Myanmar’s Military Massacre in Bago: Hour by Hour Internet Access Measurement
We reveal the exact pattern of broadband internet shut-downs around the 9 April attack
Sometime at or before 4am, on the 9th April, 2021, in Bago city, Bago State, Myanmar, the Tatmadow (Myanmar’s military) began operations against the people of Bago.
What unfolded that day has been thoroughly documented in a recent piece by the Washington Post, with the UN’s special rapporteur for Myanmar, Tom Andrews, quoted as saying, “It is very systematic [and] the pattern of violence is very, very clear,” before concluding, “These are crimes against humanity.”
The Monash IP Observatory provided the Washington Post team with raw, observation-level data, precisely geo-located to the centre of Bago city, Mynamar, in the weeks around the attack.
In this post, we share this underlying data, and provide access to our raw (de-identified) measurements.
Bago Shutdowns: Hour by Hour
Our global infrastructure actively measures over 400 million unique internet-connected end-point addresses each day. From over 3 billion measurements, we are able to identify which IP addresses are online, and which are offline (see Methods, below).
In Bago city, Bago state, Mynanmar, out of hundreds of potentially connected IP addresses, we consistently saw active signals from around 80 unique end-points. Active measurements were carried out by four source devices across four continents, sending ICMP (ping) measurements to each IP address.
In the figure, filled markers indicate hours where at least 2 IPs were measured to be online (responsive) during the given hour and day. Blue markers indicate weekdays, grey indicate weekend days. Red markers indicate 9 April, 2021.
In addition, given that eye-witness accounts placed the initial Tatmadow raids occurring close to 4am, we indicate, by a red stripe, on the 9 April 2021, the approximate time of the raid beginning.
As we have already documented, the military ordered internet shutdown campaign started on 1st February, during which the democratically elected leader of Myanmar, Aung San Suu Kyi, was arrested along with other officials. From there, an escalating control over the internet was apparent, as the military sought to restrict the flow of information, and provide cover for activities against civilians.
By the 15th April, this strategy had developed into a nightly shutdown, lasting 8hours, from 1am to 9am, as indicated by the initial blocks of ‘dark-time’ in the figure.
However, by the fourth week of the nightly shut-down period, it can be seen that military presumably made the decision to provide slightly longer week-day access, between the hours of 6am and 9am, but retained the weekend shut-down when protests were more likely.
But this strategy was not uniform. We can see five weeks leading up to the Bago massacre on the 9th April, the military seems to have become increasingly nervous, or emboldened for the cover of darkness, by first offering this additional 3 hour internet window, then taking it away.
By the 1st April, Bago was back into the sustained nightly shut-down, with only the Wednesday — Thursday prior to the 9th seeing the 6am to 9am online reprieve.
But there was no reprieve on the 9th April. Nor any previous Friday in Bago. Eight hours of internet shutdown was again in place, with reports that mobile reception was also lost at this time.
Plenty of time, it would transpire, for the brutal operation in Bago to be carried out, not only in the cover of darkness, but also under the heavy weight of a communications black-out.
IP Observatory | Open
To facilitate transparency, accountability and future research work related to the Bago massacre, we provide open-source access to the universe of underlying raw measurements obtained by our infrastructure over the period 2021–02–09 to 2021–05–14.
The data set, at IP level (unique IPs hashed) includes ISP owner names, IP owner names (where available), and exact timestamps of the online measurement. Though not used in the analysis above, we also provide RTT (return trip time, ms) measurements from the specific ping used. Noting that our source devices sit on four different continents and so, variations in ping time will largely reflect which source was used to obtain the given measurement.
Our Methodology
To generate the data behind these observations, we combine a commercially available geo-located IP database with our powerful scanning technology which measures the online or offline status of millions of Internet addresses globally every hour.
Our observational methodology uses the most basic Internet messaging protocol that is widely used billions of times a day to establish routes for your email, tweet, or share. After developing a carefully selected set of Internet addresses (IPs) to measure, we periodically send them one of these tiny messages, essentially asking, ‘Are on you online?’. These online/offline answers form the basis for our ‘connectivity’ indicators.
Connectivity
By connectivity, we mean the count of unique, online devices in our measurement sample every hour.
The large majority of our measurements are to fixed, broad-band, end-point devices (home and business routers, servers, etc.) in a given region. Mobile or cell towers are also measured, but typically not individual mobile phones. And, to be clear, being “online” in our measurement does not necessarily mean that an end-point user has a free internet experience. Access could be blocked to a specific website or service at any time, even with an active (not blocked) internet connection. Or, access could be practically blocked by a slowing of internet traffic (see latency).
Latency
By latency, we mean the average return trip time (rtt) across all unique, connected end-points in a given region, as measured by multiple signals sent from our global platform to the end-point each hour.
Latency can be thought of as the immediacy of the connection. Low latency is crucial for any synchronous internet mediated activity such voice or video chat, but is also a good proxy for the bandwidth pressure on the network at the time. If the network is overloaded latency will tend to rise dramatically as packets of information are slowed down, waiting in queues, if you will. In our team’s earlier work, we know that some governments apply slow-downs (rather than ‘shutdowns’) to make the sharing of voice or video materials practically impossible and influence political outcomes.
Privacy
The Monash IP Observatory has no access to any content being shared, viewed, visited, or generated by a user at a given IP, and all IP Observatory activity works in aggregates of thousands of randomly sampled measurements across geo-spatial sub-regions.
The IP-Observatory is fully compliant with the EU’s General Data Protection Regulation (EU-GDPR). The IP-Observatory does not collect, hold or process personal data.
Acknowledgement: The initial idea for the main graphic of this piece arose from work by the Washington Post’s Atthar Mirza. We thank Atthar for his inspiration and consent to incorporate his ideas.
The mission of the Monash University IP Observatory — ‘internet insights for social good’ — is to monitor the availability and quality of the Internet during critical events such as elections, natural disasters or conflicts. The IP Observatory was founded by Klaus Ackermann, lecturer in Econometrics and Business Statistics, and Simon Angus, and Paul Raschky, Associate Professors in Economics. The observatory is a project of SoDa Laboratories at the Monash Business School, and tweets @IP_Observatory.
