II. Ethiopia’s Control over Information and Communications Technology
The Ethiopian government exerts very tight control over all information and communications technologies through the deliberate jamming of radio and television signals, the monitoring of telephone calls and email communication, and by restricting access to information through blocking various Internet websites. The spread of telephone and Internet use in the country could open up opportunities to share ideas and information across geographical distances and borders in a manner that was inconceivable in Ethiopia a decade ago. But the government’s use and control of this sector violates internationally protected rights to privacy and the freedoms of expression, association, and access to information. Sadly, Ethiopia’s growing Internet and telecom sector, with so much potential to connect Ethiopians and open up access to new information, ideas, and opportunities, is being used as yet another tool against an already oppressed population.
Ethiopia’s Growing Telephone Network: More Opportunities for Government Control?
Given Ethio Telecom’s monopoly over the telecom system and recent technical upgrades enabled by foreign firms, the government of Ethiopia has the technical capacity to access virtually every single phone call and SMS message in Ethiopia. This includes mobile phones, landlines, and VSAT communications, and includes all local phone calls made within the country and long distance calls to and from local phones. Live interception capabilities are increasing and Ethiopia uses its exclusive control of the phone system to limit access to the network during sensitive periods.
Despite having almost unlimited control over the telecom network and the information that is being communicated on it, the ability to use those technologies acquired is limited and distrust between different officials and departments curtails the number of individuals with access to these surveillance capabilities. One former Ethio Telecom employee responsible for querying the Ethio Telecom database for specific phone calls estimated that he received no more than 30 requests per month for these phone calls. As mobile penetration and the government’s surveillance capacity increases, the extent of unlawful surveillance may also increase.
International and national law relevant to Ethiopia’s telecom and Internet surveillance are discussed in detail in the Legal Context section of this report. International human rights conventions to which Ethiopia is party, particularly the International Covenant on Civil and Political Rights, guarantee fundamental rights that have been repeatedly violated by improperly regulated government surveillance programs.
Under the 1995 Ethiopian constitution, everyone is entitled to the internationally protected rights to freedom of expression, to information, and to privacy. However, various national laws, such as the Mass Media and Freedom of Information Proclamation of 2008, the Telecom Fraud Offence Proclamation of 2012, and the Anti-Terrorism Proclamation, severely infringe on these fundamental rights. Human Rights Watch’s research found, however, that many human rights violations related to the Internet and telecommunications in Ethiopia are not a product of abusive laws, but rather the willingness and ability of the authorities to act without being hindered by any legal framework or possible legal action from the country’s criminal justice system.
“Brute Force” Confiscation
Despite these capabilities, the vast majority of individuals that Human Rights Watch interviewed who had experienced problems with the authorities from their telephone use were not from advanced surveillance technologies, but from security officials confiscating their mobile phone upon their arrest. Security officials, without warrants, would typically go through their phone log, their SMS messages, and sometimes their contact list. In some cases, this was to verify information that security officials already seemed to know but in most cases officials seemed to be acquiring new information. While some of the individuals who were subject to this unsophisticated but effective technique were in remote, rural areas and not high-profile, some very high-profile individuals were subject to this basic technique. In some cases, security officials knew the phone numbers of the people they were interrogating, but in many cases they did not. Given that Ethio Telecom has a comprehensive database of names, phone numbers, and other personal information of all phone owners in Ethiopia, it is clear that many security officials do not have regular access to the information contained in this database.
One high-profile case highlighted the relatively unsophisticated use of the telecom system. In February 2009, US diplomat Brian Adkins was found murdered in Ethiopia. According to former federal police officials, the police retrieved his telephone and went through the last phone numbers he had called. Using the Ethio Telecom database, they cross-referenced the phone numbers to the names and home addresses of these individuals. They interrogated each of them and eventually one of them confessed and was sentenced to 17 years in prison. There was no attempt to access the phone records of these individuals, no attempt to determine the locations of callers, and no attempt to listen to the phone calls between Adkins and these individuals. These capacities all exist within Ethio Telecom’s systems. Despite the technologies existing and being available, only rudimentary techniques were used for this high-profile case.
Unrestricted Access to Phone Call Recordings and Metadata
Perhaps the most blatant misuse of the telecom system is the government’s ease of access to historical phone records and recorded calls of Ethio Telecom customers and other metadata. Ethiopian security officials can access the records of all phone calls made inside Ethiopia with few restrictions. Information on all phone calls is stored and easily accessed through Ethio Telecom’s customer management system, ZSmart. ZSmart is a customer management database developed by ZTE and installed for Ethio Telecom to manage all aspects of a customer’s account, from personal information (name, address, even ethnicity) to billing information and detailed listings of phone calls. Phone call information includes the originating and receiving phone numbers, the location of originator/receiver, the time, date and duration of every call. ZSmart also includes the content of SMS text messages and the audio of phone calls received or originating from a selected phone number can be recorded, which can then be easily downloaded and listened to or saved to a USB stick for future use.
While standard, off-the-shelf customer management and billing systems have legitimate purposes, the ease of access by security agencies and lack of procedural or legal constraints, means that the system can be misused in inappropriate ways to access information that should remain private. That the ZSmart system in Ethiopia has been configured to enable access to text messages and full recordings of phone conversations only exacerbates the risk of abuse. ZSmart has been in place since 2009.
Figure 1. Sample screen from Ethio Telecom's ZSmart database. Required fields include name, gender, race, and whether the individual is on a “blacklist.”
All telecom companies globally maintain some level of record keeping of customer phone use for a variety of valid business reasons—otherwise, customer billing would be difficult to track. Crucially, however, capturing a recording of phone calls or the content of text messages is not necessary for these business functions.
Government access to the content of phone calls, text messages, and metadata/call records interferes with the right to privacy. As a result, to ensure such interference is not arbitrary or unlawful, many governments have enacted laws that restrict access to phone records and the circumstances in which calls can be intercepted or recorded. In many countries, it is illegal to record a phone call without a judicial warrant. Security or law enforcement agencies are often required to go through a specified legal process and demonstrate a legitimate aim, under oversight by an independent authority. A legislative framework that regulates access to this information is needed to protect the right to privacy and ensure that access to this information is undertaken in a proportionate and legitimate manner on appropriate targets and only by specified, authorized individuals.
The framework for legal protections of privacy rights in Ethiopia is limited. While laws exist that provide some guidance for surveillance (requiring the issuance of warrants for certain kinds of searches, for example), Human Rights Watch has found no indication of any regulations, directives, or procedures that guide surveillance and intelligence gathering beyond this. Our investigations did not uncover a single case in which there was evidence that warrants were issued by the courts to facilitate access to phone records or recordings.
Former Ethio Telecom and security officials told Human Rights Watch that the lack of defined rules and procedures meant that anybody with appropriate ZSmart database permissions could easily access this information. Former Ethio Telecom employees said that no request for information from NISS had ever been denied as far as they were aware. Federal legislation requires that Ethio Telecom cooperates with NISS when they are requested to provide intercepted information.
In practice, private customer information was accessed by security and intelligence officials in a variety of ways. Federal police officials would typically present letters to Ethio Telecom senior managers for access to certain user information. These letters were not signed by the courts and no rationale or legal justification for the request was ever given. These letters would then be passed on to junior Ethio Telecom officials by senior managers to facilitate the requests. NISS requests for phone records were much more informal: they would either communicate orally to Ethio Telecom employees whom they had established a relationship with to access certain information, or would show up at Ethio Telecom offices to query ZSmart themselves using log-in credentials supplied by Ethio Telecom employees. Ethio Telecom employees, fearful of reprisals from security officials, comply with these requests. NISS does not appear to go through a particular hierarchy or formal process to access customer data or phone call recordings.
Former Ethio Telecom employees also explained that the process for selecting targets of surveillance was often similarly informal. Authorities would provide specific telephone numbers to select for the recording of phone calls through the ZSmart system. Once a number is selected for surveillance, all calls made to and from that number would be recorded and accessible through ZSmart. Authorities rarely requested an end to recording of calls once a number was selected for surveillance.
Numerous individuals said that security officials told them that they were being continuously monitored. Those officials would then show them information from their phone records during interrogations. Often security officials were using this information to find out the location of different individuals they were looking for who communicated by phone with the detainee. Other times they wanted to clarify the meaning of the contents of specific phone communications. Several individuals told Human Rights Watch in detail about specific information gleaned from recorded phone calls that security officials revealed during interrogations.
One member of the Oromo National Congress, a registered Oromia-based political party, who was tortured in detention, describes his 2010 arrest:
After some time I got arrested and detained. They had a list of people I had spoken with. They said to me, “You called person x and you spoke about y.” They showed me the list—there were three pages of contacts—it had the time and date, phone number, my name, and the name of the person I was talking with. “All your activities are monitored with government. We even record your voice so you cannot deny. We even know you sent an email to an OLF [Oromo Liberation Front] member.” I said nothing. “I have a right to be a party member, I have a right to contact ONC. This is not a crime.” I refused to acknowledge I was OLF because I am not. They put me in cold water and applied electric wire onto my feet, they plugged the wire into the wall. They wanted me to admit that different people I had called were OLF and I told them I do not know if they are or not, which was true. They played one call with an Oromo where I said, “How are we going to meet?” “That means you are planning something” is what they told me. That was not a crime, they were a member of my party—I needed to speak with them.
An Oromo artist who wrote about political issues was charged under the Criminal Code after being accused of being a member of the OLF along with several dozen other people. She described her interrogation in Makalawi prison in Addis Ababa:
I was presented a six-page list of phone calls. They had calls highlighted and asked me specific questions about those calls. They also had my email address and showed me it but I denied that I had an account. They put a gag in my mouth and tied my hands behind my back to the chair I was sitting on. They said, “You spoke with somebody called [Oromo name] at time x from place y.” Many of these calls were to people in Moyale. They told me to confess I was OLF. They pushed me on this every night for one month.… When I wouldn’t confess they kept going back to my list of calls, and wanted to know who different people were. They played several phone calls I had with friends demanding to know what I meant when I said different things. I had nothing to tell them, we were just arranging to meet up. They kept telling me, “All your activities are monitored.”
The phone call recordings were not used in court and the defendants were all convicted and sentenced under various provisions of the Criminal Code. On appeal, her sentence was substantially reduced because of lack of evidence.
Another Oromo man described the authorities’ use of phone records against him:
Eventually I was detained. “You have been communicating with a, b, and c. You are collecting money for students and giving to OLF.” It was a plainclothes security man who detained me in Moyale and took me to the local police station and asked me all these questions. I was scared. “If you are talking through this telephone we record all conversations.” They mentioned around five peoples’ names I had been communicating with. They described in detail what I was saying to these people. On those calls, I talked about the constitution, about international human rights law, and how it exists only on paper. Government is not doing any of this. They told me this was considering “mobilizing” and that was why I had been arrested.
A journalist who was arrested after a demonstration in Oromia said he was mistreated in a military camp because he was communicating with “enemies of the government.” His 2012 telephone records were used to monitor his activities. He described the experience to Human Rights Watch:
A demonstration was being planned in (name withheld). I went and recorded video of the demonstration as I was instructed. We were targeted because of this. They smashed our camera. Our press manager was arrested at the demo, they followed me home and arrested me there and many of my other colleagues were arrested as well. I was taken to (name withheld) military camp. “All your records belong to us. You talked to x, a Muslim activist. You talked to person y, he is OLF.” I think they mentioned five people inside the country, and six or seven outside. “Since you started your job, we monitor all your activity. We know everything.” The ones outside [of Ethiopia] were all friends and family … the five inside [Ethiopia] were all from work.
Several individuals told Human Rights Watch that recordings of their intercepted phone calls were played for them by security officials during their interrogations. These phone calls were played from a memory stick or direct from a laptop and were only played after the detainees refused to divulge what they were communicating to certain individuals. In each of these cases, detainees describe innocuous information being twisted, invariably to try to link individuals to banned organizations, usually either Ginbot 7 or OLF. Quite often individuals were accused of “mobilizing” individuals to join the OLF. Most of these detained individuals were involved in registered Oromo opposition parties—often ONC or OPC.
Despite the extensive use of phone records during interrogations, the use of phone records or phone conversations in trials is much more limited. The 2011 anti-terrorism trials of Reeyot Alemyu, Eskinder Nega, and others featured recordings of phone calls introduced as evidence in court. In Eskinder’s case, the phone calls were with Elias Kifle (editor of Ethiomedia, a website run from the United States), Ethiopian Satellite Television (ESAT) journalist Abebe Belaw, and opposition party leader Andualem Arage. Elias, Abebe, and Andualem were all also convicted under the anti-terrorism law. According to court records, other introduced electronic evidence included Facebook and email communications between the defendants and the leadership of Ginbot 7. Phone calls introduced as evidence in Reeyot’s trial were also with Elias Kifle. All phone calls introduced as evidence involved the phone calls of one of three people: Eskinder Nega, Andualem Arage, or Kenfemichael Debebe. Under the anti-terrorism law, court warrants are required for access to this information. It is not clear whether any warrants were acquired.
The vast majority of the cases documented by Human Rights Watch involving access to phone recordings involved Oromo defendants organizing Oromos in cultural associations, student associations, and trade unions. No credible evidence was presented that would appear to justify their arrest and detention or the accessing of their private phone records. These interrogations took place not only in Addis Ababa, but in numerous police stations and detention centers throughout Oromia and elsewhere in Ethiopia. As described in other publications, the government has gone to great lengths to prevent Oromos and other ethnicities from organizing groups and associations. While the increasing usefulness of the mobile phone to mobilize large groups of people quickly provides opportunities for young people, in particular, to form their own networks, Ethiopia’s monopoly and control over this technology provides Ethiopia with another tool to suppress the formation of these organizations and restrict freedoms of association and peaceful assembly.
Human Rights Watch interviews revealed that interrogations seem to follow a similar pattern in which individuals are repeatedly told that security “is monitoring everything” and they should confess to various charges. If confessions are not forthcoming, security officials reveal knowledge of individual phone calls. If a confession or information is not revealed then an entire list of phone calls is produced or an individual phone call is played. At this stage, if no confession or information is obtained, prolonged detention takes place. As is often the case in Ethiopia, arbitrary detention without formal charges is common. In the cases Human Rights Watch has documented, mistreatment in detention at this stage frequently occurs.
Human Rights Watch wrote to ZTE to verify ZSmart’s capabilities and inquire about ZTE’s role in installing or training employees on this system in Ethiopia, as well as the firm’s policies to prevent abuse of its technologies. Human Rights Watch received no response to its letter and follow-up email, other than an acknowledgment of receipt. While ZTE’s public reports state that it has a corporate social responsibility strategy, including a Code of Business Conduct, it is unclear whether ZTE has any human rights policies in place to respect the right to privacy and freedom of expression.
Human Rights Watch also wrote to France Telecom-Orange about its role in implementing or updating the ZSmart system, and asked whether the company raised privacy issues related to access to metadata and recorded phone calls. Orange stated that its subsidiary Sofrecom was not involved in the selection of Ethio Telecom’s ZSmart customer care and billing system, nor in the selection or implementation of security equipment for mobile or Internet networks in Ethiopia. Orange specified that its only role was to ensure implementation for the customer care and billing system was done according to “industry best practices” to prevent unauthorized intrusion into the system. The firm has not been involved in discussions with the government concerning law enforcement access to user data. Finally, Orange confirmed that in a typical customer care and billing system, there is no need to record the content of phone calls.
The ease of access to the phone records and intercepted calls of ordinary Ethiopian citizens without any safeguards is contrary to the rights to privacy enshrined in the Ethiopian constitution of 1995 and international law. While legislation exists that enables access to phone records with a court warrant (or requires a warrant for generically defined “searches”), the law is vague or sometimes deficient in what it requires law enforcement and security agencies to prove to obtain a warrant. In any case, these provisions by all accounts are ignored in practice and security officials access records with little reasonable justification for their actions. Ethio Telecom officials said they could not resist government requests to hand over phone records because of fear of reprisals. As Ethiopia targets ambitious growth in its telecom sector, the problems arising from these issues are likely to multiply unless seriously addressed.
Targeting Foreign Communications
The Ethiopian government has also made use of the telecom system to arbitrarily arrest and detain individuals in Ethiopia shortly after those individuals communicated by phone with individuals outside the country. These arrests take various forms. In some of the 14 credible cases reported to Human Rights Watch, the authorities arrest people after they received phone calls from specific individuals (linked to specific phone numbers). In other cases they are arrested immediately after receiving phone calls from specific countries shortly after a friend or family member wanted by security had fled Ethiopia into that particular country. And in other cases, people that were already being harassed by security were arrested after they received a phone call from an unknown person from outside of Ethiopia. In the majority of these cases, security officials state communication with “OLF operatives in [country x]” as the basis for the arrest.
In some cases, individuals had their phones confiscated by security officials who went through the phone’s call log to check details of who they communicated with and that individual was arrested once it was evident a call had been received from outside of Ethiopia. In many other cases, security officials showed up at the individual’s home or place of residence between several hours and several days later and arrested them stating it was because of their out-of-country phone communication. While Ethiopia has information about the owner of every Ethiopian phone number (because of mandatory SIM card registration), it does not have the same information on foreign numbers. All Ethio Telecom can determine is the phone number, and thus the country of origin through the country code.
Many Ethiopians living outside of Ethiopia told Human Rights Watch of their fear of calling friends and relatives in Ethiopia because of this possibility. Many of them have been told by their family members not to call or communicate anymore because it is putting them at risk. While it is difficult to corroborate all of these cases, there are enough credible cases to indicate this is being used as a strategy to limit communication with individuals outside of Ethiopia. This also shows how telephone metadata can be used by the government as proof of a “crime.”
The majority of cases that Human Rights Watch investigated concerned communications with Oromo individuals in Kenya. However, there were several incidents of arrests as a result of calls to the Gulf States, to the United States, and to other sub-Saharan African countries. The vast majority of Oromos who flee Ethiopia go through Moyale in southern Ethiopia, and the borderlands between Kenya and Ethiopia are believed to be a base for OLF fighters. A presence among and perceived support for the OLF in Kenya’s Oromo refugee community is no justification for arresting Ethiopians who communicate with Ethiopian refugees abroad. Individuals also told Human Rights Watch that they believed foreign phone numbers were being targeted for a variety of reasons including the Muslim protests, money laundering, corruption, and to reduce the likelihood of further migration out of Ethiopia.
One high-profile case involved a United Nations security officer Abdirahman Sheikh Hassan, who was convicted in June 2012 and sentenced to seven years and eight months under the anti-terrorism law. According to media reports, the key evidence against Hassan were transcripts of phone conversations between Hassan and Sherif Badio, an ONLF leader in Australia, while he was trying to negotiate the release of two UN World Food Program workers kidnapped by the ONLF in May 2011.
Live Interception of Phone Communication
A number of individuals spoke to Human Rights Watch about the perception that phone calls are being monitored in real-time. While former intelligence officials confirmed that INSA has the technical capacity to do this, there is little evidence that it is done with regularity. Given the large volume of phone calls and the variety of different languages used in Ethiopia, it seems unlikely that live interception is occurring with any but the most critical of targets. Former Ethio Telecom officials told Human Rights Watch that Ethio Telecom employees do not have the capability to listen to the content of live mobile phone calls—that capability is restricted to INSA.
One former Ethio Telecom official described the pressure he was under to listen and record VSAT communication from a town in southern Ethiopia. He refused and said he was arrested three times for refusing to record conversations. In one case, the US broadcaster Voice of America (VOA) and German broadcaster Deutsche Welle were communicating with people about local political issues through Ethio Telecom’s VSAT satellite phone, the only phone in the community. He had been told he had a responsibility to monitor who uses the phone and to record “relevant” phone calls. He did not do that and was arrested. When he was posted to another location, security officials would give him specific phone numbers to monitor and record. He refused. When farmers from that kebele started appearing on VOA and Deutsche Welle, he was removed from his job and arrested.
Other individuals described to Human Rights Watch how their phone calls were diverted to third parties in often bizarre ways. Sometimes individuals would call a number and someone else would pick up the phone and query them on why they were trying to call this number. In other cases, the call would go through to the intended recipient, but a third individual interjects, insulting or asking follow-up questions. In these cases, the individual who answered knew details about the identity of the caller.
In all of the above cases, individuals had been under threat from security officials in the days leading up to these incidents and many had been arrested previously, usually without charge. While these anecdotal examples illustrate crude uses of this technology, they are indicative of the ability to divert and listen to phone calls, something that was corroborated by former intelligence officials.
Restricting Access to Phone Network
Since Ethio Telecom is the only service provider in Ethiopia, should a SIM card or phone number be blocked by Ethio Telecom, then that individual cannot access phone services in Ethiopia. The UN special rapporteur on freedom of expression has called on governments to refrain from compelling SIM card registration since it creates barriers to access to telecom services that are vital for a range of rights.
In order to receive a SIM card, individuals must produce government-issued ID, a passport-sized photograph and submit personal information (including home address and ethnicity). SIM cards are granted either through Ethio Telecom or through Ethio Telecom authorized resellers. Given Ethio Telecom’s monopoly over the sector, there is no other way to acquire a SIM card. Prevalence of mandatory SIM card registration has grown dramatically in Africa in recent years, with 48 African countries requiring mandatory registration of SIM cards. However, mandatory, real-name registration of SIM cards is not standard procedure in many other countries around the world, including in the US.
While there could be a commercial or technical justification for a certain phone number being blocked, there is no evidence of a policy or procedure to guide when and why a phone number may be blocked by security officials. It largely seems to be up the whim of security officials who communicate the requirement to be blocked to EPRDF cadres within Ethio Telecom, who either update ZSmart accordingly or orally share this information with frontline employees.
Many individuals described to Human Rights Watch that after they were arrested or interrogated about their phone communications, their SIM cards no longer worked. Fearful, most of these individuals stopped using their phone altogether, others borrowed friends’ phones to make calls, and others went to Ethio Telecom to find out why their SIM card no longer worked.
Some individuals who were blocked and tried to acquire another SIM card were told by Ethio Telecom that they were not permitted to get another SIM card. Because Ethio Telecom maintains a database of all SIM cards cross-referenced with names and personal information, they can easily prevent a blocked individual from acquiring another SIM card. This effectively restricts the blocked individuals’ rights to freedom of expression and association.
While the extent of SIM card blocking cannot be ascertained, Human Rights Watch did not find evidence that it was widespread. In the cases Human Rights Watch documented, SIM card blocking may have been used by the government only after other methods of intimidation and threats did not have the desired outcome.
The prevalence of Ethiopia’s kebele-level surveillance system ensures that people limit where and when they communicate with each other at a local level. Because of practical and administrative challenges with traveling to neighboring villages, opportunities to communicate between different geographical areas were limited prior to the growth of Ethiopia’s telecom network. The newfound prevalence of the mobile phone, and VSAT prior to that, have allowed individuals to communicate across geographic distances, resulting in the spread of ideas, news, and increasing the possibility of intra-kebele collaboration on various issues. While there are many economic and technical barriers that limit the usefulness of this technology for rural Ethiopians, limiting access to the telecom system prevents individuals from sharing ideas and mobilizing across distances in the same way that grassroots systems of surveillance always have. Given Ethiopia’s monopoly over the telecom sector, those individuals who do not have access to the telecom system or cannot get a SIM card have no other option to turn to as there are no other telecom providers in Ethiopia.
There have also been numerous occasions in which Ethiopia has shut down the phone network or SMS capabilities in certain locations at certain times. Given Ethiopia’s control over the telecom sector, the government can very easily turn off phone and Internet networks whenever it perceives a threat. It has used this ability to impact peaceful protests throughout the country, during counter-insurgency operations in the Ogaden, and during and after sensitive elections. One ONLF member described how they always knew an Ethiopian military offensive was imminent because the mobile network would be suddenly unavailable in the area of the offensive. Once the offensive was complete, mobile service would resume. In the violence that followed the 2005 federal elections, the government took the unprecedented step of blocking access to SMS and only resumed the service in September 2007, alleging that the opposition had been using SMS to organize protests.
One former Ethio Telecom engineer described to Human Rights Watch the ease of turning off the network for specific times and in specific locations. As an example of the precision of this technique, when key foreign dignitaries drive from the airport in Addis on the main Bole Road to the presidential palace, the mobile towers along the route are turned off five minutes before the motorcade arrives and resume shortly after they pass each tower. Federal police and security officials combine their efforts along the route until the head of state has passed.
A former government employee from East Harerghe Zone in Oromia described the disruption to telecom service that would occur at politically sensitive times:
Whenever a demonstration is planned, the telecom service in eastern Harerghe is cut. During local elections it was cut. During recent Muslim protests it was cut. It is usually cut from 6 a.m. until after 2 p.m. Message I would get in Amharic is “for time being there is no service.” Our network comes and goes all the time, but as soon as there is a problem for government there is no service whatsoever.
In Ethiopia, available legislation does not address when the government may shut down networks, and under what legal process or safeguards. Instead, the availability of the mobile network is subject to the whim of government officials who frequently impose unlawful restrictions on public gatherings.
The special rapporteur on freedom of expression has criticized the use of network shutdowns as a violation of the right to freedom of expression. Given the increasing importance of mobile phones in Ethiopia, turning off the mobile network provides the Ethiopian government a further means by which to control the activities of the population, preventing people from engaging in peaceful demonstrations, from sharing news and information at sensitive times, and expressing their views.
Geotracking of Individual Locations
Several individuals described being arrested based on “geotracking” the locations of their mobile phones. Geotracking can be done in several ways. Ethio Telecom’s customer management system has location details of the mobile phone tower that is used for both caller and receiver for all past phone calls. Mobile phones will utilize the strongest signal (usually meaning the closest mobile tower) to make calls. In Addis Ababa or other large cities where there is a greater density of mobile towers, knowing the location of the mobile tower that a call is made or received through could reveal someone’s location to within 50 meters. In the more rural areas where there may be only one mobile tower, Ethio Telecom’s geotracking capabilities provide less useful information about someone’s location. Locations of phone calls are often revealed to detainees by security officials during interrogations. While many rural kebeles require written authorization, whether legal or not, for residents to visit neighboring kebeles, security officials’ easy access to phone record location data gives officials a timeline of an individual’s movements.
In other cases, individuals were arrested based on real-time geotracking of their current location. According to former Ethio Telecom employees, real-time monitoring of the location of mobile phones can be carried out through the ZSmart system, which reveals location information (based on proximity to mobile towers), as long as a phone is turned on.
In many cases, however, individuals who were being monitored by security officials were arrested after a series of phone calls from phone numbers that individuals recognized as a security officer’s. These officers had previously called and harassed these individuals so their numbers were known to them. The calls in quick succession would indicate where, in general terms, the targeted individual was (based on mobile tower location). In some cases, the security official would have a brief conversation, in other cases, they would simply hang up. After security had ascertained the target’s approximate location, subsequent phone calls would be made to further refine the location and when security officials are nearby the moment the target picks up the phone this is seen by security and the target is arrested. On two occasions described to Human Rights Watch, this technique was revealed by security officials to the arrested target. Individuals also told Human Rights Watch that leaders of the Muslim protests in 2012 and 2013 were arrested based on geotracking their mobile phone locations. These claims have not been corroborated.
Human Rights Watch has found no evidence of any GPS capability or other more precise means of identifying mobile caller locations being used in Ethiopia, other than use of such mobile tower data.
Despite the availability of this technology, one regional police officer from eastern Oromia describes their unsophisticated, yet incredibly effective means of locating people:
We often know the location of people because we have people at all levels from kebele to woreda to individual farms. We know everything. Nothing happens without someone knowing. But if we do not know where they are for some reason, we can call a special department at federal police with the phone number, they get in touch with Ethio Telecom and then we get that person’s location. We don’t need to use technologies very often, as we have such a closely connected network at all levels from household on up. We know every step, every movement. People only travel in groups—if they go as individuals they usually need some sort of paper, so we often don’t need these technologies at our level. We know what people are saying and who they are speaking to. We can arrest anytime—we don’t need any evidence.
Controlling the Internet
Internet use is in its infancy in Ethiopia, particularly outside of Addis Ababa. Nonetheless, there is small but active community of online activists and the Internet is playing an increasingly important role in the spread of ideas, information, and perspectives among the young and educated. As is the case with the telephone system, Ethio Telecom is the sole Internet access provider and the government uses various means to keep access restricted, including by blocking websites, accessing individual email accounts, and intimidating users to censor their online content. The governmental also uses some of the world’s most advanced surveillance software to target key individuals in the diaspora. Concerns about Internet controls seem likely to increase with Ethiopia’s ambitious Internet expansion plans.
Ethiopia routinely blocks websites that are critical of the government. Opposition parties, diaspora media sites, blogs, and numerous human rights sites are blocked and completely unavailable in Ethiopia. In a country in which independent media is extremely limited, journalists are threatened and forced into censoring their writings, and both national and foreign reporters have been charged under the anti-terrorism law, access to independent websites that offer critical analysis and alternative perspectives is vital.
Ethiopia was the first sub-Saharan African country to begin blocking Internet sites. The first reports of blocked websites appeared in May 2006 when opposition blogs were unavailable, and blocking has become more regular and pervasive ever since. Human Rights Watch and the University of Toronto’s Citizen Lab conducted testing in-country in July and August of 2013 to assess the availability of 171 different URLs that had a higher likelihood of being blocked, based on past testing, on the Ethio Telecom network. A total of 19 tests were run over seven days to ensure reliability of results. Human Rights Watch
Figure 2. Awramba Times website error message when accessed in Ethiopia. Woubshet Taye, the former deputy editor of the Awramba Times is currently imprisoned in Ethiopia, convicted in January 2012 under the flawed anti-terrorism law.
conducted additional, ad hoc testing of select URLs in October 2013. The Open Network Initiative (ONI) previously conducted similar testing in 2007, 2009, and 2012.
The vast majority of blocked sites are those that focus exclusively on Ethiopian content and are run by Ethiopian organizations or individuals (either in Ethiopia or in the diaspora). Human Rights Watch and Citizen Lab testing in Ethiopia shows that as of mid-2013, virtually all of the opposition websites, diaspora media (Ethiomedia, Goolgule, Ethiopian Review, Nazret), and blogs that offer critical analysis of Ethiopian political affairs were blocked. Opposition websites that were blocked included those of banned organizations (such as Ginbot 7). The websites of journalists convicted under the anti-terrorism law have been blocked including Ethiomedia (managed by Elias Kifle) and ESAT. Other Ethiopia-based media sites were blocked. Many blogs were also blocked—in 2012 Ethiopia reportedly blocked Google’s Blogpost service, along with all blogs it hosted (Blogpost was a popular blog-hosting service in Ethiopia). See Appendix 1 for a list of tested websites that were found to be blocked in the August 2013 testing.
Of equal interest to what is blocked is what is not blocked. None of the websites of foreign NGOs working on Ethiopian issues are blocked in Ethiopia. Very few media outlets run by international organizations that cover Ethiopian affairs are blocked—notable exceptions are the news organizations Al Jazeera and Al Arabiya. The Voice of America’s website is freely available but their radio signals are routinely jammed. Gmail, Facebook, and Twitter are available although some individual Facebook groups are blocked (such as Addis Neger), particularly when accessed through unencrypted (http ://) channels. Document sharing sites such as Google Docs or Dropbox are freely available. YouTube is also freely available although some specific videos are blocked.
Despite legislative prohibitions on use of Internet voice (VoIP) services, Skype’s website is freely available. The Telecom Fraud Proclamation criminalizes the commercial provision and use of VoIP services. The government has stated that private Skype use is still permitted. In countries where nationwide filtering is in place, governments often seek to block adult sites, gambling sites, online dating sites, and sites promoting hate. ONI testing from 2012 reveals that none of the sites tested for in these categories as part of its methodology were blocked in Ethiopia. Human Rights Watch did not test sites in these categories during the 2013 testing.
Figure 3. Google Analytics data showing drop of Al Jazeera English traffic in Ethiopia after material was published that was critical of government’s handling of the Muslim protests.
In May 2012, Al Jazeera’s website and YouTube channel were briefly blocked following a documentary that was critical of Ethiopia’s handling of the Muslim protests. On August 2, 2012, Al Jazeera’s website was once again blocked the day an Al Jazeera program appeared online that was critical of Ethiopia’s handling of Muslim issues. Three days prior to the blocking, another article appeared on Al Jazeera about clashes in southern Ethiopia. Data presented by Al Jazeera from Google Analytics show that traffic from Ethiopia to Al Jazeera’s English language website from dropped from 50,000 users in July 2012 to just 114 in September 2012. A similar drop occurred on its Arabic website. Users in Ethiopia reported that the term “aljazeera” was not searchable on Google and only became available again in mid-March 2013. Other individual programs have been blocked on YouTube in Ethiopia, and the July 12, 2013 program on the Muslim protests was blocked on YouTube in Ethiopia as of October 2013.
Figure 4. On the right is the error message users receive in Ethiopia in October 2013 when they try to access Al Jazeera Arabic’s program that covered the Muslim protests in July 2013. On the left is the same Al Jazeera program accessed from outside of Ethiopia at: http://www.youtube.com/watch?v=oWdxSYpr_AQ.
The increased popularity of social media and the availability of video on mobile phones in Ethiopia resulted in several videos from the Muslim protests that show police using excessive force against protesters. These videos were immediately uploaded on YouTube and were almost immediately blocked in Ethiopia and remain so.
While some websites like Al Jazeera are blocked for a limited period of time in response to specific events, most websites that are blocked seem to remain blocked.
Other key incidents show the sensitivity of the government to information that could prove embarrassing to the ruling party. On May 18, 2012, Abebe Gellaw garnered international attention when he orally criticized then-Prime Minister Meles Zenawi at the G8 summit in Washington DC. Any information on this incident, including the YouTube video of the incident, was immediately blocked in Ethiopia. Many people inside Ethiopia did not know about the incident until much later. As of September 2013, one of the YouTube videos of this incident had amassed almost 700,000 hits, while in Ethiopia it was virtually unheard of. The video is still blocked in Ethiopia as of October 2013. Numerous individuals told Human Rights Watch that the YouTube video of this event, blocked in Ethiopia, eventually ended up for sale on DVDs on street corners throughout Addis Ababa. This incident illustrates the control that Ethiopian authorities are able to exert over access to information through its control of the telecom system and its decimation of independent media. No Ethiopian media outlet dared report this incident, websites featuring the video were immediately blocked, and foreign TV and radio stations that would have covered the incident were jammed.
Users living in other countries, such as China and Iran, that implement nationwide filtering employ various tools to circumvent web filters and access blocked information. In Ethiopia, very few users circumvent web filters due to a lack of awareness of tools and methods, slow connection speeds, and the blocking of circumvention websites. Human Rights Watch and Citizen Lab testing revealed that the websites of circumvention tools Tor, Ultrasurf, and others were all blocked. ONI testing in 2012 also found these websites were blocked.
Various users in Ethiopia report that certain keywords—such as OLF and ONLF—do not appear on unencrypted versions of Google (http://) and other popular search engines. Switching to encrypted versions (https://) gets around this simple blocking of keywords. As of October 2013, major search engines were accessible in Ethiopia.
Based on available testing information, Internet filtering appears to take place through several methods. In some cases, websites are blocked by domain name (example.com) or URL (http://example.com/specificpage). If a site is blocked by domain name, then all other sub-domains will also be blocked. For example, if blogspot.com (domain) is blocked (as it has been in previous testing in Ethiopia), then all blogs hosted on the service (exampleblog.blogspot.com) will also be blocked, leading to considerable blocking of innocuous content. Since Ethio Telecom is the sole Internet access provider and controls all Internet gateways that connect the country to the global Internet, domain name and URL blocking would be fairly straightforward to implement nationwide.
In addition, certain keywords present in a URL or search term, when detected, will trigger blocking in the form of a timeout or other browser error message if using a website that is not using or does not support encryption (http://). Globally, this method is relatively unique and is similar to the kind of keyword filtering long documented in China. Such keyword filtering can be implemented through use of deep packet inspection (DPI), which is now confirmed to be in use in Ethiopia. Deep packet inspection enables the examination of the content of communications (an email or a website) as it is transmitted over an Internet network. While some Internet access providers use limited DPI for commercial purposes, this technology can also be used to monitor Internet traffic on a nationwide scale and block specified content as data passes through the network. In May 2012, the Tor Project reported that DPI was being deployed in a way that could identify and block use of Tor in Ethiopia. This would indicate a new level of sophistication and scale in use of DPI. Tor’s finding followed a June 2011 tender issued by Ethio Telecom to acquire DPI. In June 2012, then-Ethio Telecom CEO Jean-Michel Latute confirmed the use of DPI in Ethiopia. However, Orange has told Human Rights Watch that it has not been involved in the selection and implementation of security equipment (like DPI) for the Internet in Ethiopia.
Consistent with prior results in 2012, Human Rights Watch and Citizen Lab testing found that content is blocked through a particularly opaque method that makes it difficult for Ethiopian users to know whether lack of access is due to censorship or technical error. When trying to reach a blocked site or if blocked keywords are detected, a user’s browser will display an error message, for example, indicating that the connection has timed out. In other countries that filter the Internet, users will often see a page that explains that access to a site has been blocked pursuant to a particular law.
Internet Filtering Roles and Responsibilities
It is not clear who in the Ethiopian government provides direction on which websites to block. Based on interviews with numerous individuals from INSA and Ethio Telecom, it is likely that a variety of individuals and agencies have been involved in these decisions since filtering began in Ethiopia. However, all former intelligence and Ethio Telecom officials interviewed by Human Rights Watch suggested that the Ministry of Communications and Information Technology plays a key role. They believed that the blocking occurs with the use of Chinese technology and is done from within the Ethio Telecom offices.
Internet filtering practices in Ethiopia do not appear to be regulated by law, nor subject to any kind of safeguard against improper or disproportionate censorship. As more and more Ethiopian citizens have the means to access the Internet, overbroad restrictions will limit its use as a valuable source of independent information and as a platform for communicating ideas and economic activity.
Email Monitoring and Forced Password Disclosure
In the vast majority of cases known to Human Rights Watch in which information derived from private emails has been used during interrogations or submitted as evidence in trials, the targeted individual was pressured to give up their email address and password. In some cases, interrogators knew the detainee’s email address and used various forms of pressure to coerce them into giving up their password. Human Rights Watch found very few credible cases in which emails were used during interrogations or trials where the detainee did not provide their email password during interrogations. A former regional police commander in Oromia told Human Rights Watch:
Passwords? We get passwords by force, no other methods. I don’t know what happens at higher levels. There is no other way for us to get access to emails or Facebook. We always get passwords by force for those that are involved in politics, but we never even bother to do this for criminals.
At the level of intelligence services, former Ethio Telecom and INSA officials described the use of various tools that would recover deleted email messages and instant messages (IMs) from Gmail, Yahoo Mail, and Hotmail accounts. Keywords could be searched for inside people’s email accounts and Skype calls could be recorded and instant messaging monitored.
Prior to 2012, access to email accounts required knowledge of the individual’s email address and password, with the exception of passwords that were entered by users on the Woredanet, Schoolnet, and Agrinet systems. Webmail and other passwords that were entered in these systems were available to INSA staff, easily facilitating access to email accounts of woreda employees, teachers, and other users of these donor-funded programs.
According to World Bank publications, the Bank was a funder of WoredaNet together with the African Development Bank through the Ministry of Capacity Building, and SchoolNet together with the UNDP. International donors, including the World Bank, have an important role to play in enhancing people’s Internet and telephone access. However, when financing such projects in Ethiopia, donors need to ensure they are undertaking proper due diligence to ensure that they are not directly or indirectly financing censorship, Internet filtering, illegal surveillance, or network shutdowns. The World Bank and other donors should also assess the risks to privacy, freedom of expression, association, and movement, and access to information of its projects with ICT components prior to project approval and throughout the life of the project. They should identify measures to avoid or mitigate these risks and comprehensively supervise the projects, including through third parties.
The extent and capabilities to intercept Internet traffic and monitor online communications are unknown and difficult to determine. Despite the use of unsophisticated techniques such as forced password disclosure, and email monitoring not yet being a commonly used intelligence gathering technique in Ethiopia, there is increasing evidence that the Ethiopian government has recently acquired advanced technologies to monitor the email and online behavior of targeted individuals since 2012.
One former official described printout of intercepted materials in INSA’s office bearing the logo of ZTE’s ZXMT centralized monitoring system. According to several sources, ZTE employees located in the Ethio Telecom building provide technical support to both ZSmart and to this surveillance technology.
ZTE highlights its ability to centralize the monitoring of communications across different kinds of networks and products, including wired phone lines, mobile, and the Internet. ZXMT also utilizes deep packet inspection to scan all Internet traffic flowing across a network. Researchers analyzing the deployment of ZXMT in Libya found that the system appears capable of intercepting web-based email, email accessed via client software (like Outlook), web browsing, and chat. The systems and capabilities of technologies described by former officials mirror the surveillance capabilities of ZTE’s ZXMT interception system.
Evidence exists that this cutting-edge surveillance system was used in both Libya and Iran. In a 91-page promotional document called "Talking to the future" presented to the Iran Telecommunications Research Center, ZTE describes the system as their “turn-key, carrier-class lawful interception solution,” a “vendor-independent” monitoring system with “powerful interoperability.” ZTE noted that its ZXMT system was applicable to military and national security agencies. ZTE described the advantages of its ZXMT’s lawful interception system: it can be integrated with common telecom services, has high security and good secrecy, and has powerful multiservice monitoring ability. It also suggested the system is “invisible to the targets.”
Human Rights Watch wrote to ZTE to verify the sale of ZXMT to Ethio Telecom or Ethiopian authorities, and to inquire about ZTE’s role in implementing or providing training and support for lawful intercept, network filtering and management, or DPI systems in Ethiopia. We also asked about ZTE’s approach to human rights due diligence and any human rights policies it has in place to prevent abuse of its technologies. ZTE did not respond to our letter or follow-up email, other than to acknowledge receipt.
Human Rights Watch has been unable to verify whether ZXMT systems are sold by ZTE directly or via one of its subsidiaries. In September 2012, ZTE sold its subsidiary ZTE Special Equipment Company (ZTEsec), which marketed Internet network interception and monitoring technology (including DPI solutions). ZTEsec now operates as Sinovatio. Human Rights Watch also wrote to Sinovatio to inquire about any role it played in selling, implementing, or providing training and support for surveillance technologies in Ethiopia. Sinovatio acknowledged receipt of our letter, but did not respond substantively to our letter or follow-up email.
Eric King of Privacy International, one of the world’s leading researchers on surveillance technology, told Human Rights Watch that, “one of the things that sets ZTE apart is that when it enters a telecom market it often packages all of its products together as part of its contract, so you get the ‘lawful’ interception products unless you specifically request to opt out of it. Not too many governments that ZTE does business with are likely to do this.” Though not conclusive, the evidence suggests that Ethiopia has acquired and is using the ZXMT interception system.
Ethiopia’s country code top-level domain suffix is “.et” and Ethio Telecom’s exclusive control over the .et email and .et top-level domain provides the government with virtually unlimited access to all .et emails. All .et email passwords are included in ZSmart’s customer information profiles enabling easy access for Ethio Telecom employees. Use of .et email addresses is not widely used in Ethiopia because of service interruptions and the perception of pervasive surveillance, with even senior government officials preferring to use more popular web-based email services.
Human Rights Watch received several accounts of individuals who were arrested for involvement in politics and shown their emails and Facebook posts during interrogations. However, in each of these cases they were either pressured into revealing their email addresses or passwords, or practiced very poor digital security (for example, not logging off of email at Internet cafes, not adjusting privacy settings on Facebook, etc.). In none of these cases was there clear evidence of any use of the more sophisticated surveillance technologies described.
One man from Wollega, now resident in Kenya, described how his friends were arrested because of a group Facebook chat among himself and three friends. It is not known how his Facebook information was accessed. He said:
They arrested all four of the people in the chat except me as I was already here [Kenya]. They were part of the local Oromo Youth Association. They were pressured into giving their passwords after their arrest…. They were all jailed together, and then one by one were taken out of cell and beaten or threatened into giving up their passwords and then were sat in front of the computer while the security people went through their emails—“Who is this person? What do they do?”… If they are Oromo names and they live outside of the country and they do not know who they are then they consider them to be OLF. If they are Amharic names from the outside, then they are considered to be Ginbot 7. They were forced to sign a form that they would not chat with individuals outside of the country and would not engage in any community mobilization or politics. They also have to report to police every Friday. All of our chats involved using code words so it is not always obvious what is being spoken about…. This happens everywhere and all the time now. It is nothing new. We have these new technologies but now we are fearing to use email and Facebook.
An Oromo woman who was detained twice in military barracks in Eastern Oromia for speaking out publicly against the government described her final interrogation based on the content of her phone calls, email, and Facebook posts. She accessed her email through a computer connected to Woredanet:
They [security] detained me: They took my phone when arrested and went through the contacts: “All of these numbers are from Arab countries; you are communicating with them about religious issues and are causing problems.” They told me it was forbidden to post anything about religion on Facebook or to have a religious ringtone on the phone that I had. “You are behind the Arab uprising, you were calling them, you are posting religious messages on Facebook.” They asked me in detail what I was speaking about during my phone calls. “We have your voice recorded. You are lying.” They didn’t present these recordings but showed me printed emails [written in Afan Oromo] that I had sent. They selected some emails and asked me about them. They were about religious issues, human rights issues, etc. Also some of my Facebook posts discussed these issues. They played one recording of a phone call I had with family members in Saudi Arabia.
Despite the availability of technologies to access individual email accounts, very little evidence exists yet of this potential being utilized in Ethiopia beyond a few cases.
Restricting Access to the Internet
Access to the Internet is easily controlled if a government controls all the Internet service providers in a country—as is the case in Ethiopia. Many Ethiopians, particularly outside of Addis Ababa, access Facebook and email on their mobile phones given the lack of Internet cafes in rural areas, lack of privately-owned computers, and the availability and cost of private Internet connections. Preventing access to mobile phones through blocking of SIM cards and refusal of SIM card sales to blacklisted individuals results in an inability to access the Internet.
One of the documented techniques that Ethiopian security officials have used in the past to control dissenting individuals is to restrict movement of individuals upon their release from detention, often requiring them to sign letters that state they will not move outside of a certain location and often requiring daily or weekly check-ins at the local police station to ensure that movements are restricted. One individual described being arrested several times and accused of writing emails to “mobilize students for the OLF.” He was never charged. Upon his last release he was forced to sign a letter that stated because he had used email to mobilize for the OLF, he would not go to Dire Dawa—the nearest town with an Internet café—to access the Internet. He was required to check in with the authorities weekly.
Many individuals reported that once there was any sign that they or their accounts were under surveillance they stopped using their email accounts altogether.
Internet Cafes: Rules for Cafe Operators
Many urban Ethiopians access Internet and email through the increasingly ubiquitous Internet café. Policies and procedures governing Internet cafes are not transparent and different café operators are under varying levels of pressure from security officials. One café operator told Human Rights Watch he was told by a security official that all computer screens must be physically positioned so as to be visible to the café operator and that he must report any “unusual behavior” to security officials. Another described being threatened with having her equipment confiscated because users were accessing content that was critical of the government. She said she was threatened by security officials with five years’ imprisonment if it happened again. It is not known whether users were accessing unblocked websites or whether the café owner was helping them use a circumvention tool to get around web filtering.
There have been various efforts in the past to regulate Internet café use and different reports have suggested that as of 2006 users must provide name and identification. While presently some cafes require users to log their name and identification details, in practice this is not done with any consistency.
One cafe operator reported being fearful whenever anyone would try to use Tor or any other circumvention tool because of fear of reprisals from government. A frequent café user told Human Rights Watch it is not common for café operators to assist users to use Tor or other circumvention tools. Café employees report frequent visits from security officials sometimes asking questions about specific users and what they accessed, while at other times asking general questions about suspicious behavior. Some users told Human Rights Watch that some café employees express frustration when users delete their browsing history, afraid of not being able to answer questions about user behavior during the regular visits of security officials. A café operator in Addis Ababa said he believed that most of the surveillance done in cafes was carried out by plainclothes security officials or café workers physically watching users’ computer screens to see what people were doing online.
Pressure to Censor: Threats to Bloggers and Facebook Users
Human Rights Watch did not find any cases in which individuals were targeted because of what they accessed online, but there are numerous instances where individuals were targeted for what they posted online through blogs or Facebook.
While blogging is very much in its infancy in Ethiopia, the blogging community is increasing in size and critical writings appear with more frequency. With the growth in blogging over time in Ethiopia, many bloggers have been under pressure from the government to censor their writings. Since 2009, many blogs in Ethiopia (see Appendix 1) have been blocked and many bloggers stopped writing after their blogs were blocked.
Many others have experienced pressure to censor their postings on Facebook and other public forums. Sometimes this takes the form of threatening messages on Facebook from unknown people who do not identify themselves, while other times security personnel visit or phone the individual and threaten or pressure them to stop posting certain photos or articles, particularly on Facebook. This suggests ongoing monitoring of Facebook users. Such monitoring could occur through a number of methods, from simply observing public Facebook activity to creating fake accounts to befriend targets, compromising account passwords, or intercepting unencrypted Facebook traffic.
Adjusting privacy settings on Facebook would provide some level of protection from harassment, but awareness in Ethiopia about these settings is quite low. Facebook is also one of the few mediums where Ethiopians express themselves quite openly. Anecdotally, it does not appear to be used to organize meetings and gatherings the way it has been used in other countries. One user said: “I think there is a perception [in Ethiopia] that Facebook in anonymous. Because Facebook use is relatively new in Ethiopia, government officials have not seen the role it can play in spreading ideas that otherwise cannot be spread. They are more concerned with the formation of social movements that Facebook was used for in Egypt and elsewhere. In Ethiopia Facebook is not used for that.”
Nonetheless, more and more people are having problems because of what they publicly post on Facebook. One person described being harassed because of having posted an OLF flag on their Facebook account:
My problems started in August 2012. Before 2012 I had been suspected of being OLF. When the prime minister [Meles Zenawi] died I was ordered to collect money in his memory though I complained about having to do it. Security services said they saw the OLF flag on my Facebook page. They chat with people on Facebook. If someone uses it in rural areas, security follows those Facebook users. “We see what you are posting [on Facebook].”
Other individuals told Human Rights Watch being forced to change their Facebook postings because they posted materials about banned organizations, religious issues, were critical of the late Prime Minister Meles Zenawi, or posted material from blocked websites.
Another individual described the pressure he was under to censor his blogs that satirized politics and current events. Three plainclothes security officers came to his compound in Oromia in early 2012 and threatened him for what he wrote on Facebook. His blog has also been blocked on at least six different occasions. He stopped blogging altogether for several months. He has resumed blogging but is now “very careful about what I say.”
As Facebook and blogging becomes more popular in Ethiopia, Facebook users and bloggers are coming under increased pressure. Human Rights Watch is not aware of users of other online services being under pressure to censor their content.
Major Internet Companies in Ethiopia: Transparency Reports
Given concerns over privacy of user data, since 2012 a number of Internet companies have made aggregated data available on national government’s requests for user data and the results of those requests. According to the reports of Google, Facebook, Microsoft, and Twitter, Ethiopia has not made any requests for user data or has made so few requests that they are not listed in the report. By way of comparison, in the first half of 2013, Egypt had made 8 requests, and the UK made 2,337 requests for user data to Facebook, though each country has far more Internet users than Ethiopia. In general, sub-Saharan African countries are making very few user requests. Only three sub-Saharan African countries made requests for user data to Facebook during the first half of 2013. According to Google, Ethiopia has not made a single request for user data since July 1, 2009, though Google does not report this data if there were less than 30 requests in the reporting period.
New Technologies and Their Potential: Intrusive Malware
Many of the surveillance methods described in this report are mostly effective at targeting individuals physically located in Ethiopia. However, the government may have acquired powerful surveillance technologies that can be used to invade the privacy of individuals outside the country.
Gamma and FinFisher
In August 2012, two groups of security researchers discovered the presence of a FinSpy “command and control” server in Ethiopia. FinSpy is a surveillance system offered as part of a suite of governmental intrusion and remote monitoring solutions known as FinFisher. At the time, Gamma International, a UK-headquartered company, sold FinFisher, along with training and other services, exclusively to governments. Law enforcement and intelligence agencies are their primary customers. In October 2013, Gamma’s FinFisher business became an independent company (FinFisher GmbH) headquartered in Germany.
FinSpy is a type of remote monitoring tool (often referred to as spyware or malware) that can be surreptitiously installed on a target’s computer. A common method is to send an email that contains a malicious link or file disguised as a legitimate item of interest to the targeted individual. If the target clicks on the link or opens the file, FinSpy installs itself onto the computer.
According to promotional materials, once installed, FinSpy can capture Skype communications, email, and chat conversations, collect passwords, and log all keystrokes. The malware can also turn on the microphone or camera for live surveillance and extract or alter files stored on the hard drive. FinSpy sends any collected information back to the command and control server operated by the government agency that purchased the software. Finally, FinSpy is designed to be covert and undetectable by the user and commercial anti-virus software.
The presence of a command and control server in Ethiopia, by itself, does not mean that the government is deploying FinFisher. However, given the high costs of these tools and the fact that Gamma states it only sells to governments, it is unlikely that a nongovernmental party would have purchased and used the tool in Ethiopia. Also, given how slow and unpredictable networks in Ethiopia can be, it is also unlikely that a third-party government would have located a server on Ethio Telecom networks.
However, in early 2013, researchers at the Citizen Lab identified and analyzed a FinSpy sample that communicated with an active command and control server in Ethiopia. This sample was embedded in a photo that contained images of members of Ginbot 7, strongly suggesting that the government might be using FinSpy to target opposition group members overseas.
Researchers at Citizen Lab have not confirmed whether this particular image had been successfully used to install FinSpy onto a target’s computer. However, subsequent testing by Citizen Lab, Electronic Frontier Foundation, and Privacy International identified three computers owned by members of the Ethiopian diaspora that were infected with FinSpy, or were targets of infection attempts.
In the first case, the owner of the infected computer, Tadesse Kersmo, is an Ethiopian national and member of the executive committee of Ginbot 7 residing in the UK, along with his wife. His wife was elected to the Addis Ababa city council in 2005 for the Coalition for Unity and Democracy opposition party. He describes how they were then constantly harassed, threatened, and occasionally detained until they emigrated in 2009 and were granted asylum in the UK. He was also told by an employee of Ethio Telecom that his phone was being monitored. He told Human Rights Watch of his fears upon learning that one of his laptops was infected with intrusive surveillance software:
I use the computer and Internet a great deal both socially, academically, and for political activities. I have very real concerns about the Ethiopian regime having unfettered access to my computer, reading my emails and monitoring my calls. This is not only a gross invasion of my privacy, but I am also concerned that it could put myself, my wife, and other members of the political opposition in danger from the Ethiopian authorities.… I found it very disturbing that I was spied on through this medium…. I remain concerned even while I am away from Ethiopia that further attempts will be made to infect my computer.
One of the group conversations that he had on Skype with Ginbot 7 leaders during the time of his infection was published on June 20, 2013. In February 2014, Privacy International brought a case on behalf of Tadesse in the UK, asking the UK National Crime Unit to investigate potentially unlawful interceptions of his communications, as well as the responsibility of Gamma in assisting any possible offenses.
A second case involved the attempted infection in June 2012 of Yohannes Alemu, a member of Ginbot 7, currently based in Norway. In June 2012, his wife was harassed and interrogated by security officials about his political activities during a visit to Ethiopia. During her 20 days in Ethiopia, security officials were in contact with Yohannes by telephone and email and demanded that he provide contact information (names, email addresses, Skype addresses, etc.) for key Ginbot 7 members and other information about the operations of Ginbot 7. These instructions were contained in an email dated June 29, 2012. He did not respond, and received a follow up email the next day from the same pseudonymous Gmail address threatening his family. Several days later, his wife was released and returned to Norway. On August 2, 2012 he received his final email from this email address, with an attachment he was asked to read. He forwarded these emails to individuals inside Norway and to several other individuals in the Ethiopian diaspora. Subsequent analysis by Citizen Lab found that the attachment to this email was infected with FinFisher.
In a third case, the owner of the infected computer is a US citizen who has provided technical support to Ethiopian diaspora groups, including Ginbot 7, for the past few years under the pseudonym, “Kidane.” Kidane’s computer was infected in October 2012, when he was forwarded the August 2, 2012 email from Yohannes (containing an infected attachment) for investigation. Upon opening the attachment to investigate, Kidane’s computer was infected. While Kidane was not the original target of the email, the infection remained live for four-and-a-half months. During this time, FinSpy recorded Kidane’s Skype calls, emails, and web searches. Kidane resides in the US and is now bringing legal action against the Ethiopian government for violations of US wiretap and privacy laws.
Human Rights Watch wrote to Gamma and recently-formed FinFisher to confirm the sale of FinSpy to Ethiopian authorities and inquire about their policies to address human rights harm, but received no response. It is unclear whether Gamma or FinFisher have human rights policies in place to respect rights.
In response to Citizen Lab research and inquiry about the government’s use of FinSpy, an Ethiopian government spokesperson said in a statement to media, “I cannot tell you what type of instruments we’re going to use or not. I’ve no idea, and even if I did, I wouldn’t talk to you about it.” Human Rights Watch has written to the government to confirm and received no response.
Researchers at Citizen Lab have identified FinFisher command and control servers in over 30 countries and have analyzed malware samples that appear to target users in Vietnam and Malaysia. A group of NGOs have filed a complaint at the Organisation for Economic Co-operation and Development (OECD) alleging that FinFisher has been deployed to target activists in Bahrain. In response to initial reports of use of FinFisher in Bahrain in 2012, Gamma has denied that it sold FinFisher to the government, stating that the deployments may be using stolen demonstration versions of the software.
Hacking Team is an Italy-based company that develops and sells self-described “offensive” surveillance and hacking technology. With offices in Milan, Washington, DC, and Singapore, Hacking Team offers a product called Remote Control System, which marketing materials describe as “eavesdropping software” that “hides itself inside target devices” and “enables both active data monitoring and process control.” Hacking Team promotes the product as a “solution designed to evade encryption” that can be installed remotely, which allows the government to take control over the infected computer or mobile phone. The software can be used to monitor “from a few and up to hundreds of thousands of targets,” managed through a “single easy to use interface.”
Once installed on a target’s device, the software allows a government to: copy files; capture passwords typed into the device; record Skype calls; monitor chat, email, and web browsing; and activate the computer’s camera or microphone to spy on the user. Remote Control System is designed to be invisible to the user and undetectable by commercial anti-virus software.
On December 20, 2013, a third party made three separate attempts to target two Ethiopian Satellite Television Service (ESAT) employees residing outside of Ethiopia with spyware through Skype. ESAT is an independent, diaspora-run satellite television station. In each attempt, ESAT employees received a file through Skype from a known contact. The ESAT employees did not open the files, which were presented as and appeared to be a Word document or PDF file. However, if the employees had opened them, the files would have covertly downloaded or installed a program onto their computers. Testing by researchers at Citizen Lab found that the program appeared to be spyware that matched previously-established characteristics of Hacking Team’s Remote Control System. Citizen Lab researchers also determined that the program communicated with a remote server that also appears to be linked to Hacking Team.
According to ESAT employees, the Skype account used to send the files belongs to a known contact that had previously collaborated with ESAT, but who had “disappeared for a while.” It is unclear who was controlling the Skype account when the attempts occurred.
In two of the attempts, the third party who targeted the ESAT employees claimed the file was an article of interest to ESAT, though the file displayed no text when opened. The third party encouraged the targets to open the files, insisting that the files had “worked fine” for him or her. In the third attempt, the file contained a copy of an article from ECAD Forum, an Ethiopian media website.
Figure 5. Screenshots of a file sent via Skype to ESAT employees on December 20, 2013. The ESAT employees did not open the files, but if they had, spyware that matched previously-established characteristics of Hacking Team’s Remote Control System would have been downloaded onto their computers.
Hacking Team states that it sells exclusively to governments, particularly law enforcement or intelligence agencies, and not individuals or private businesses. According to a Hacking Team spokesperson Eric Rabe, its products cost “hundreds of thousands of [US] dollars” and are customized for each client, based on their needs and local law. The features that are enabled in a specific sale are based on a joint decision with the client, following a consultation.
According to its publicly available “Customer Policy,” Hacking Team applies “a number of precautions to limit potential for … abuse” of their products:
- “We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.”
- “We review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.”
- “We have established an outside panel of technical experts and legal advisors, unique in our industry, that reviews potential sales. This panel reports directly to the board of directors regarding proposed sales.”
- “In HT contracts, we require customers to abide by applicable law. We reserve the right in our contracts to suspend support for our software if we find terms of our contracts are violated. If we suspend support for HT technology, the product soon becomes useless.”
In public statements, the company has explained that one technique it employs to prevent abuse of its service is an “audit trail,” which allows supervising government officials to monitor how employees are using the software and identify “abuse” of the technology by a “rogue employee.”
Hacking Team’s Customer Policy also states that the firm conducts ongoing employee training on its policies and procedures. During sales negotiations, the company reviews the following “red flags,” among other factors in its policies, in deciding whether to conclude a sale:
- “Statements made by the potential customer either to HT or elsewhere that reflect the potential for abuse.”
- “The potential customer's laws, regulations and practices regarding surveillance including due process requirements.”
- “Credible government or non-government reports reflecting that a potential customer could use surveillance technologies to facilitate human rights abuses.”
Hacking Team also provides a public email address and “encourages anyone with information about apparent misuse or abuse of [their] systems and solutions to promptly report that information.”
Hacking Team has been previously criticized for alleged use of its software to target Mamfakinch, a Moroccan citizen journalist group; Ahmed Mansoor, a human rights activist from the United Arab Emirates (UAE); and a US activist who has been critical of the Gülen movement in Turkey, which has been previously documented by Citizen Lab. In response, a spokesperson for the company stated to news media that the company investigated the incidents involving the Moroccan and UAE activists, which included conversations with various unnamed clients. However, the company did not comment in response to media requests about the outcomes of the investigations, nor the actions the company may have taken.
Human Rights Watch wrote to Hacking Team to verify whether this policy was applied to potential sales in Ethiopia, whether the company discovered any “red flags” during its review process, and to request further detail on the firm’s contractual end use and lawfulness requirements. Hacking Team responded that the firm does not “confirm or deny the existence of any individual customer or their country location” to maintain the confidentiality of law enforcement investigations. Hacking Team also stated that, “we expect our clients to behave responsibly and within the law as it applies to them” and that the firm has previously suspended support for their product where it believes it is being misused.
Though Hacking Team’s policy states it does not sell to “blacklisted” countries, human rights abuses related to surveillance and the right to privacy can occur in any country, even those who are not on current sanctions or other restrictive measures lists. Ethiopia is not currently on any sanctions lists among the entities listed in Hacking Team’s Customer Policy. In addition, though the company’s “audit trail” function may address abuse by rogue employees, this feature does not address abuse by supervising authorities, who may be using the tool to illegally surveil targets and violate rights. Finally, national laws that enable surveillance may be inconsistent with a government’s international human rights obligations, raising questions as to what law the firm requires customers to abide by in sales contracts.
It is not clear which Ethiopian agencies would control the use of these tools to infiltrate personal computers. Under the anti-terrorism law, the NISS can install equipment to enable surveillance with a court warrant. However, authorities face very few barriers in law and practice in use of surveillance powers, given the lack of privacy safeguards and independent oversight to prevent abuse. Unlike traditional forms of surveillance, the remote nature of these tactics also allows the government to extend these harms far beyond its borders. Given the high cost of this technology, it may only be intended for very precise targets, rather than broad surveillance.
Trade and export of these tools remains virtually unregulated globally, though they have drawn increased scrutiny and calls for greater control by governments. The UK government has confirmed that trade in malware systems like FinSpy requires a license under UK regulations. In September 2012, German Foreign Minister Guido Westerwelle called for an EU-wide ban on the export of surveillance software to authoritarian governments, while the European Parliament, led by Marietje Schaake, a Dutch Member of the European Parliament, has endorsed stricter European controls of surveillance systems.
In December 2013, states participating in the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies (Wassenaar Arrangement) added “surveillance and law enforcement/intelligence gathering tools” (also referred to as “intrusion software”) to its dual-use technologies control list. The Wassenaar Arrangement is a multilateral export control regime for conventional arms and a range of dual-use goods and technologies. Participating states agree to employ export controls consistent with control lists maintained by the organization, though exact implementation at the national level is decided by each state. Although exact implementation of newly controlled items is still to be determined, the addition of “intrusion software” to the Wassenaar list demonstrates growing consensus among participating states that these tools, “under certain circumstances, may be detrimental to international and regional security and stability.” This action may initiate further reforms at the national level to begin controlling the sale of powerful new kinds of surveillance technology.
Other Surveillance Technologies
Ethiopia has also taken steps to acquire additional forms of surveillance technology, including unmanned aerial vehicles (UAVs or drones), which, without appropriate safeguards could be used in violation of basic rights. Surveillance drones were acquired from Israeli company Bluebird Systems in 2011, and Tesfaye Daba, chairperson for the Foreign, Defense and Security Affairs Standing Committee at the Ethiopian Parliament, reported in early 2013 that Ethiopia was now manufacturing its own drones. While former Ethiopian intelligence officers told Human Rights Watch these drones are being used to monitor border areas and are not intended to monitor domestic activities, given the abuse of the surveillance system seen through Ethiopia’s telecom sector, there is cause for concern about the use of these technologies.
Jamming of Radio and Television Signals
The Ethiopian government restricts access to information by deliberately jamming radio and television broadcasts of independent and foreign stations. Radio is a key medium for the transmission of independent, reliable, and critical analysis given that the majority of Ethiopians live in rural areas with minimal access to print, television, or Internet media.
Radio jamming has been documented since 2004 when the Eritrean state-run radio Voice of the Broad Masses of Eritrea (VOBME) was frequently jammed. There were also anecdotal reports of the Voice of America (VOA) being jammed at that time. Techniques were primitive but effective, like transmitting white noise from locations in Northern Tigray. This is still the dominant technique used to jam in Ethiopia. In 2007, the TPLF-run Voice of the Tigray Revolution was being transmitted from Mekele in northern Ethiopia on the same frequencies as VOBME but at a much higher output, drowning out the VOBME broadcast.
In 2009 the government increased its jamming of radio stations that offer independent reporting. Amharic radio broadcasts from VOA and Deutsche Welle (DW) were frequently jammed. DW was jammed regularly after its Amharic language programs criticized the government crackdowns in the aftermath of the 2005 elections. The jamming of DW increased in 2007 and 2008, only reducing slightly after the intervention of senior German government diplomats in 2008. VOA broadcasts in Tigrinya are typically not jammed, but their Afan Oromo broadcasts sometimes are. Local and diaspora radio stations also report being frequently jammed including stations operated by the Ethiopian People’s Revolutionary Party (EPRP), Ginbot 7, the OLF, and the ONLF.
Jamming has traditionally increased at politically sensitive times. For instance, during the 2010 parliamentary elections, VOA and DW programs were sometimes unavailable for several days. Programs that are advertised ahead of time covering sensitive political topics (the OLF or ONLF for example) were often being jammed. Jamming typically ceased immediately once less sensitive programs begin broadcasting. A US Embassy cable leaked by WikiLeaks noted that the incidence of VOA jamming increases “in line with GoE (Government of Ethiopia) protests about VOA content.”
In August 2012, frequency monitoring revealed that DW programming was blocked on at least one of their three frequencies in Ethiopia 60 percent of the time (18 days out of 30). DW was jammed on all three frequencies 30 percent of the time (on 9 of the 30 days). By contrast, in January 2013 there was no jamming of DW radio transmissions, only for jamming to start again in mid-February 2013. DW reports that satellite radio and web-based broadcasts have not been interfered with, and that since March 2013 to date, jamming of their radio transmissions had stopped entirely. VOA also reports a similar lack of jamming in that time. In 2012, DW was accused by diaspora groups of practicing self-censorship and limiting the extent they were willing to criticize government in order to be able to continue working in Ethiopia. DW denied this accusation in an open letter to Ethiomedia. Regardless of the validity of this allegation, ongoing threats to the media leave media with a stark choice: practice restraint and self-censorship in order to operate securely in the country or stop operating. This choice has the most immediate effect on Ethiopian journalists and those working for international media as stringers, but the ability to jam foreign radio broadcasts and block foreign media websites means that foreign media also have to weigh practicing self-censorship against losing access to Ethiopian audiences entirely.
DW has engaged regularly with the government of Ethiopia in an attempt to resolve the jamming situation. Ludger Schadomsky, editor-in-chief of DW Amharic service, told Human Rights Watch:
In our meetings with the government of Ethiopia we were told by the government representatives “that we jam DW on the grounds of national security. DW is a threat to our national security.” Subsequently, they would pull out a huge file with all our show transcripts with lots of red pen—“this was biased, you didn’t ask government for an opinion here” and so on and so forth. It is very frustrating, we often set up appointments with different ministers and spokespeople, then when the time comes for the interview their phone is off…. We have brought this up at the highest levels with the German government and the German ambassador. The German ambassador has had discussions with Bereket and nothing has changed.
In contrast to its handling of DW, the Ethiopian government has chosen not to engage in any substantive conversation with VOA officials about these issues. Meles Zenawi famously stated in 2010 in response to a question from a VOA reporter about jamming that, “we have for some time now been trying to beef up our capacity to deal with this, including ... jamming.” He also compared the VOA broadcasts to the Rwandan radio station Mille Collines, which was implicated in inciting genocide in 1994, calling VOA broadcasts “destabilizing propaganda.” The US government publicly criticized the jamming of VOA in March 2010 stating that the “decision to jam VOA broadcasts contradicts the Government of Ethiopia’s frequent public commitments to freedom of the press.”
Broadcasters have used different techniques to get around jamming including changing frequencies, moving to satellite radio, transmitting on different bands (FW vs. medium wave vs. shortwave), and increasing their web presence. All of these options are expensive and out of reach to all but the largest international media outlets.
While the jamming of radio stations is relatively inexpensive and technically simple, the jamming of television stations is much more expensive and energy-intensive. There are no independent television stations based in Ethiopia. However since 2010, Ethiopian Satellite Television (ESAT), a popular diaspora-run satellite television station, reports being frequently jammed. Ethiopian government often accuses ESAT of being a mouthpiece for Ginbot 7. The government of Ethiopia convicted three ESAT employees under the anti-terrorism law in July 2012. They were tried in absentia and sentenced to 15 years each. All three live in the US. The Ethiopian government also regularly jams EritTV, the Eritrean state-run television station.
Ethiopia has reportedly used both orbital jamming and terrestrial jamming to jam satellite television transmissions. One individual who was working with Egyptian-owned Nilesat on an unrelated technical issue told Human Rights Watch that individuals from INSA came and visited him in late 2010 to find the upload frequencies for Nilesat because they wanted to “jam one foreign station.” When the government chooses to jam a station on a satellite provider such as Nilesat, this has the unintended outcome of jamming many of the other stations that also use that satellite. For example, in early 2012, reports suggested that jamming originating from Ethiopia was responsible for blocked stations on Saudi-based Arabsat as far away as Lebanon. This prompted a complaint from Lebanese authorities.
These practices put these satellite providers in a difficult predicament: if they agree to host a channel that could be jammed, this endangers all its other programming. In response to this, a variety of satellite providers have required increased security deposits or other guarantees should they host ESAT. Several satellite providers have told ESAT that the Ethiopian government has contacted them to pressure them not to host ESAT. Use of jamming and exerting of pressure from government of Ethiopia has resulted in ESAT being jammed or removed from Arabsat, Nilesat, Thaicon, and Intelset. ESAT reports being jammed at least 10 different times in Ethiopia since its April 2010 launch, but its television service has not been jammed regularly in Ethiopia since October 2012.
ESAT’s shortwave radio broadcasts are also routinely jammed. Human Rights Watch and Citizen Lab testing found that ESAT’s website was blocked and unavailable in Ethiopia as of August 2013. As the Ethiopian economy grows and the middle class increases in size, more and more Ethiopians are turning to ESAT and other foreign television stations for access to independent information on Ethiopian affairs.
It is not clear which technologies are used to jam radio and television, but standard jamming technologies are generally affordable and easy to obtain. Jamming techniques employed in Ethiopia are rudimentary but quite energy intensive. Numerous former government officials told Human Rights Watch that new jamming technologies are being tested that would result in complete jamming of targeted programs, use less energy, and be more precise. These claims could not be verified. Former Ethio Telecom officials told Human Rights Watch that the transmission of jamming signals occurs from Ethio Telecom operated facilities from both inside and outside of Addis.
Beyond its effects on the free expression rights of Ethiopians, the deliberate jamming of commercial radio and television broadcasts contravenes ITU regulations.
 Human Rights Watch interview with former government employee #100, (location withheld), October 2013.
 Human Rights Watch interview with former government employee #49, (location withheld), May 2013.
 Hanna Ingber Win, “Brian Adkins, US Diplomat, Killed in Ethiopia,” Huffington Post, March 8, 2009, http://www.huffingtonpost.com/2009/02/05/brian-adkins-us-diplomat_n_164270.html (accessed April 3, 2013).
 Desalegn Sisay, “Ethiopian Man, jailed over US diplomat’s murder, claims ‘rape,’” Afrik News, July 15, 2009, http://en.afrik.com/article15924.html (accessed March 14, 2014).
 Human Rights Watch interview with former government employee #11, (location withheld), February 2013.
 Phone metadata can be defined loosely as information about a phone call like call time, duration, and numbers dialed, but not the content of the voice call itself.
 Human Rights Watch interview with former government employee #49, May 2013. ZTE offers a range of ZSmart products, from customer billing, technical support, marketing, and fraud detection functions. See, for example, ZTE, “ZTE Launches ZSmart Intelligent Charging System (iCS),” May 22, 2012, http://www.zteuk.co.uk/news/news/201205/t20120522_12830.html; ZTE, “OSS/BSS VAS Solutions,” 2014, http://wwwen.zte.com.cn/en/solutions/anyservice/oss_bss/ (accessed October 24, 2013). “Ethnicity” is one of the required fields in ZSmart. This raises concerns about possible discrimination against certain ethnicities, an ongoing allegation against the government. The overwhelming majority of individuals Human Rights Watch found who have experienced abuses through their use of the telecommunications system were from one ethnicity.
 Human Rights Watch interview with former government employee #49,(location withheld), May 2013.
 Operators generate a “call detail record” for each call made. These records include details necessary to determine, for example, the number of minutes used and whether it was a local or long-distance call, which then allows the operator to charge their customer appropriately.
 Human Rights Watch interview with former government employee #101, (location withheld), October 2013.
 The anti-terrorism proclamation requires Ethio Telecom to “cooperate when requested by the National Intelligence and Security Service to conduct the interception,” (art. 14(3)) and imposes a general duty on government and private entities to disclose information that could assist with investigations (art. 22). The recently passed NISS Proclamation has similar requirements with those refusing to cooperate punishable according to the Criminal Code (art. 27).
 Human Rights Watch interview with former government employee #49, May 2013.
 Human Rights Watch interview #61 (name and location withheld), July 2013.
 She was charged under sections 241 32(a), 32(b), and 38(1) of the Criminal Code.
 Moyale is a town on the Kenya/Ethiopia border and is often the gateway for Oromos who are fleeing Ethiopia into Kenya. The area around Moyale has a high Oromo population.
 Human Rights Watch interview #89 (name withheld), Kenya, July 2013.
 Translated charge sheet and decision, on file with Human Rights Watch.
 Human Rights Watch interview #60 (name withheld), Kenya, July 2013.
 Human Rights Watch interview #62 (name withheld), Kenya, July 2013.
 The Oromo National Congress (ONC) is a registered political party founded in 1996. After the 2005 elections, the National Electoral Board of Ethiopia awarded the names of the ONC and the Coalition for Unity and Democracy (CUD) to government-allied groups. See generally, Human Rights Watch, “One Hundred Ways of Putting Pressure,” p. 16. The ONC then changed its name to the Oromo People’s Congress (OPC).
 Translation of charge sheet, on file with Human Rights Watch.
 Elisa Kifle is the editor of Ethiomedia, a diaspora based news site that is often critical of the EPRDF.
 Ethiopian Terrorism Trial Hears Journalist Defendant,” Voice of America, March 27, 2012, http://www.voanews.com/content/ethiopian-terrorism-trial-hears-journalist-defendant-144654675/179445.html (accessed February 13, 2014). Various emails were also introduced as evidence but not clear how these emails were obtained. Several witnesses suggest Eskinder gave up his password but not clear under what circumstances he did this. Translation of charge sheet, on file with Human Rights Watch.
 Email correspondence was also introduced including communication with Elias and various communications surrounding the Beka movement.
 Translation of charge sheet.
 Human Rights Watch, Suppressing Dissent.
 Human Rights Watch, They Want a Confession: Torture and Ill-Treatment in Ethiopia’s Maekelawi Police station; “Ethiopia: Political Detainees Tortured,” Human Rights Watch news release, October 18, 2013, http://www.hrw.org/news/2013/10/18/ethiopia-political-detainees-tortured.
 ZTE, “About ZTE: Responsibility,” 2014, http://wwwen.zte.com.cn/en/about/corporate_citizenship (accessed March 20, 2014).
 Email from Yves Nissim, VP, Head of Transformation and Operation in CSR, Orange Group, to Human Rights Watch, February 14, 2014.
 See below, Legal Context.
 See, e.g., Anti-Terrorism Proclamation, art. 14, 23; NISS Re-establishment Proclamation, arts. 8, 22-24; Prevention and Suppression of Money Laundering and Financing of Terrorism Proclamation arts. 25 and 52; Telecom Fraud Offence Proclamation, arts. 14-16.
 “Ethiopian UN Security Official on Trial for Terrorism,” Voice of America, April 8, 2012, http://www.voanews.com/content/ethiopian-un-security-official-on-trial-for-terrorism-146744295/181000.html (accessed May 2013); “UN Staff Union seeks release of workers detained in Ethiopia, Sudan,” Xinhua News Agency, May 1, 2012, http://news.xinhuanet.com/english/world/2012-05/01/c_131561279.htm (accessed March 14, 2014).
 VSAT is a satellite-based telephone service that is used to connect small remote areas to the Ethio Telecom infrastructure without the need of physical connection to the infrastructure. Ethiopians can use phones connected by Ethio Telecom offices in remote areas. As mobile coverage increases across Ethiopia, VSAT is being phased out.
 Human Rights Watch interview #39 (name and location withheld), May 2013.
 Report of the special rapporteur on surveillance, para. 88.
 Carly Nyst, “With new promise comes new perils: ICTs and the right to privacy in Africa,” Privacy International, November 30, 2012, https://www.privacyinternational.org/blog/with-new-promise-comes-new-perils-icts-and-the-right-to-privacy-in-africa#footnote3_3s6169 (accessed March 14, 2014).
 For example, a phone number or SIM card may be blocked if a phone has been reported lost or stolen to prevent unauthorized use of the phone or card.
 Human Rights Watch interview with former government employee #100, (location withheld), October 2013.
 As seen in Figure 1, Information provided to Human Rights Watch clearly shows that Ethio Telecom’s customer management system ZSmart has a field for identifying a whether a SIM card has been blocked: “Is blocked?”
 Human Rights Watch interview #47 (name and location withheld), May 2013.
 Global Information Society Watch, “Ethiopia, 2009 – Access to Online Information and Knowledge,” 2009, http://www.giswatch.org/country-report/20/ethiopia (accessed August 3, 2013). A small number of governments have shut down mobile or Internet services at such large scale—that is, on a regional or nationwide level—often in response to demonstrations or unrest. See OpenNet Initiative, “Global Internet filtering in 2012 at a glance,” April 3, 2012, https://opennet.net/blog/2012/04/global-internet-filtering-2012-glance (accessed February 12, 2014); David Sullivan, “Network Shutdowns Go Beyond Syria,” post to Future Tense (blog), Slate, May 9, 2013, http://www.slate.com/blogs/future_tense/2013/05/09/internet_shutdowns_go_beyond_syria.html (accessed February 12, 2014).
 Human Rights Watch interview with government employee # 14, (location withheld), February 2013 and Human Rights Watch interview #2 (name withheld), Kenya, November 2012.
 Human Rights Watch interview #78 (name and location withheld), July 2013.
 See UN HRC, Report of the UN special rapporteur on the promotion and protection of the right to freedom of opinion and expression, Frank La Rue, (hereinafter, “Report of the special rapporteur on the Internet”), U.N. Doc. A/HRC/para.49/50, May 16, 2011, http://www2.ohchr.org/english/bodies/hrcouncil/docs/17session/A.HRC.17.27_en.pdf (accessed February 12, 2014).
 Geotracking is the identification of a person’s physical location by obtaining information from their telephones. In Ethiopia this is carried out by identifying tower location of dialed or received phone calls.
 This information is often collected as a normal part of billing processes. However, many telecom operators will delete this data after a prescribed time to protect the privacy of users.
 Human Rights Watch interviews #80 and #89 (names and locations withheld), July 2013.
 Human Rights Watch interview #102 (name and location withheld), October 2013.
 Human Rights Watch interview with former regional police official (name and location withheld), May 2013.
 Cathy Majtenyi, “Press Groups says Ethiopia Censors the Internet,” Reporters Without Borders, May 24, 2006, http://www.voanews.com/content/a-13-2006-05-24-voa39/312751.html (accessed January 2013).
 Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs,University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security.
 Prior testing revealed extensive filtering of political content in Ethiopia, with a “broad variety of political and news-related websites … blocked.” OpenNet Initiative, “Update on information controls in Ethiopia,” November 1, 2012, https://opennet.net/blog/2012/11/update-information-controls-ethiopia (accessed March 14, 2014); OpenNet Initiative, “Country Profiles: Ethiopia,” September 30, 2009, https://opennet.net/research/profiles/ethiopia. OpenNet Initiative is a collaborative partnership of three institutions: the Citizen Lab at the Munk School of Global Affairs, University of Toronto, the Berkman Center for Internet & Society at Harvard University, and the SecDev Group.
 See Human Rights Watch’s publications on the Anti-Terrorism Proclamation at: http://www.hrw.org/africa/ethiopia/.
 Human Rights Watch interview with former blogger (name and location withheld), May 2013.
 The list of blocked websites in Appendix 1 is not comprehensive and only provides a sampling of the websites found to be blocked in 2013 testing. The absence of a website from the list of blocked URLs does not necessarily mean the site is accessible in Ethiopia. In addition, because the list of websites tested is not comprehensive, results may underestimate the extent of material that is blocked.
 Al Arabiya is a media outlet based in Saudi Arabia and owned by Saudis that provides English and Arabic language news and current events programming.
 Human Rights Watch interview with former blogger (name and location withheld), November 2012. Many of the Facebook groups that are unavailable through the unencrypted version are on different Ethiopian political movements, including Bekaa (“enough”), “Free Eskinder Nega,” and various groups calling for “revolution.”
 Program can be seen at: “Aljazeera Mubasher TV channel Exposed the Interference of Ethiopian Govt. on Muslims religious matter and Discussed with the prominent guests on the current movement of Ethiopian Muslims,” video report, Al Jazeera, August 2, 2012, http://www.youtube.com/watch?v=pJqXjJg0R4A&feature=youtu.be“Ethiopian journalists sentenced for ‘terrorism,’” Al Jazeera, July 13, 2012 http://stream.aljazeera.com/story/ethiopian-journalists-sentenced-terrorism-0022284 (accessed February 12, 2014).
 Article can be found at: “Ethiopia erupts in deadly ethnic violence,” Al Jazeera, July 31, 2012, http://www.aljazeera.com/news/africa/2012/07/201273075846287757.html (accessed January 12, 2014).
 Analytics image from: “Ethiopia 'blocks' Al Jazeera websites,” Al Jazeera, March 18, 2013, http://www.aljazeera.com/news/africa/2013/03/201331793613725182.html (accessed February 12, 2014).
 Email communication between blogger and Human Rights Watch, April 2013.
 Human Rights Watch Internet filtering testing, October 2013.
 Email communication between blogger and Human Rights Watch, April 2013.
 The most popular version of this video is available at: “ESAT News: Meles Zenawi humiliated in G8 meeting,” video report, ESATtv Ethiopia, May 18, 2012, http://www.youtube.com/watch?v=hUVsq-FDFRE (accessed February 12, 2014).
 Human Rights Watch/Citizen Lab Internet filtering testing, October 2013.
 OpenNet Initiative, “Country Profiles: China,” August 9, 2012, https://opennet.net/research/profiles/china-including-hong-kong (accessed February 12, 2014).
 Once examined, the communications can be then copied, analyzed, blocked, or even altered.
 Runa Sandvik, “Ethiopia introduces Deep Packet Inspection,” post to “Tor” (blog), Tor Project, May 31, 2012, https://blog.torproject.org/blog/ethiopia-introduces-deep-packet-inspection (accessed March 13, 2014). Previously, the method of blocking that Tor detected had only been used in a handful of states, including China, Iran, and Kazakhstan. The Tor project is a non-profit organization that conducts research and development into online privacy and anonymity, and offers a technology that helps protect privacy online. See Tor Project, “Tor: Overview,” undated, https://www.torproject.org/about/overview.html.en (accessed March 14, 2014).
 Azi Ronen, “Ethio Telecom Issued a Tender for DPI,” post to “Broadband Traffic Management” (blog), July 7, 2011, http://broabandtrafficmanagement.blogspot.com/2011/07/ethio-telecom-issued-tender-for-dpi.html (accessed March 14, 2014).
 “En Éthiopie, France Télécom accompagne la censure d’Internet,” La Croix, October 6, 2012, http://www.la-croix.com/Actualite/Monde/En-Ethiopie-France-Telecom-accompagne-la-censure-d-Internet-_NP_-2012-06-10-816727 (accessed March 14, 2014). Jean-Michel Latute was on secondment from France Telecom. When France Telecom’s contract with Ethio-Telecom was terminated in January 2013, he continued as CEO of Ethio Telecom for six more months.
 Letter from Brigitte Dumont, Chief Officer, Group Corporate Social Responsibility, Orange, to Human Rights Watch, November 19, 2013.
 For further technical explanation of the use of forged TCP RST (reset) packets to blocked online content, see OpenNet Initiative, “Update on information controls in Ethiopia,” November 1, 2012, https://opennet.net/blog/2012/11/update-information-controls-ethiopia (accessed March 14, 2014).
 Human Rights Watch interviews with former government officials #8, 14, and 49, January 2013 and May 2013
 Human Rights Watch interview with former regional police official, (location withheld), May 2013.
 Human Rights Watch interview with former government official #49, (location withheld), May 2013.
 Human Rights Watch interview with former government employee #100, (location withheld), October 2013. Schoolnet is managed by the Ministry of Education and connects 550 high schools around Ethiopia with VSAT-based broadband Internet access for the purposes of video-based distance and standardized education. Agrinet was intended to connect 26 agricultural research institutions across Ethiopia with broadband Internet connections.
 World Bank, “World Bank Provides US$50 Million for Public Service Delivery Improvement, Citizen Empowerment, and Good Governance Promotion in Ethiopia,” March 23, 2010, http://go.worldbank.org/VLCH71LCP0 (accessed March 19, 2014); Harry Hare, “Survey of ICT in Education in Ethiopia,” infoDev/World Bank, 2007, http://www-wds.worldbank.org/external/default/WDSContentServer/WDSP/IB/2008/11/12/000333038_20081112230415/Rendered/PDF/463910BRI0Box31ia010ICTed0Survey111.pdf (accessed November 8, 2013). MCIT states on its website, “The EICTDA, through funding from the World Bank, was able to launch a series of projects that improved ICT access in the public sector. It commissioned a series of studies on IT standards and frameworks. These range from technical standards on selection of hardware and software, to e-government Interoperability framework, to E-service standards. The EICTDA was also able to draft laws governing the online environment including e-commerce law, data protection law and digital signature law.” MCIT, “ICT Policy and Regulatory Environment,” undated, http://www.mcit.gov.et/web/english/ict-policy-and-regulatory-environment (accessed March 19, 2014). See also, World Bank, “Additional Financing to the Public Sector Capacity Building Program Support Project,” 2010, http://www.worldbank.org/projects/P107217/public-sector-capacity-building-program-support-project?lang=en (accessed March 19, 2014); World Bank, “ICT Assisted Development Project: Updated Project Information Document (PID),” Report No: AB135, April 9, 2004, http://www-wds.worldbank.org/servlet/WDSContentServer/WDSP/IB/2004/04/14/000104615_20040414094134/Rendered/PDF/PID0P078458.pdf (accessed March 19, 2014); MCIT, “The National ICT for Development (ICT4D) Five Years Action Plan for Ethiopia [2006 – 2010],” May 2006, http://unpan1.un.org/intradoc/groups/public/documents/un-dpadm/unpan040825.pdf (accessed March 19, 2014), p. 15; Aman Assefa, “ICT in Ethiopia: Challenges and Prospects from an A2K Perspective World Bank,” 2009, http://www.law.yale.edu/images/ISP/A2KGA_Proceedings.pdf (accessed March 19, 2014).
 John Scott-Railton, Revolutionary Risks: Cyber Technology and Threats in the 2011 Libyan Revolution (Newport, RI: US Naval War College, Center on Irregular Warfare and Armed Groups, 2013).
 See “PSTN Transformation Via ZTE NGN Solution,” ZTE presentation to the Iran Telecommunications Center, May 2008, on file with Human Rights Watch and John Scott-Railton, Revolutionary Risks.
 “PSTN Transformation Via ZTE NGN Solution,” ZTE presentation to the Iran Telecommunications Center, May 2008, on file with Human Rights Watch.
 Steve Stecklow, “Special Report: Chinese Firm helps Iran spy on citizens,” Reuters, March 22, 2012, http://www.reuters.com/article/2012/03/22/us-iran-telecoms-idUSBRE82L0B820120322 (accessed March 14, 2013).
 “PSTN Transformation Via ZTE NGN Solution,” ZTE presentation to the Iran Telecommunications Center, May 2008, on file with Human Rights Watch.
 ZTE Corporation, “Announcement: Disposal of Equity Interests in Shenzhen ZTE Special Equipment Company Limited,” September 21, 2012. See also, Sinovatio, “Welcome to Sinovatio Technology,” undated, http://www.sinovatio.com/en/about/introduction.shtml, (accessed December 5, 2013).
 Human Rights Watch received an email in response to our letter, but the email was blank and contained no substantive response to our inquiry.
 Human Rights Watch interview with Eric King, Privacy International, London UK, February 2013. The term “lawful intercept” is used by equipment makers as an industry label for systems that enable surveillance. However, the term does not necessarily mean surveillance practices are legal under national or international law.
 Human Rights Watch interview #31 (name and location withheld), May 2013.
 Human Rights Watch interview #86 (name and location withheld), July 2013.
 Human Rights Watch interview #63 (name and location withheld), July 2013.
 Human Rights Watch interview #9 (name and location withheld), January 2013.
 Human Rights Watch interview #13 (name and location withheld), February 2013.
 Groum Abate, “Ethiopia Internet cafes start registering users,” Capital, December 27, 2006, http://nazret.com/blog/index.php/2006/12/27/ethiopia_internet_cafes_start_registerin (accessed March 14, 2014).
 Human Rights Watch interview #46 (name and location withheld), May 2013.
 Human Rights Watch interview #93 (name and location withheld), July 2013.
 Human Rights Watch interview #94 (name and location withheld), July 2013.
 Human Rights Watch interviews with various Facebook users.
 Human Rights Watch interview #61 (name withheld), November 2012 and email communication between blogger and Human Rights Watch, (date withheld).
 Facebook transparency request reports can be found at: Facebook, “Global Government Requests Report,” June 30, 2013, https://www.facebook.com/about/government_requests (accessed March 17, 2014). Facebook information was for the first half of 2013. Google’s transparency reports for Ethiopia can be found at: Google, “Transparency Report,” undated, http://www.google.com/transparencyreport/traffic/?r=ET&l=EVERYTHING&csd=1294957800000&ced=1297377000000 (accessed March 17, 2014), while Microsoft’s is at: Microsoft, “Law Enforcement Requests Report,” March 2014, http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/ (accessed March 17, 2014). Twitter’s transparency reports can be found at: Twitter, “Transparency Report,” December 31, 2013, https://transparency.twitter.com/ (accessed March 17, 2014).
 Botswana, South Africa and Uganda were the three sub-Saharan countries. Facebook, “Global Government Requests Report,” June 30, 2013, https://www.facebook.com/about/government_requests (accessed March 17, 2014).
 Google also only reports on data requests for law enforcement purposes, and often excludes national security related data requests. Data on data requests for law enforcement purposes is not available prior to July 1, 2009. Google, “Transparency Report,” undated, http://www.google.com/transparencyreport/traffic/?r=ET&l=EVERYTHING&csd=1294957800000&ced=1297377000000 (accessed March 17, 2014).
 Claudio Guarnieri, “Analysis of the FinFisher Lawful Interception Malware,” post to “Security Street Rapid7” (blog), August 8, 2012, https://community.rapid7.com/community/infosec/blog/2012/08/08/finfisher (accessed March 17, 2014); Morgan Marquis-Boire, Bill Marczak, and Claudio Guarnieri, “The SmartPhone Who Loved Me: FinFisher Goes Mobile?” Citizen Lab, Research Brief No. 11, August 2012, https://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/ (accessed March 17, 2014).
 Gamma Group, “FinFisher: Governmental IT Intrusion and Remote Monitoring Solutions,” undated, http://wikileaks.org/spyfiles/docs/gamma/298_finfisher-governmental-it-intrusion-and-remote-monitoring.html (accessed March 17, 2014).
 Gamma International is part of the Gamma Group of companies. “Company Profile,” Gamma Group, https://www.gammagroup.com/companyprofile.aspx (accessed September 3, 2013).
 FinFisher, “FinFisher: Company Profile,” undated, http://www.finfisher.com/FinFisher/company_profile.html (accessed March 17, 2014).
 Gamma Group, “Remote Monitoring & Infection Solutions: FinSpy,” undated, http://wikileaks.org/spyfiles/docs/gamma/289_remote-monitoring-and-infection-solutions-finspy.html (accessed March 17, 2014).
 Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton, “You Only Click Twice: FinFisher’s Global Proliferation,” Citizen Lab, Research Brief No. 15, March 2013, https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ (accessed March 17, 2014).
 Human Rights Watch interview with Tadesse Kersmo, (location withheld), November 2013.
 See “Berhanu Nega receives half a million ‘grant’ from Egypt to run Ginbot 7 and ESAT (Audio),” Awramba Times, June 20, 2013, http://www.awrambatimes.com/?p=8639 or http://hornaffairs.com/en/2013/06/20/leaked-audio-eritrea-funds-esat-berhanu-nega/ (accessed March 17, 2014). This recording was leaked the same day Dr. Berhanu Nega testified in front of the United States Congress Subcommittee on Africa, Global Health, Global Human Rights, and International Organizations.
 See Alinda Vermeer, “Explained: Our criminal complaint on behalf of Tadesse Kersmo,” Privacy International, February 21, 2014, https://www.privacyinternational.org/blog/explained-our-criminal-complaint-on-behalf-of-tadesse-kersmo (accessed March 17, 2014).
 The email read: “I am waiting for your reply. I do not think you have the luxury of time. If you try to play dirty game, it will have a far reaching consequence to you and your family. You have a very stark choice. I need your reply within the next 12 hours.” Email from (name withheld) to Yohannes Alemu, June 30, 2013. On file with Human Rights Watch.
 Human Rights Watch interview with Yohannes Alemu, (location withheld), February 2014.
 Email on file with Human Rights Watch.
Kidane v. Ethiopia, US District Court for the District of Columbia, Complaint, February 13, 2014, https://www.eff.org/document/complaint-32 (accessed March 14, 2014). Kidane states that he is not a member of Ginbot7.
Kidane v. Ethiopia, Complaint.
 Vernon Silver, “Gamma FinSpy Surveillance Servers in 25 Countries,” Bloomberg, March 13, 2013,
 Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri, and John Scott-Railton, “For Their Eyes Only: The Commercialization of Digital Spying,” Citizen Lab, April 30, 2013, https://citizenlab.org/2013/04/for-their-eyes-only-2/ (accessed March 17, 2014).
 Privacy International, European Center for Constitutional and Human Rights, Reporters Without Borders, Bahrain Center for Human Rights, and Bahrain Watch “OECD Complaint against Gamma International for Possible Violations of the OECD Guidelines for Multinational Enterprises,” February 1, 2013, https://www.privacyinternational.org/sites/privacyinternational.org/files/downloads/press-releases/jr_bundle_part_2_of_2.pdf (accessed March 17, 2014).
 Vernon Silver, “Gamma Says No Spyware Sold to Bahrain; May Be Stolen Copy,” Bloomberg, July 27, 2012, http://www.bloomberg.com/news/2012-07-27/gamma-says-no-spyware-sold-to-bahrain-may-be-stolen-copy.html (accessed March 14, 2014).
 Hacking Team, “Hacking Team: About Us,” undated, http://hackingteam.it/index.php/about-us (accessed March 14, 2014).
 Hacking Team, “Remote Control System: Cyber intelligence made easy,” undated, http://wikileaks.org/spyfiles/docs/hackingteam/147_remote-control-system.html (accessed March 14, 2014).
 D. Vincenzetti and V. Bedeschi, “Hacking Team: Remote Control System V5.1,” undated, http://wikileaks.org/spyfiles/docs/hackingteam/31_remote-control-system-v5-1.html (accessed March 14, 2014).
 Hacking Team, “Remote Control System: Cyber intelligence made easy.”
 D. Vincenzetti and V. Bedeschi, “Hacking Team: Remote Control System V5.1.”
 Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John Scott-Railton, “Hacking Team and the Targeting of Ethiopian Journalists,” Citizen Lab, February 12, 2014, https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists/ (accessed March 13, 2014).
 Hacking Team, “Customer Policy,” 2013, http://hackingteam.it/index.php/customer-policy (accessed January 23, 2014).
 Adrianne Jeffries, “Meet Hacking Team, the company that helps the police hack you” September 13, 2013, The Verge, http://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers (accessed February 12, 2014); David Gilbert, “Hacking Team and the Murky World of State-Sponsored Spying,” International Business Times, March 13, 2013, http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507 (accessed February 12, 2014).
 David Gilbert, “Hacking Team and the Murky World of State-Sponsored Spying,” International Business Times, March 13, 2013, http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507 (accessed February 12, 2014).
 Hacking Team, “Customer Policy,” 2013, http://hackingteam.it/index.php/customer-policy (accessed January 23, 2014).
 Ethiopia is not currently on the blacklists of sanctioned countries for these entities.
 David Gilbert, “Hacking Team and the Murky World of State-Sponsored Spying,” International Business Times, March 13, 2013, http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507 (accessed February 12, 2014).
 Hacking Team, “Customer Policy,” 2013, http://hackingteam.it/index.php/customer-policy (accessed January 23, 2014).
 Morgan Marquis-Boire “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” Citizen Lab, October 10, 2012, https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ (accessed January 23, 2014); Kim Zetter, “American Gets Targeted by Digital Spy Tool Sold to Foreign Governments,” Wired, June 4, 2013, http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/ (accessed January 23, 2014).
 David Gilbert, “Hacking Team and the Murky World of State-Sponsored Spying,” International Business Times, March 13, 2013, http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507.(accessed February 12, 2014).
 Pratap Chatterjee, “Turning the Table on the Trackers: Wikileaks Sniffs out Spy Salesmen,” CorpWatch, September 6th, 2013, http://www.corpwatch.org/article.php?id=15868&printsafe=1 (accessed February 12, 2014).
 Email from Eric Rabe, Communications Counsel, Hacking Team, to Human Rights Watch, February 19, 2014. See Appendix 2: Correspondence.
 For a sense of the costs of equipment, software licenses, support, and services related to FinFisher, see FinFisher, “FinFisher Pricing, Dreamlab” 2011, http://wikileaks.org/spyfiles/docs/DREAMLAB_2011_FinFPric_en.html (accessed February 12, 2014).
 Letter from Francesca Debenham, Treasury Solicitor’s Department, United Kingdom Government Legal Service, to Bhatt Murphy Solicitors, August 8, 2012; Letter from Francesca Debenham, Treasury Solicitor’s Department, United Kingdom Government Legal Service, to Bhatt Murphy Solicitors, September 11, 2012, https://www.privacyinternational.org/sites/privacyinternational.org/files/downloads/press-releases/2012_11_09_dossier_to_hmrc.pdf (accessed February 12, 2014).
 Ben Knight, “German spyware business supports dictators,” Deutsche Welle, September 19, 2012, http://www.dw.de/german-spyware-business-supports-dictators/a-16249165-1 (accessed February 12, 2014); Marietje Schaake, “European Parliament endorses stricter European export control of digital arms,” October 23, 2012, http://www.marietjeschaake.eu/2012/10/ep-steunt-d66-initiatief-controle-europese-export-digitale-wapens (accessed February 12, 2014).
 Wassenaar Arrangement, “Public Statement, 2013 Plenary Meeting of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-use Goods and Technologies,” 2013, http://www.wassenaar.org/publicdocuments/2013/WA%20Plenary%20Public%20Statement%202013.pdf (accessed February 12, 2014); Wassenaar Arrangement, “List of Dual-Use Goods & Technologies and Munitions List,” December 2013, http://www.wassenaar.org/controllists/2013/Summary%20of%20Changes%20to%20Control%20Lists%202013.pdf (accessed February 12, 2014); Wassenaar Arrangement, “Control Lists - Current Lists of Dual Use Goods and Technologies and Munitions List,” http://www.wassenaar.org/controllists/index.html (accessed February 12, 2014), Category 4.
 Wassenaar Arrangement, “Introduction,” undated, http://www.wassenaar.org/introduction/index.html (accessed February 12, 2014).
 Participating states include Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States. Wassenaar Arrangement, “Introduction,” undated, http://www.wassenaar.org/introduction/index.html (accessed February 12, 2014).
 Wassenaar Arrangement, “Public Statement, 2013 Plenary Meeting .”
“Ethiopia buys unmanned aerial vehicles from Bluebird” defenceWeb,
May 23, 2011,
http://www.defenceweb.co.za/index.php?option=com_content&view=article&id=15527:ethiopia-buys-unmanned-aerial-vehicles-from-bluebird&catid=35:Aerospace&Itemid=107 (accessed April 13, 2013) and “MP confirms Ethiopia’s Drone Produce,” De Birhan, February 16, 2013, http://debirhan.com/?p=39 (accessed March 13, 2013).
 Human Rights Watch interview with former government official #51, (location withheld), August 2013.
 You can hear what “white noise” jamming sounds like during a Radio Xoriyo broadcast at: Radio Xoriyo Somali, 2012, http://sonna.net/content/26102012-radio-xoriyo-somali-1612-17870-sof (accessed February 12, 2014). Radio Xoriyo is a radio station affiliated with the banned ONLF.
 Hans Johnson, “Ethiopia adopts new tactic in radio jamming,” post to “Shortwave Central” (blog), December 20, 2007, http://mt-shortwave.blogspot.ca/2007/12/ethiopia-adopts-new-tactic-in-radio.html (accessed March 14, 2013).
 The Voice of America is a multi-media international broadcasting service funded by the US government. VOA broadcasts more than 1,500 hours of news and other programming every week in 45 languages to an audience of more than 125 million people. VOA broadcasts to Ethiopia in Amharic, Tigrinya, and Afan Oromo, in addition to English. Deutsche Welle is Germany’s international broadcaster and broadcasts in Amharic and English.
 The EPRP is Ethiopia’s oldest political party. Ginbot 7, the Oromo Liberation Front (OLF), and the Ogaden National Liberation front (ONLF) have all been declared terrorist organizations by the Ethiopian government under the Anti-Terrorism Proclamation.
 Human Rights Watch interview with Ludger Schadomsky, editor-in-chief, Deutsche Welle, Bonn, Germany, March 2013 and Human Rights Watch interview with Peter Heinlein, chief, Horn of Africa Service, VOA, Washington, DC, April 2013.
 US Department of State, “PM’s advisor Bereket Discuss Elections and VOA with PDAs,” Wikileaks Canonical ID# 08ADDISABABA214_a, January 29, 2008, https://www.wikileaks.org/plusd/cables/08ADDISABABA214_a.html (accessed February 12, 2014).
 Deutsche Welle jamming monitoring spreadsheets: June 2012- March 2013. Documents on file with Human Rights Watch.
 Email communication from Ludger Shadomsky, editor-in-chief, Deutsche Welle to Human Rights Watch, October 2013.
 Email communication from Peter Heinlein, chief, Horn of Africa Service, VOA to Human Rights Watch, October 2013.
 Ludger Schadomsky, “Open Letter to Ethiomedia.com,” Ethiomedia, January 11, 2012, http://www.ethiomedia.com/broad/3402.html (accessed March 13, 2014).
 The government has used various additional means to make it difficult for VOA and other international organizations to operate in Ethiopia including the regular detention of journalists and denial of work permits.
 Human Rights Watch Interview with Ludger Schadomsky, editor-in-chief, Deutsche Welle Amharic, Bonn, Germany, March 2013 and Human Rights Watch interview with Peter Heinlein, chief, Horn of Africa Service, VOA, Washington, DC, April 2013.
 “US Criticized Ethiopia for Jamming VOA Signals,” Voice of America, March 19, 2010, http://www.voanews.com/content/ethiopia-criticized-by-us-for-jamming-voa-signals-88733542/153788.html (accessed March 14, 2014)
 “Ethiopia admits jamming VOA radio broadcasts in Amharic,” BBC, March 19, 2010, http://news.bbc.co.uk/2/hi/8575749.stm (accessed March 4 2013).
 US Department of State, “United States Strongly Criticizes Ethiopia’s Jamming of Voice of America,” March 19, 2013, http://www.state.gov/r/pa/prs/ps/2010/03/138682.htm (accessed February 12, 2014).
 “PM’s advisor Bereket Discuss Elections and VOA with PDAs,” Wikileaks, January 29, 2008, https://www.wikileaks.org/plusd/cables/08ADDISABABA214_a.html (accessed march 14, 2014).
 Orbital jamming involves the perpetrator beaming contradictory signals directly towards a satellite via a rogue
uplink station. When these jamming signals are sent, frequencies become mixed with each other and the targeted
channel’s feed is completely overridden for everyone, everywhere. In addition, as satellite capacity operates in groups of channels, when one channel is jammed, all others in the same group are also aﬀected. Terrestrial jamming takes place in a speciﬁc location and involves equipment that is easy to purchase, use and conceal. Rather than targeting the satellite itself, as is the case in orbital jamming, terrestrial jamming involves transmitting rogue frequencies in the direction of local consumer-level satellite dishes. The contradictory frequencies are area-speciﬁc, interfering only with the frequency emanating from the satellite in a speciﬁc location. Small, portable terrestrial jammers have a range of 3-5 kilometers in urban, built-up areas. In rural areas, their range can increase to up to 20 kilometers. From “Satellite Jamming in Iran: A war over Airwaves,” A Small Media Report, November 2012, http://www-tc.pbs.org/wgbh/pages/frontline/tehranbureau/SatelliteJammingInIranSmallMedia.pdf (accessed July 13, 2013).
 Human Rights Watch interview #47 (name and location withheld), May 2013.
 Human Rights Watch interview #25 (name and location withheld), April 2013.
 “Jamming of Arabsat coming from Ethiopia,” Daily Star, February 16, 2012, http://www.dailystar.com.lb/News/Local-News/2012/Feb-16/163438-sehnaoui-jamming-of-arabsat-coming-from-ethiopia.ashx#ixzz1mVTDna2w (accessed September 4, 2013).
 Human Rights Watch interview with ESAT employees, Washington, DC, December 2012.
 Ethiopian Freepress Journalists’ Association, “EFJA urges China to stop complicity in jamming satellite TV transmissions,” June 22, 2011, http://reliefweb.int/report/china/efja-urges-china-stop-complicity-jamming-ethiopian-satellite-tv-transmissions (accessed January 11, 2013).
 ESAT, “ESAT resumes broadcast on Amos Satellite,” December 20, 2012, http://ethsat.com/2012/12/20/esat-resumes-broadcast-on-amos-satellite/ (accessed January 8, 2013) and Human Rights Watch interview with ESAT employee #103, (location withheld,) November 2013.
 Human Rights Watch/Citizen Lab Internet filtering testing, July 2013 and August 2013.
 “Satellite Jamming in Iran: A war over Airwaves,” A Small Media Report, November 2012, http://www-tc.pbs.org/wgbh/pages/frontline/tehranbureau/SatelliteJammingInIranSmallMedia.pdf) (accessed July 13, 2013).
 Human Rights Watch interviews with former government officials#49 and 51, (locations withheld), May 2013.
 Human Rights Watch interview with former government employee #14, (location withheld), February 2013.
 ITU Constitution, article 15; ITU Radio Regulations, article 15. Ethiopia joined the ITU in 1932.