Internet Fragmentation > Mauritius: ICTA’s Threat to Encryption

Indiscriminate Surveillance Does Not Make Us Safer

^{Region: Africa
Threat type: Blocking Security Technologies
Last updated: 1 December 2023}

A policy in Mauritius threatened to break encryption, and has been met with strong opposition.

In 2021, the Information and Communication Technologies Authority of Mauritius (ICTA) launched a consultation relating to the encryption of traffic coming in and out of the country.

ICTA proposed they should intercept all traffic from social media platforms, on any device, going via ISPs in Mauritius. This traffic would be intercepted, decrypted, archived, inspected, and then re-encrypted while in transit. They claimed that this was the most effective way to moderate dangerous and illegal content, which social media platforms were slow to remove, especially in Mauritian Creole language.

ICTA aimed to carry this out via a proxy server, which would sit between a user’s device and a social media platform’s servers. You would need to install a root certificate on your device in order for your browser to trust that server, which would then be able to grab each packet of data from your device, check the destination, decrypt it, and archive it. It would then determine if this content was offensive or abusive. If the content was found to be legal, it would be re-encrypted for transit to its destination. The process of determining what qualified as ‘offensive’ or ‘abusive’ would be carried out by a team of individuals who would be part of the National Digital Ethics Committee (NDEC).

Such a proposal would break the end-to-end principle of the Internet as well as end-to-end encryption, posing a direct threat to user privacy, data confidentiality, and integrity. This threat to the open, secure, and global Internet is, by nature, a fragmentation threat.

There was strong opposition from many stakeholder groups, and a Change.org petition was created stating that this policy was a threat to democratic freedom in the country. The petition gathered almost 23,000 signatures, and more than 2,000 emails were sent to the body, including by Mozilla, EFF, Google, and Facebook. They asserted that the ICTA should focus on addressing concerns from citizens about harmful content, and that they should be corrective, rather than over-correct by being preventive. These individuals and groups succeeded, and the policy was removed from consideration.

Status

The Internet Society and Mauritius IGF responded to the public consultation together, asserting that any technology that breaks the end-to-end principle of the Internet as well as end-to-end encryption is harmful. ISOC posited that the response was disproportionate and undermines the security of the Internet for Mauritian users.

The proposal was removed from consideration and is no longer available on the ICTA website. This specific case is not an immediate threat, but we consider it important to raise awareness about the sort of actions governments might take that, even if unintentional, could pose a fragmentation risk to the global Internet. This is also an example where cooperation and multistakeholder action has been effective in reversing a potentially harmful policy.

Our Position

This move by ICTA undermines encryption and the general security of the Mauritian Internet by adding a proxy that indiscriminately decrypts all traffic that is routed through it. This type of encryption backdoor introduces vulnerabilities that can be exploited by others. The deployment of user certificates relies on methods that resemble the criminal behavior of phishers. Furthermore, the proxy can easily be avoided through the use of VPNs or overlay networks. Encryption is an important technology that helps Internet users keep their information and communications confidential and secure, and serves a crucial role in reinforcing the personal security of billions of people every day and the national security of countries around the world. Any technical means to decrypt social media messages can be used to decrypt any other traffic and is therefore fundamentally untrustworthy.

Talking Points

End-to-end encryption is the highest level of security people have online. Privacy and security go hand-in-hand with one another.
The ICTA proposal to use a proxy server to intercept individuals’ social media content would break the free flow of traffic, which is a clear threat to the open, global Internet.
The NDEC had a broad mandate, without clear guidelines on what constitutes ‘offensive’ or’ abusive’, making transparent decision making difficult.
This provided an opportunity to showcase the power of coordinated advocacy to resist Internet fragmentation. It was a quick, concerted, multistakeholder effort to stop the fragmentation of the Internet.

Take Action

Join our community as an individual or organization
Donate
Use the Internet Impact Assessment Toolkit to understand what the Internet needs to exist and thrive
Become an Internet advocate

Learn More

Mauritius IGF and Internet Society Response to Mauritius ICTA Consultation Paper
Proposed New Internet Law in Mauritius Raises Serious Human Rights Concerns (Electronic Frontier Foundation-EFF)
Reject the Proposed Amendments to the ICT Act dated 14/04/2024 (Change.org)