s website also lists Lertratana Ratananukul as Teleglobe’s Burma representative, based at the All Seasons Office Place Building in Bangkok. Lertratana did not respond to repeated telephone calls, answer machine messages or emails.
Little is known about Teleglobe’s deal to operate in Burma, except that it was agreed online, according to The Voice, which has extensive contacts within Burma’s IT industry. The former publisher of the magazine’s sister publication, Living Color—until his arrest—was Ye Naing Win, son of former prime minister and head of Military Intelligence Gen Khin Nyunt. Ye Naing Win was also the head of Bagan Cybertech and Maykha Technologies, an affiliate, before MI fell from grace last October.
A foreign source who previously conducted unsuccessful negotiations with high-ranking Burmese government officials in the hope of providing internet services in Burma, says any ISP—regardless of whether it is foreign or not—can only play ball with the generals if it is prepared to accept very strict rules of engagement.
Myanmar Posts and Telecommunications is said to insist that all internet operations in Burma be run from a central location to better facilitate monitoring. The Burmese government’s principle internet concern, though, is the control of its users “through a combination of price and location.”
Burma has remained one of the most expensive internet systems in the world since its inception four years ago, while most internet caf?s in Rangoon are concentrated within touching distance of downtown or in up market premises and neighborhoods—you won’t find an internet caf? near the National League for Democracy headquarters on Shwegonedine Road.
Like Bagan Cybertech, Teleglobe will also undoubtedly have to fill its top positions with foreign staff fluent in network construction and maintenance, as Burma has been completely devoid of any internet expertise among its own people until recently, when many were sent abroad to study IT, principally in Singapore and Malaysia.
Bagan Cybertech’s leading network experts are Karl Sumpter and Paul Crilley, both from England. The pair have been in Rangoon since the end of the 1990s and are believed to be the brains behind Burma’s development of the internet, according to their private emails.
“I am working in Burma…setting up the country’s first [read: government-controlled] ISP,” wrote Sumpter to a hardware supplier back in 1999.
He is currently Bagan Cybertech’s network operations manager and therefore responsible for the maintenance of the company’s firewall and filtering systems. Sumpter refused to speak to The Irrawaddy; Crilley was unavailable for comment.
Both are also believed to be responsible for seeing through Burma’s recent drive to further its internet service, a move which has resulted in high-level talks between one of the country’s chief infrastructure suppliers, Shin Satellite of Thailand, and Information Minister Brig-Gen Kyaw Hsan in Rangoon at the beginning of last month. Shin Satellite—a subsidiary of Shin Corporation, which is owned by the family of Thai Prime Minister Thaksin Shinawatra—has already sold a number of IPStar satellite terminals to Burma.
All of these recent developments pose serious concerns for those that hope Burma’s internet might one day be less restricted. Indeed, Bambauer believes the junta’s actions are likely to result in strict censorship for years to come: “Countries that implement filtering and surveillance are building an infrastructure from the ground up—this initial architecture influences how these practices evolve in the country over time,” he says.
“In other words, filtering and surveillance are path-dependent, and initial choices can dictate future developments.”
Burma would, however, be unable to achieve such sophisticated results without help from overseas, experts say. The companies facilitating Burma’s increasingly sophisticated restrictions on internet freedom operate out of nations that are among the most outspoken about the country’s need for democratic reform.
The net result for Burma’s democracy movement is clear—the worldwide web is no longer a window of opportunity allowing even the slightest degree of safety in circulating information considered subversive by the government. Would-be cyber-dissidents in Burma should beware.
Foreign ISP is Still-Born
By Clive Parker
Pat James, Shaun Hurley and Mike Blanche do not speak any more. However, less than a decade ago the three—American, Australian and British respectively—formed the core of what became Burma’s first taste of the internet age.
“We were totally against the law,” James recalls, describing when he and a group of foreign businessmen introduced Burma’s first emailing system in 1996.
“But we did it with their knowledge, in fact the minister [of Communications, Posts and Telegraphs, Win Tin]… would drive right by the IPStar satellite dish sitting in front of our office,” he adds.
Having purchased equipment from Thailand’s Shin Satellite, James and Hurley set up the Eagle Group, offering those rich enough the chance to use email in Burma for the first time. The company hooked up with Digiserve of England—owned by Blanche—whose servers operated out of Maryland in the US.
As Blanche says on his personal website: “For a period of nearly two years, every email in or out of the country [Burma] passed through one of my servers.”
For the privilege, James and Hurley were paying one US cent per kilobyte of data, while charging their growing base of customers in Burma up to US $1.
“At that time, the cash register started rolling over in a couple of people’s eyes…from the Burmese side,” James says.
Hurley claims James was equally struck by the economic opportunities that were opening up, admitting he himself had become “greedy.”
By 1999, James was featured in Burma’s state-run press regularly—The New Light of Myanmar in January ran a number of stories on the American’s internet escapades. James was paying for Burmese IT students to study abroad one minute; in the next, he and Hurley were demonstrating Burma’s golden IT future to the generals, courtesy of Singtel of Singapore.
After what James describes as dozens of meetings with Military Intelligence to discuss establishing a full internet service, things suddenly went sour. James and Hurley had already split, but soon both were facing the end of their short reigns in Burma’s fledgling IT industry.
On December 14, 1999, without warning MI raided James’s three offices simultaneously, along with those of Hurley, subjecting James and his then wife to days of interrogation.
Hurley and James disagree over the reasons behind the crackdown, the Australian claiming his former American partner had become too noisy about his satellite potential in the face of splits among the foreign IT community in Rangoon and frightening the junta.
According to James, his equipment was seized to be used by Ye Naing Win—the son of the then head of MI Khin Nyunt—in starting up Bagan Cybertech.
In completing the purge, the Burmese government requested Hurley to pass ownership of what was known as the “dot mm” top-level domain to Myanmar Posts and Telecommunications, Burma’s very own part of the internet the Australian had previously registered with administrators in the US.
Eagle Group was finished, along with all other foreign internet ventures. Meanwhile Blanche was wondering what had happened to his clients in Burma, claiming never to have heard from James and Hurley again, losing a lot of money in the process.
Shortly afterwards, in the middle of 2000, James and Hurley left Burma, with many other foreign IT workers also choosing to escape the country, Ye Naing Win took control of the country’s internet future. Exactly a year later, Bagan Cybertech was born. |