openSecurity

Challenging the Syrian state: using information systems to document human-rights violations

How modes of resistance to document state-sanctioned violence changed after the uprising. From States of Impunity.

Ali Ali
19 May 2015
syria activist copy.jpg

Syrian activists used technology long before the Arab Spring to work around the censorship of the Syrian state. With the revolution they reoriented those technologies to directly confront it. Freedom House/Flickr. Some rights reserved. 

Syrian human rights defenders have mobilised information systems in order to document human rights violations and to challenge the legitimacy of the Syrian state. They use a mixture of advanced and low-tech Information Communication Technology (ICT), which empower them but also expose them to harm. Within this schema new ICT tools and changing local and regional contexts have come to influence the methods of challenging the Syrian state.

Syrians use information systems in different ways to challenge the state. They document violations, turning narratives and observations into lists, graphs, and reports documenting abuses of power as they happen. They include systems of transforming different forms of information into a document for use as evidence in a legal court. Daniel Headrick’s idea of information systems is useful in this context because it is more holistic than thinking only of specific ICTs. Information systems are conventionally used to gather; classify; transform; store/retrieve; and to communicate information. Systems–like newspapers and websites–can have multiple overlapping functions in this way.. For these reasons they have been closely tied to power and accordingly surveilled. The state has in turn adapted the contours of its repressive architecture to target these kinds of threats to its legitimacy and power. 

In the early days of the protest movement, Syrian authorities tried to supress and discredit information related to peaceful demonstrations taking place across the country, fearing that the protests would spread and topple the political order. Syrian authorities have attempted to restrict this information from reaching the international community by also relying on different technologies–some digital and 'high-tech' as used by the Syrian Electronic Army, and some crude and 'low-tech', such as physical torture of activists to punish them and to extract information.

Internet controls and vulnerabilities before 2011 

In 2000, there were only an estimated 30,000 Internet users in Syria, reaching 5 million by 2012–still only 22% of the population. State controls over internet use also increased; the government filtered content and used vaguely-worded laws to arrest online dissidents  while concurrently promoting internet growth throughout the country.

Reporters Without Borders classifies the Syrian government as an 'Internet Enemy', and obtained a confidential 1999 bid invitation from the Syrian Telecommunications Establishment (STE) to install a national internet system in Syria with in-built surveillance capabilities that could record activities and reveal users real identities. The STE and the Syrian Computer Society (SCS), founded by Bashar al-Assad, control the Syrian internet network. SCS controls the 3G infrastructure while the STE controls the majority of fixed connections (RSF 2012). Whether the system installed in the early 2000s met the requirements of the bid is unknown, but the Syrian government’s determination to monitor internet communications was clear.

Most Syrians accessing the Internet used cafe or dial-up connections because 3G internet was unaffordable, costing around US$50 per month. Café speeds varied, but many in Damascus were fast enough for speedy access to blocked sites like Facebook and YouTube through a proxy server.

Authorities pressured internet cafe owners to assist in their surveillance of Syrians. In 2008 they demanded that owners record clients' identification, and the times they entered and left the cafe. In 2010 authorities in central Damascus were not enforcing these requirements consistently: only from the summer of that year did café owners start to demand identification. Authorities still relied on a correlation of physical presence–old-tech surveillance–with traces of activity on surveilled computers.

Rami Nakhla is an activist who with others ran an online newspaper, aimed at encouraging Syrian youth to challenge the exorbitant mobile phone monopoly, and soft laws for honour killings. Their newspaper was terminated after security forces visited its private funder, prompting them to relocate activities to Facebook, extending their reach. Facebook being a social site, and not inherently political, meant Syrians were less afraid to use it. 

Syrians not literate in internet security were highly vulnerable to surveillance and arrest. Rami taught individual opposition members basic security in their homes. Counterfeit Windows operating systems, bought locally for $2 instead of $100, created problems because they could not receive security updates, exposing users to thousands of vulnerabilities and remote hacking. He instructed them to use proxy servers to conceal their activities but some were hard to train:

One of them had a piece of paper with step by step notes: switch on the computer, open Explorer, type gmail.com, and his username and password. … It was important to train them all: if one was insecure, the rest became insecure if regime security acquired their contacts list.

Documenting violations before 2011: a 'low-tech' process 

Maf, which means 'right' in Kurdish, was established in Syria in response to government repression of protests in Kurdish areas, killing 30 and injuring 160 in 2004. I interviewed Hafiz Abdul-Rahman, a founding member and a Member of the Board of Trustees, said they used telephone communications to arrange meetings with relatives of the enforcedly disappeared. Maf's information system consisted of a network of trusted members and external informants from political parties. They used computers to store information gathered by individuals. Authorities knew of their work but rejected applications for a license while allowing Maf to attend court hearings of those arrested. They felt they had implicit permission to communicate basic information about the cases they were following by email, and for ”other things we tried to speak about in code or not speak about them at all.” 

Maf attempts to contact family members to assess their desire to record and follow up an arrest; it cross-checks information gathered from relatives with others in the field, seeking clues about the individual’s location, and verifying information within trusted networks. In this sense their methods were 'low-tech', reliant on face-to-face interactions and relationships of trust to document state violations. Some rejected Maf's overtures, fearing the arrest of another relative, or hoping instead that their relative(s) could be released via bribery. Maf's involvement was felt to jeopardise the success of any such process. 

Members of Maf and other human rights organisations were themselves detained by the state, reminding them of the limits that the state continued to impose on the work they did. ”They didn't arrest all of us at once, ... but one person from each organisation from time to time, to discipline the other members was common.”

The Arab Spring and new ways of using existing ICTs in Syria

Syria's technological and political environments changed significantly in 2011 with implications for the ideas and methods commonly utilised to challenge state legitimacy. Firstly the Syrian government lifted bans on Facebook and YouTube after the Egyptian Revolution. Rami believed that this was a way for the state to demonstrate confidence that there was no such demand for political reform in Syria; and to facilitate state surveillance by encouraging Syrians to use the sites without proxies. 

After protests began in March 2011, growing in number and frequency, the scale and range of human rights violations increased. The Violations Documentation Centre (VDC) documented over 110,000 deaths. The challenge of accurately documenting these violations continues to overwhelm human rights groups in Syria. Even well-resourced organisations like VDC do not believe they are comprehensively documenting the high numbers.

Since 2011, not only have new types of ICT become available to activists to challenge state legitimacy, but new ideas about implementing existing technologies have emerged, prompted by the collapse of the wall of fear. At the same time, the state has mobilised its own counter-measures targeting those using these technologies.

Bassam al-Ahmad, a spokesperson for VDC, described Facebook as an important communication tool for revolutionaries organising protests. They filmed protests on their mobile phones and uploaded them to YouTube and Facebook. TV Channels like Al Jazeera gathered information about protests via social media. Those seeking to challenge the Syrian state documented protests with digital video recording tools. They uploaded them to the internet in order for the recordings to be disseminated by satellite television. These high-tech tools were available to Syrians before 2011, but the Arab Spring suggested new uses for these tools: to directly challenge the Syrian state.

Maf could not rely on social media as pages were maintained by the tansiqiyaat (local coordination commitees) who organised protests and were considered partisan: "The tansiqiyaat might report five deaths when really there were three and two injuries. In some cases individuals hunted by the regime used Facebook to falsify their own deaths." Maf therefore relies on its own network of informants. Once they are confident of the accuracy of the information, Maf collates data into a weekly report, released in conjunction with other human rights groups. It lists the names, types of violations, and their location. It is distributed via email and posted on their website.That is the nature of Maf's information system, structured around intimate, trusted networks and slow documentation to ensure accuracy.

Working for the Euro-Mediterranean Human Rights Network (EMHR), Karam al-Hindi's documentation relied on interpersonal or telephone communications. EMHR investigators contact relatives and assess who controls checkpoints in and around sites of disappearances. Investigators produce reports designed for legal purposes, containing fingerprints of witnesses, which are turned into electronic documents and sent to EMHR. The technology allows original documents to be destroyed, protecting investigators' safety but the information-gathering element of the system relied on face-to-face interactions.

VDC also relies on trusted networks of informants and data collectors but are prepared to include social media as supplementary material in documentation. Their website has a searchable database and reports are often accompanied by links to video footage of fatalities. Websites of the VDC and MAF–and their email lists–are part of a system of storing, transforming, and communicating information from one point to many, and from many points to one. They are also part of information gathering as investigations into missing persons can begin via email.

Encryption software enabled activists to securely store information that challenges the state. Rami Nakhla told me that activists used this 'high-tech' encryption software to secure their laptops. One programme let users configure a decoy 'system failure' message when switching on the computer. They could enter a password to re-activate the computer but the software blocked unauthorised access from government security forces. 

In addition to general constraints associated with slower and more expensive internet access in Syria, and government internet controls, infrastructure damage has further constrained internet use. Satellite Internet Technology (SIT), sometimes accompanied by solar power devices, allows activists to bypass these constraints to upload and download large data volumes. They are expensive to purchase and run: one device costs around $1500 and comes with 6 months of internet access. Turkish smartphones, loaded with data, are another reported means of bypassing Syrian government controlled communications. They are limited in use to areas close to the Turkish border but cost less than SIT. Both have enabled activists to challenge the Syrian state and communicate safely with the outside world, and with each other.

Vulnerabilities 

The Syrian government has used a range of methods, from 'high-tech' data surveillance to the 'low-tech' torture, to steal passwords and data from activists. The first ‘Man In The Middle’ attack in Syria was reported in May 2011. It used phishing, automatically redirecting users away from secure Facebook and Yahoo! sites to counterfeit versions into which users entered their passwords. Hackers believed to be working for Syrian authorities have targeted attacks against activists such as Taymour Karim who, during torture in detention, was shown 1000 pages of transcripts of his Skype and other communications. ”My computer had been arrested before me.,” he says.

Hackers used malware, inadvertently downloaded by Karim, to steal information about his contacts and activities. The data from these and other hacks was sent to servers with Syrian IP addresses, leading Reporters Without Borders to conclude that the Syrian Electronic Army (SEA) was responsible for the attacks, particularly after it ”disseminated 11,000 names and passwords of ’NATO supporters’– that is opposition members.” 

Non-digital vulnerabilities are still important, 'low-tech' methods like torture can break high-tech encryption. Rami explained that, ”after many activists were detained, regime security realised that the decoy failure messages appearing on laptops were identical. Eventually one activist broke under torture.”

The most secure addition to their information systems has been satellite internet technology. Other new tools have not all withstood government surveillance. Satellite telephones, favoured by journalists and also used by FSA units, are traceable and, said those I interviewed, no longer used. 

Maf acquired satellite audio communication devices with a few kilometres range, but ”by the time we received them we learned that they were detectable by government forces,” Rami says. Currently satellite internet devices remain secure and undetectable by Syrian authorities, but this has not stopped Syrian authorities from attempting to spread fear into the minds of their users by implying the contrary. Karam noted, ”the regime has a vehicle with a rotating satellite dish on the roof which can detect satellite devices. It drives around Damascus accompanied by security forces. When a signal is found, soldiers raid buildings nearby.” 

Rami and Hafiz are confident SIT is undetectable because of the nature of the device's signal acquisition process. It connects directly to a satellite and can capture a signal within minutes, making it very difficult to trace. The 'detection vehicle' is 'a form of psychological warfare on the part of the regime to affect those using it', one which influenced, but did not deter, Karam's use of the technology.

The human vs the tech

ICT cannot be separated from socio-cultural and political contexts. ICT tools like smart phones, internet, social media, surveillance technologies, proxies existed in Syria before the uprising began in 2011. However, as the political and socio-cultural context changed in light of the Arab Spring, different uses for the technology within activist and other networks in Syria came to light, notably, to challenge dominant power structures.

Authorities also feared that information–evidence–of abuses of human rights, massacres of peaceful protestors and the use of chemical and biological weapons against civilians, could lead to a military intervention as occurred in Libya, spurring evermore aggressive systems of surveillence by the state.

The different ICT tools used by activists within their information gathering and communication systems left them more vulnerable to this increasingly intrusive surveillance. In the Syrian context, the institutions and investigators spying on key populations have sinister motives. Sophisticated ICT tools allowed authorities, with their own information gathering systems in the form of different intelligence and security branches, to upgrade their systems. What has also been clear, from both the power structures in Syria and those seeking to challenge them, is the resilient importance of human factors, the low-tech and face-to-face aspects of their systems more than the advanced ICT tools themselves. Information systems may include advanced encryption technology to store information, but vulnerabilities in the systems can include humans subject to physical torture.

However, as Syrian authorities became more brutal in their repression, it may be that they have had to rely more–at least proportionately–on technological surveillance. One analysis of the early days of the conflict suggests that networks of informants, which state security forces depended on, dried up because of resentment at regime brutality. 

As well as the wider political context, meso and micro level factors influence the use of ICT. How 'tech-savvy', and therefore how vulnerable, an individual is may relate to their class and educational background. It also relates to the networks which they are plugged into that open up possibilities to access resources that allow them to circumvent state surveillance and implement counter-measures. 

A wider lesson to be taken from these cases might be understanding the latent dangers to society posed by extensive state surveillance from authorities with infrastructure and broad legal powers to detain individuals. That lesson should be considered here in Britain where GCHQ has colluded with the NSA to illegally spy on civilian populations, and as the British government continues to expand its legal powers of surveillance and detention, under the unconvincing pretense that this is for our own protection. 

Had enough of ‘alternative facts’? openDemocracy is different Join the conversation: get our weekly email

Comments

We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram