THE ONLINE REGULATION SERIES | MAURITIUS

Mauritius, the small African island nation that – according to observers – has one of Africa’s best democratic records,[mfn]Economist Intelligence Unit’s Democracy Index 2019 (2020), Democracy Index 2019: Mauritius a “Full Democracy” and ranks 1st in Africa, 18th worldwide, Intercontinental Trust[/mfn] has until recently steered clear of measures that seek to regulate the internet and online speech. However, a 2021 proposal suggests an unconventional regulatory approach compelling all internet traffic to the country to be rerouted via a proxy server to be decrypted and archived. This proposal has led to warnings from a multitude of global digital rights groups of incipient risks to freedom of expression and privacy in Mauritius.

Mauritius’ regulatory framework:

• The Information and Communications Technologies (ICT) Act, 2001 (amended in 2009, 2011, 2016, 2020, and 2021): A broad regulatory framework which regulates radio, broadcast, and online communications. The 2009 amendment empowered the ICT Authority to “take steps to regulate or curtail the harmful and illegal content on the Internet”, without specifically clarifying what measures would be implemented in pursuance of this. In 2018, amendments were added to punish users for sharing “obscene, indecent, offensive, abusive, threatening, menacing, false or misleading” content and “messages” (online and via other telecommunications channels) with up to 10 years in prison.

• Prevention of Terrorism Act (2016): Criminalises participation in as well as preparation and encouragement of terrorist acts. The Act also creates a Counterterrorism Unit which coordinates intelligence collection activity and terrorism investigations. The Act does not specifically mention terrorist cybercrimes, but it does allow the Mauritian Commissioner of Police to issue “control orders” against terrorism suspects, which amongst other measures allows the police to restrict individuals’ access to “certain forms of technology”.

Proposed legislation

In 2021, the Mauritian Government proposed further amendments to the ICT Act in a consultation paper. Whilst the paper does not provide clear legal provisions, it does identify the class of legal instruments likely to be introduced in Mauritius. It is currently unclear when (or if) the amendments might be added to the ICT Act. In short, the amended ICT Act would seek to:

• Give clearer operational effect to the ICT authority’s mandate to tackle “harmful” and illegal content by creating two new bodies: the National Digital Ethics Committee (NDEC), which will be responsible for identifying illegal online content, and the Technical Enforcement Unit (TEU), responsible for enforcing removal of illegal material – including via “technical enforcement measures” – as directed by the NDEC.

• Establish a “proxy server” to support the TEU’s enforcement mechanisms. Under this arrangement, all internet traffic in Mauritius would be rerouted via the server, after which traffic would be decrypted and archived. If any illegal or “harmful” content is identified in this process, the TEU will be able to block the specific page hosting it or – in the case of a comment made in a public comment section – trace the IP addresses of responsible individuals. Mauritian internet users will need to install a certificate rerouting their traffic via the proxy server in order to be able to access social media platforms.

Relevant national bodies:

• ICT Authority: The 2001 ICT Act established the ICT Authority and assigned to it the responsibility for regulating domestic information and communications technologies. To date, their regulatory responsibilities have mainly comprised radio and television, although the proposed 2021 ICT Act amendments would significantly increase their authority over online communications and platforms.

Key takeaways for tech platforms:

• Tech platforms are currently shielded from legal liability for illegal and harmful content posted on their services. According to the ICT ACT it is illegal for individual users to share content that is “obscene, indecent, abusive, threatening, false or misleading” as well as material that is “likely to cause or causes annoyance, humiliation, inconvenience, distress or anxiety to any person” or “likely to endanger […] public safety and public order.” Users prosecuted by the ICT Authority risk punishment of up to 10 years in prison. There is no explicit mention of terrorist or violent extremist material in the Act. Users would also be increasingly affected by the proposed 2021 amendments.

• Under the proposed amendments to the ICT Act, tech companies may see entire pages or pieces of content on their sites blocked by the TEU if content is found to be illegal or harmful.

• Incoming traffic might, under the proposed amendments to the ICT Act, be decrypted by Mauritian authorities. Given that there are currently few specific details provided about how the proxy server toolset would work, it is unclear exactly how this will impact tech companies. However, the language used in the consultation paper suggests that all “incoming and outgoing internet traffic” (the paper does not explicitly differentiate between public and private communication) is in scope for decryption, storage, and removal.

• Tech companies should remain vigilant towards regulatory initiatives in Mauritius. In the above mentioned consultation paper, the Mauritian Government mentions a lack of tech sector consideration for the national interest,[mfn]Specifically, the government mentions failure in responding to requests and in investing in content moderation capability for Mauritian creole language.[/mfn] suggesting that measures targeting tech companies could be introduced in the future.

Tech Against Terrorism’s analysis and commentary

Legislative rationale

Whilst until recently Mauritius has taken a comparatively lenient approach to online regulation, the 2021 proposed amendments to the ICT Act appear unprecedented in their reach and the concomitant risks of violating several principles of international human rights law. There are potential benefits in placing legal liability on individual users as opposed to tech companies in terms of the impact on freedom of expression online, mainly because stringent liability provisions on platforms could see platforms over-zealously remove content to avoid penalties.

However the measures proposed by the government nonetheless risk a negative effect on the domestic right to privacy and freedom of expression due to their interference with encrypted web traffic and prohibition of ill-defined content categories.

The example of Mauritius raises important questions about smaller nations in the Global South and their ability to engage constructively with larger global tech companies, something which the consultation paper addresses directly as a challenge. Mauritius mentions regulatory approaches in the United Kingdom, France, Germany, India, and Australia[mfn]See summaries for each country in our Online Regulation Series Handbook here:[/mfn] as models for Mauritian regulation. Whilst those regulatory approaches all have significant shortcomings, the Mauritian approach appears much more drastic. However, Mauritius justifies the amendments to the ICT Act by criticising perceived big tech platforms’ lack of compliance with Mauritian legal requests and their lack of content moderation capacity in the local creole language. Whilst the shortcomings of tech companies regarding content moderation in the Global South are well documented,[mfn]See, for example: Rest of World Staff (November 2021), Why the rest of the world shrugged at the Facebook Papers, Rest of World.[/mfn] the specific reasoning behind these proposals has been questioned by researchers who assess, on the basis of tech company transparency reports, that large platforms do seem to take action on requests from the Mauritian Government.[mfn]Msisegwa, Daniel, (May 2021), Mauritius Social Media Regulation Proposal Centres State-led Censorship, CIPESA[/mfn]

Global civil society criticism: risks to privacy and “administrative censorship”

Several civil society groups have warned against the proposed amendments to the ICT Act. In an open letter, a number of global digital rights groups led by AccessNow warned that the amendments would render the law non-compliant with Mauritius’ commitments under human rights law.[mfn]AccessNow et al (May 2021), Joint civil society statement in response to the Information & Telecommunications Authority Consultation paper on proposed amendments to the ICT Act for regulating the use and addressing the abuse and misuse of Social Media in Mauritius, AccessNow.[/mfn] This is due to the law’s wide scope in vowing to remove “harmful” content without further defining the term, which according to the group violates the principle enshrined in Article 19 of the International Covenant on Civil and Political Rights (ICCPR) concerning the need for clarity and predictability in assessing legality. The group also warned against instruments seeking to decrypt traffic data (measures the group called “unprecedented” and “distressing”) and which further risk violating Article 17, concerning the right to privacy. The group further warned about the risks to information security associated with violating encryption. For more of Tech Against Terrorism’s research in this area, see our report on “Terrorist Use of End-to-End Encryption: State of Play, Misconceptions, and Mitigation Strategies”.

Lastly, the group cautioned against the risks of “administrative censorship” that could result from the law. The group argued that the authority of the NDEC – an administrative body – to determine the illegality of content illegality, as opposed to a judicial body, could lead to the over-zealous restriction of speech. This is partly because administrative bodies may have more incentive to reach conclusions favourable to the incumbent government than does an independent tribunal. The group highlighted that this is in violation of international norms advanced by the Special Procedures of the UN Human Rights Council and of the Manila Principles for Intermediary Liability.

Likewise, a group of scholars from the Free Speech Project – a joint initiative between online magazine Slate and American University – criticised the measures and explicitly stated their concern about the lack of judicial oversight in the proposed amendments.[mfn]FJELD, Jessica, MEETARBHAN, Milan, NAGY, Adam, TEHWARI, Shreya (20 May 2021), Mauritius Is Considering an Unprecedented Attack on Online Freedom, Slate[/mfn] Furthermore, the scholars assessed that the amendments continue the Mauritian Government’s growing habit of encroachment on online freedom of expression and digital rights, which commenced with the amendments made to the ICT Act in 2018 which made the sharing of “obscene” or “indecent” content punishable with up to 10 years in prison.