Telenor Group is violating European Union (EU) and Norwegian sanctions on Myanmar by having installed and maintained a Lawful Interception Gateway (LIG), which it is now proceeding to transfer to a military-linked company.

Telenor purchased the LIG from the Germany company, Utimaco, and is the legal owner of the system, according to documents leaked to Justice For Myanmar.

Huawei, through its Singapore subsidiary, brokered the purchase of the Utimaco LIG and imported it into Myanmar. Utimaco has provided technical assistance via Huawei, keeping the relationship with Telenor Myanmar indirect.

Leaked documents show that the LIG was delivered to Myanmar in February 2018 and installed and integrated into Telenor’s system by May 2018. The LIG was then connected to a state monitoring centre in mid-2020, with remote support from Utimaco.

Once activated, the LIG will enable the terrorist military junta to simultaneously monitor the content of communication on the Telenor network through the Ministry of Home Affairs. This will violate the right to privacy on a large scale and likely result in further arrests, torture and killings by the military junta.

In September, Telenor stated that they have not yet activated the LIG because doing so would breach EU and Norwegian sanctions, and that they therefore have to exit Myanmar to prevent a sanctions breach.

However, Justice For Myanmar contends that Telenor has already breached EU and Norwegian sanctions by installing and maintaining the LIG.

Telenor will further violate EU sanctions by transferring the Utimaco LIG to a consortium led by the military-linked company, Shwe Byain Phyu. The minority shareholder will be M1 Group, a Lebanese company with a long history of complicity with authoritarian regimes.

In April 2018, following the Myanmar military’s genocide against the Rohingya, the EU strengthened sanctions to include surveillance technology.

Under Article 3.1 of EU restrictive measures, “The sale, supply, transfer or export of equipment, technology or software intended primarily for use in the monitoring or interception by the Government of Myanmar/Burma, or on its behalf, of the internet and of telephone communications on mobile or fixed networks in Myanmar/Burma, including the provision of any telecommunication or internet monitoring or interception services of any kind, as well as the provision of financial and technical assistance to install, operate or update such equipment, technology or software, by nationals of Member States or from the territories of Member States shall be prohibited.”

Norway has aligned with EU sanctions on Myanmar.

A Telenor spokesperson did not respond to questions from Justice For Myanmar regarding the transfer of the Utimaco LIG and whether the company has Norwegian government approval under sanctions regulations.

In an email to Justice For Myanmar, a Telenor spokesperson stated, “A key reason why Telenor is selling Telenor Myanmar is that we cannot activate intercept equipment, which all operators are required to. This situation is extreme and difficult, with significant challenges. Telenor must ensure its exit happens in a manner that does not increase the security risk for our employees, and that remains our key priority now. Telenor is awaiting regulatory approval for the sale to M1 Group, and beyond this we do not have any further comments.”

Utimaco is also likely to have violated EU sanctions by having provided indirect technical assistance for Telenor Myanmar’s LIG after sanctions were strengthened in April 2018, and would further violate sanctions if they approve Telenor’s transfer of the LIG.

Utimaco denies having provided any support after April 27, 2018. In an email to Justice For Myanmar, the company stated, “Utimaco has never conducted direct business with one of the mobile network operators in Myanmar. With the introduction of EU export regulation (Council Regulation (EU) 2018/647) which was published on 27 April 2018, Utimaco informed its international business partners that Utimaco ends all activities regarding partner projects in Myanmar. In compliance with EU export law, Utimaco has also not delivered any products or services nor provided any support via indirect partners in Myanmar since then.”

Utimaco did not respond to questions regarding Telenor’s imminent transfer of an Utimaco LIG to Shwe Byain Phyu and M1 Group.

The Utimaco LIG replaced an earlier LIG from the US company, SS8. The SS8 LIG may also be transferred as part of the Telenor Myanmar sale. SS8 did not respond to questions from Justice For Myanmar.

Justice For Myanmar spokesperson Yadanar Maung says: “Telenor Group is showing a blatant disregard for the lives of Myanmar people and violating EU sanctions.

“It is Telenor Group that imported and installed dangerous surveillance technology into Myanmar. Telenor Group and its majority owners, the Norwegian government, must now take responsibility for it.

“By transferring surveillance technology to the military-linked company, Shwe Byain Phyu, Telenor will embolden the terrorist Myanmar military junta, providing capabilities to chase down, torture and kill activists, human rights defenders, humanitarian workers and journalists.

“Shwe Byain Phyu should be sanctioned as a significant business partner of the Myanmar military, not put in charge of a mobile operator, dangerous surveillance technology and the historical call data of 18 million people.

“We call on the Norwegian and German governments to take immediate action to halt the sale and investigate Telenor Group and Utimaco for violating EU sanctions on Myanmar.”

More information:

Access our investigation into Shwe Byain Phyu on the JFM website.

For more on M1 Group, see our feature.

Norway and Telenor could be held responsible under international law for human rights abuses resulting from Myanmar deal, according to a legal memo from barristers Doctor Felicity Gerry QC and Daye Gang

Download PDF: English‍