The Information and Communication Technologies Authority published a Consultation Paper on 14 April 2021 which contains proposals to amend the ICT Act.
On 19 April 2021, the ICT Authority issued a communique to bring some clarifications after people started commenting and reacting on social media about the Consultation Paper that ICTA had published a few days earlier.
After reading the Consultation Paper last week-end, I wrote a blog post explaining how the ICT Authority intends to decrypt Facebook traffic.
I quote paragraph two of ICT Authority's communique.
It has never been the intention of the ICTA to regulate the use of online messaging applications since these types of communication are of a private nature as opposed to public postings on social media platforms.
This above statement is misleading. ICTA itself is amalgamating messaging applications (WhatApp, Telegram, Signal etc) and social media. They should stick to clear and concise examples.
With the proposed toolset the ICT Authority will be able to decrypt & see all content whether of public or private nature on facebook.com, messenger.com and instagram.com. Let us not amalgamate by bringing other communication platforms and divert from the topic.
For simplicity & clarity I refer to Facebook in all my examples.
People communicate via Facebook, whether by publishing posts (private or public), commenting in groups (private or public) and through private messages.
ICTA will filter all incoming/outgoing Internet traffic in Mauritius in order to segregate social media traffic. Then, ICTA says that they will not regulate (ie. decrypt, archive & decide whether to block or not) private social media content but only public postings.
This is wrong, misleading and false.
All traffic to and from Facebook are encrypted. In order for the ICT Authority to identify what is public and what is private they will have to decrypt ALL and archive ALL content of the Facebook users in Mauritius.
Behold! Everybody's pants down. 🤦♂️
In a statement on a private radio an ICTA staff said that the proposed infrastructure will allow the ICT Authority to identify the authors of fake accounts through meta information (e.g the public IP address) from the Facebook traffic.
In order to do so, once again, ICTA will have to decrypt and archive all traffic in order to inspect at a later stage whether they have the IP address of someone when an "illegal content" was posted. If they do not archive the data then they will not have the meta information at the time an offence was committed.
Therefore, in my opinion, the ICTA communique is a desperate attempt to control the damage. There is no refuting that the proposed toolset will have to decrypt & archive all of the Facebook content (public posts, private posts, privates messages, private photos, private videos) in order for ICTA to achieve what they say they want to achieve.
Cover photo by Michal Matlon on Unsplash.