x Abu Dhabi, UAETuesday 25 July 2017

Big Brother matures into spymaster Ammar 404

Under the dictatorship of Zine El Abidine Ben Ali, Tunisia was at forefront of state monitoring citizen's web activites using western technology.

TUNIS AND ROME // In Tunisia, Big Brother goes by an alias: Ammar 404.

A play on the "Error 404" message for blocked websites, Tunisian bloggers dreamed him up as a fictional frontman for the sprawling surveillance state of the former ruler Zine El Abidine Ben Ali.

Aided directly and indirectly by American and European suppliers, Ammar 404 took control of nearly all electronic communication in Tunisia and turned lives upside down - even changing the content of emails in transit.

In this world, Tunisians of all stripes could never be sure if emails arrived as sent or at all, or who was reading them.

Tunisia's surveillance capabilities put it at the forefront of a technological arms race in which repressive regimes are gaining increasing power to monitor - and manipulate - citizens' electronic activities.

The review of Tunisian surveillance draws a rare blueprint of a totalitarian nation's monitoring apparatus, and is part of an investigation across the region that reveals how governments use western surveillance technology to track dissidents.

In Syria, an Italian company pulled the plug on an internet monitoring system after Bloomberg reported the project was in the works as the death toll of protesters mounted. Iran purchased European gear to track citizens' locations after a crackdown surrounding the contested 2009 elections. Egypt, Yemen and Syria purchased the same interception gear, the investigation found.

Tunisia is a model of what could await the rest of the world if sales of these technologies go unchecked, says Ben Wagner of the European University Institute near Florence, Italy, who has published research on internet governance in Tunisia.

The Ben Ali regime deployed the surveillance gear to demonstrate its power, Mr Wagner said. Changing emails into nonsense, rather than luring dissidents into ambushes, created a pervasive unease, in which even spam could be perceived as the work of Ammar 404, he said.

"It leaves citizens in a persistent state of uncertainty about the security and integrity of their communications."

Western suppliers used the country as a testing ground. Moez Chakchouk, the post-revolution head of the Tunisian Internet Agency, said he had discovered that the monitoring industry gave discounts to the government-controlled agency, known by its French acronym ATI, to gain access.

In interviews following Ben Ali's departure after 23 years in power, technicians, activists, executives and government officials described how they grappled with, and in some cases helped build, the repressive Wonderland.

A post-revolution hunt for Ammar 404 shows that while he is, of course, nobody in particular, many shoulder responsibility for his deeds.

"I can tell you how it was done," said Kamel Saadaoui, 46, who ran the internet agency from 2008 through the revolution. "Tunisian companies, whether the telecoms or the Tunisian Internet Agency, have worked with European companies," he said in May, soon after he was promoted to president of the nation's telecommunications regulator.

Mr Saadaoui, who has a master's degree in computer science from Michigan State University, said he helped procure and set up the system that captured and changed emails. It uses a technique called deep-packet inspection, which peers into the content of communications and sends suspect emails to the interior ministry.

The interior ministry spokesman, Hichem Meddeb, said his ministry had no role in surveillance. "It's not our job to intercept phone or email or websites." Security agencies probably handle such things, he said.

"It's like intercepting written mail," said Milton Mueller, an information studies professor at Syracuse University in New York.

The cyber-repression was made easier by the physical structure of Tunisia's data flow, which runs through just a few choke points. In broad terms, the system has two distinct parts: one for intercepting phone-related traffic and one for the internet, Mr Saadaoui said.

Each phone company taps for voice, text messages and other mobile data, which feed into monitoring posts, mostly at the interior ministry, a person familiar with the system said.

To monitor the Web, the government channels nearly all computer traffic through the national internet agency. Its gear is housed in rooms it controls at Tunisie Telecom buildings in three Tunis neighbourhoods.

"All the international connections are coming to those sites," Mr Chakchouk, 36, the agency's chief since February, said.

Once the system flagged a suspect email it was sent to the interior ministry.

Mr Saadaoui revealed details of Tunisia's surveillance, he said, in part because he had become disillusioned with how Ben Ali's regime had politicised the internet over two decades.

In 2008, activists noticed something was wrong, and conducted experiments to demonstrate Ammar 404 had employed new tools.

By 2010, it became a contest as Tunisians increasingly employed encryption that the inspection couldn't crack. Communications on Facebook boomed, and the regime demanded better tools, Mr Saadaoui said. The same European contractor that provided email surveillance signed a deal to add monitoring of social networks, he said.

It was too late. The supplier hadn't yet delivered the solution when the "Facebook revolution" crested in January.

Today, Mr Chakchouk, the new head of Tunisia's internet authority, said he was working to dismantle Ammar 404, and turned off the mass filtering. Now he is locked in legal battles over court orders to block specific Web pages.

"We tried to understand the equipment and we're still doing that," he said. "We're waiting for the new government to decide what to do with it."