A version of this article was published on Koliwe Majama's blog.
General elections were held on 30 July 2018 in Zimbabwe to elect the President and members of both houses of Parliament. On 1st August, the Electoral Commission released results which showed that the ruling party ZANU-PF had won the majority of seats in parliament. On 3rd August, the Commission declared incumbent President Emmerson Mnangagwa the winner. Elections came at a politically tense time for Zimbabwe, following the ousting of Robert Mugabe, who ruled the country for more than 30 years.
Riots erupted last week in Harare as election results delayed, prompting concerns of internet censorship events being triggered.
Internet censorship has been measured in Zimbabwe all along (since 2016) and OONI data hadn’t shown any signs of internet censorship, until a tweet caught our attention.
Zimelection.com is an independent, citizen-led organization, based out of the UK. Their initial goal was to encourage Zimbabweans to vote, but expanded their activities to include election information, news, and education as well. They also made the voters’ roll available online, but removed all personal data from their site on 5th August 2018, after the elections.
We ran OONI Probe in Zimbabwe to test the potential blocking of zimelection.com across multiple ISPs. As part of our testing, we collected conclusive evidence on the TCP/IP blocking of zimelection.com by state-owned Internet Service Provider (ISP), TelOne.
Blocking of zimelection.com
We tested zimelection.com across multiple networks through the use of OONI Probe, which is software designed to measure the blocking of websites.
Network measurement data collected from OONI Probe tests suggests that TelOne (AS37204) blocked access to zimelection.com by means of TCP/IP blocking.
We tested zimelection.com multiple times from TelOne, an ISP wholly owned by the Zimbabwean government. All measurements consistently presented the same TCP/IP anomalies and our findings were further corroborated by the fact that RIPE Atlas data did not show any local or global routing issues. We were also unable to access zimelection.com from TelOne. All other OONI network measurements collected from TelOne show that all other tested websites were accessible, strongly suggesting that zimelection.com was in fact blocked.
Based on traceroute measurements, we were able to better understand the means through which the blocking of zimelection.com was carried out.
In particular, we can see that a TCP traceroute to the IP address hosting zimelection.com, 185.20.50.158 on port 443, shows packets all the way to the second to last hop:
Based on our traceroutes, it seems that the blocking is targeting the IP address hosting zimelection.com and that the blocking occurred on the reverse path (i.e. packets are reaching the IP of zimelection.com, but what is blocked is the response).
We didn’t notice any blocking on IP addresses in a close range, making it very unlikely that this is some form of network failure affecting that particular network:
Moreover, we found more than 1,700 domains hosted on the same IP address as zimelection.com, suggesting that the blocking of this IP address may have led to collateral damage, blocking many other unrelated websites.
The fact that many other websites are hosted on this same IP address also means that the owners of zimelection.com are very unlikely to have implemented server-side blocking, since they probably don’t have access to firewall settings (and other IPs in the same range of the same provider don’t show evidence of blocking), further consolidating the theory that zimelection.com was intentionally blocked.
It’s worth highlighting that OONI data shows that zimelection.com was accessible in other Zimbabwean networks (such as mobile operator NetOne). This may suggest that independent Zimbabwean ISPs didn’t receive government orders to block zimelection.com.
We reached out to the owners of zimelection.com and they provided us the following statement:
“Section 21(1) of the Electoral Act states that every voters’ roll shall be a public document, open to inspection by the public, free of charge. The block on our website is in breach of section 62 of the Constitution of Zimbabwe […] We would like to call upon TelOne to immediately remove the block on our website.”
Moreover, they agreed to take down the electoral roll documents containing personal information prior to the publication of this report.
Zimbabwe Electoral Commission (ZEC) site unavailable
The site of the Zimbabwe Electoral Commission (ZEC), which is hosted on a .zw domain, showed a “404 Not Found” error in the days following the elections (but has now been restored).
This could be due to content removal, a domain takeover, or technical issues triggered, for example, by too much traffic towards the website or some malicious activity (hacking).
A possible domain takeover may be suggested by the domain’s DNS SOA record, which has “2018080211” as a serial number and which is a human-edited field. It’s common practice though to set it to the date of the last DNS zone modification, so it may not necessarily be a domain takeover.
On the other hand, the SSL certificate presented for www.zec.org.zw has been valid since 23rd May 2018. This suggests that the entity currently controlling the domain name and IP addresses behind it have SSL certificate files which were issued and cryptographically signed more than two months ago.
Yesterday, Qurium reported that the Zimbabwe Electoral Commission (ZEC) site was in fact defaced. Their forensic investigation confirms that the site was defaced on the evening of 1st August 2018 by an attacker using the nick zim4thewin. They note that the defacement of the site was a protest against military actions during the riots.
Conclusion
This is probably the first time that OONI Probe captures evidence of internet censorship in Zimbabwe.
Almost daily OONI network measurements have been collected from various networks in Zimbabwe over the last year (with many measurements having been collected since 2016), none of which showed signs of internet censorship, until now.
The general elections last week (on 30th July 2018) came at a politically tense time for Zimbabwe, following the ousting of Robert Mugabe – who governed the country for more than three decades – in late 2017. Incumbent President Emmerson Mnangagwa has since governed the country, leading the Zimbabwe African National Union – Patriotic Front (ZANU-PF), which was previously led by Mugabe and which has ruled the country since independence in 1980.
ZANU-PF won most seats in parliament, but the announcement of the presidential vote was delayed, spurring violent riots in Harare amid concerns that the results were being rigged. Even European Union election monitors questioned the delay in announcing the presidential vote. Last week, the presidential vote was announced with Mnangagwa narrowly winning the presidential poll.
As political events unfold, more censorship events may emerge. This study can be expanded upon through the use of OONI Probe and OONI data.
Acknowledgements
This report was produced in collaboration with Natasha Msonza, Digital Society of Zimbabwe , Kuda Hove, MISA Zimbabwe and the Open Observatory of Network Interference Team.
Image credit: Thomas Hawk, "Censorship", via Flickr Commons.